Skip to content

Commit 5572b8a

Browse files
author
Paulo Gomes
committed
Refactor fuzzing
Structure the fuzz implementation to be closer to what go native will support. Add Makefile target to enable smoketesting fuzzers. Add smoketest as CI workflow. Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
1 parent c4d5123 commit 5572b8a

12 files changed

+299
-172
lines changed

.github/workflows/cifuzz.yaml

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
name: CIFuzz
2+
on:
3+
pull_request:
4+
branches:
5+
- main
6+
jobs:
7+
Fuzzing:
8+
runs-on: ubuntu-latest
9+
steps:
10+
- name: Checkout
11+
uses: actions/checkout@v2
12+
- name: Restore Go cache
13+
uses: actions/cache@v1
14+
with:
15+
path: /home/runner/work/_temp/_github_home/go/pkg/mod
16+
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
17+
restore-keys: |
18+
${{ runner.os }}-go-
19+
- name: Smoke test Fuzzers
20+
run: make fuzz-smoketest

.gitignore

+2-1
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@
55
*.so
66
*.dylib
77
bin
8-
testbin
98

109
# Test binary, build with `go test -c`
1110
*.test
@@ -22,3 +21,5 @@ testbin
2221
*.swp
2322
*.swo
2423
*~
24+
25+
build/

Makefile

+21-1
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,7 @@ GEN_CRD_API_REFERENCE_DOCS = $(shell pwd)/bin/gen-crd-api-reference-docs
113113
gen-crd-api-reference-docs:
114114
$(call go-install-tool,$(GEN_CRD_API_REFERENCE_DOCS),github.com/ahmetb/gen-crd-api-reference-docs@v0.3.0)
115115

116-
ENVTEST_ASSETS_DIR=$(shell pwd)/testbin
116+
ENVTEST_ASSETS_DIR=$(shell pwd)/build/testbin
117117
ENVTEST_KUBERNETES_VERSION?=latest
118118
install-envtest: setup-envtest
119119
mkdir -p ${ENVTEST_ASSETS_DIR}
@@ -137,3 +137,23 @@ GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\
137137
rm -rf $$TMP_DIR ;\
138138
}
139139
endef
140+
141+
# Build fuzzers
142+
fuzz-build:
143+
rm -rf $(shell pwd)/build/fuzz/
144+
mkdir -p $(shell pwd)/build/fuzz/out/
145+
146+
docker build . --tag local-fuzzing:latest -f tests/fuzz/Dockerfile.builder
147+
docker run --rm \
148+
-e FUZZING_LANGUAGE=go -e SANITIZER=address \
149+
-e CIFUZZ_DEBUG='True' -e OSS_FUZZ_PROJECT_NAME=fluxcd \
150+
-v "$(shell pwd)/build/fuzz/out":/out \
151+
local-fuzzing:latest
152+
153+
# Run each fuzzer once to ensure they are working
154+
fuzz-smoketest: fuzz-build
155+
docker run --rm \
156+
-v "$(shell pwd)/build/fuzz/out":/out \
157+
-v "$(shell pwd)/tests/fuzz/oss_fuzz_run.sh":/runner.sh \
158+
local-fuzzing:latest \
159+
bash -c "/runner.sh"

api/v2beta1/helmrelease_types.go

+4-2
Original file line numberDiff line numberDiff line change
@@ -820,8 +820,10 @@ func (in HelmReleaseStatus) GetHelmChart() (string, string) {
820820
if in.HelmChart == "" {
821821
return "", ""
822822
}
823-
split := strings.Split(in.HelmChart, string(types.Separator))
824-
return split[0], split[1]
823+
if split := strings.Split(in.HelmChart, string(types.Separator)); len(split) > 1 {
824+
return split[0], split[1]
825+
}
826+
return "", ""
825827
}
826828

827829
// HelmReleaseProgressing resets any failures and registers progress toward

fuzz/Dockerfile

-21
This file was deleted.

fuzz/fuzz.go

-147
This file was deleted.

tests/fuzz/Dockerfile.builder

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
FROM gcr.io/oss-fuzz-base/base-builder-go
2+
3+
COPY ./ $GOPATH/src/github.com/fluxcd/helm-controller/
4+
COPY ./tests/fuzz/oss_fuzz_build.sh $SRC/build.sh
5+
6+
WORKDIR $SRC

tests/fuzz/README.md

+45
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
# fuzz testing
2+
3+
Flux is part of Google's [oss fuzz] program which provides continuous fuzzing for
4+
open source projects.
5+
6+
The long running fuzzing execution is configured in the [oss-fuzz repository].
7+
Shorter executions are done on a per-PR basis, configured as a [github workflow].
8+
9+
For fuzzers to be called, they must be compiled within [oss_fuzz_build.sh](./oss_fuzz_build.sh).
10+
11+
### Testing locally
12+
13+
Build fuzzers:
14+
15+
```bash
16+
make fuzz-build
17+
```
18+
All fuzzers will be built into `./build/fuzz/out`.
19+
20+
Smoke test fuzzers:
21+
22+
```bash
23+
make fuzz-smoketest
24+
```
25+
26+
The smoke test runs each fuzzer once to ensure they are fully functional.
27+
28+
Run fuzzer locally:
29+
```bash
30+
./build/fuzz/out/fuzz_conditions_match
31+
```
32+
33+
Run fuzzer inside a container:
34+
35+
```bash
36+
docker run --rm -ti \
37+
-v "$(pwd)/build/fuzz/out":/out \
38+
gcr.io/oss-fuzz/fluxcd \
39+
/out/fuzz_conditions_match
40+
```
41+
42+
43+
[oss fuzz]: https://github.com/google/oss-fuzz
44+
[oss-fuzz repository]: https://github.com/google/oss-fuzz/tree/master/projects/fluxcd
45+
[github workflow]: .github/workflows/cifuzz.yaml

0 commit comments

Comments
 (0)