Add support for fuzzing tests using oss-fuzz-build.

Co-authored-by: Paulo Gomes <[email protected]> Co-authored-by: AdamKorcz <[email protected]> Signed-off-by: Sanskar Jaiswal <[email protected]>
fluxcd · Feb 11, 2022 · 1b3e04d · 1b3e04d
1 parent a348d9f
commit 1b3e04d
Show file tree

Hide file tree

Showing 9 changed files with 707 additions and 3 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1 +1 @@
-hack/libgit2/
+build/libgit2/
diff --git a/.github/workflows/cifuzz.yaml b/.github/workflows/cifuzz.yaml
@@ -0,0 +1,24 @@
+name: CIFuzz
+on:
+ pull_request:
+ branches:
+ - main
+
+permissions:
+ contents: read
+
+jobs:
+ Fuzzing:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+ - name: Restore Go cache
+ uses: actions/cache@v1
+ with:
+ path: /home/runner/work/_temp/_github_home/go/pkg/mod
+ key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+ restore-keys: |
+ ${{ runner.os }}-go-
+ - name: Smoke test Fuzzers
+ run: make fuzz-smoketest
diff --git a/Dockerfile b/Dockerfile
@@ -3,7 +3,7 @@ ARG GO_VERSION=1.17
 ARG XX_VERSION=1.1.0
 
 ARG LIBGIT2_IMG=ghcr.io/fluxcd/golang-with-libgit2
-ARG LIBGIT2_TAG=libgit2-1.1.1-6
+ARG LIBGIT2_TAG=libgit2-1.1.1-7
 
 FROM ${LIBGIT2_IMG}:${LIBGIT2_TAG} AS libgit2-libs
 

diff --git a/Makefile b/Makefile
@@ -8,7 +8,7 @@ CRD_OPTIONS ?= crd:crdVersions=v1
 
 # Base image used to build the Go binary
 LIBGIT2_IMG ?= ghcr.io/fluxcd/golang-with-libgit2
-LIBGIT2_TAG ?= libgit2-1.1.1-6
+LIBGIT2_TAG ?= libgit2-1.1.1-7
 
 # Allows for defining additional Docker buildx arguments,
 # e.g. '--push'.
@@ -236,6 +236,25 @@ ENVTEST = $(GOBIN)/setup-envtest
 setup-envtest: ## Download envtest-setup locally if necessary.
  $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
 
+# Build fuzzers
+fuzz-build: $(LIBGIT2)
+ rm -rf $(shell pwd)/build/fuzz/
+ mkdir -p $(shell pwd)/build/fuzz/out/
+
+ docker build . --tag local-fuzzing:latest -f tests/fuzz/Dockerfile.builder
+ docker run --rm \
+ -e FUZZING_LANGUAGE=go -e SANITIZER=address \
+ -e CIFUZZ_DEBUG='True' -e OSS_FUZZ_PROJECT_NAME=fluxcd \
+ -v "$(shell pwd)/build/fuzz/out":/out \
+ local-fuzzing:latest
+
+fuzz-smoketest: fuzz-build
+ docker run --rm \
+ -v "$(shell pwd)/build/fuzz/out":/out \
+ -v "$(shell pwd)/tests/fuzz/oss_fuzz_run.sh":/runner.sh \
+ local-fuzzing:latest \
+ bash -c "/runner.sh"
+
 # go-install-tool will 'go install' any package $2 and install it to $1.
 define go-install-tool
 @[ -f $(1) ] || { \

diff --git a/tests/fuzz/Dockerfile.builder b/tests/fuzz/Dockerfile.builder
@@ -0,0 +1,8 @@
+FROM gcr.io/oss-fuzz-base/base-builder-go
+
+RUN apt-get update && apt-get install -y cmake pkg-config
+
+COPY ./ $GOPATH/src/github.com/fluxcd/image-automation-controller/
+COPY ./tests/fuzz/oss_fuzz_build.sh $SRC/build.sh
+
+WORKDIR $SRC
diff --git a/tests/fuzz/go.mod b/tests/fuzz/go.mod
@@ -0,0 +1,3 @@
+module github.com/fluxcd/image-automation-controller/tests/fuzz
+
+go 1.17