Refactor fuzzing

Structure the fuzz implementation to be closer to what go native will support.
Add Makefile target to enable smoketesting fuzzers.
Add smoketest as CI workflow.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>

Author: Paulo Gomes

.github/workflows/cifuzz.yaml

@@ -0,0 +1,20 @@
+name: CIFuzz
+on:
+  pull_request:
+    branches:
+      - main
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Restore Go cache
+      uses: actions/cache@v1
+      with:
+        path: /home/runner/work/_temp/_github_home/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
+    - name: Smoke test Fuzzers
+      run: make fuzz-smoketest

.gitignore

@@ -5,7 +5,6 @@
 *.so
 *.dylib
 bin
-testbin
 
 # Test binary, build with `go test -c`
 *.test
@@ -22,3 +21,5 @@ testbin
 *.swp
 *.swo
 *~
+
+build/

Makefile

@@ -113,7 +113,7 @@ GEN_CRD_API_REFERENCE_DOCS = $(shell pwd)/bin/gen-crd-api-reference-docs
 gen-crd-api-reference-docs:
 	$(call go-install-tool,$(GEN_CRD_API_REFERENCE_DOCS),github.com/ahmetb/gen-crd-api-reference-docs@v0.3.0)
 
-ENVTEST_ASSETS_DIR=$(shell pwd)/testbin
+ENVTEST_ASSETS_DIR=$(shell pwd)/build/testbin
 ENVTEST_KUBERNETES_VERSION?=latest
 install-envtest: setup-envtest
 	mkdir -p ${ENVTEST_ASSETS_DIR}
@@ -137,3 +137,23 @@ GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\
 rm -rf $$TMP_DIR ;\
 }
 endef
+
+# Build fuzzers
+fuzz-build:
+	rm -rf $(shell pwd)/build/fuzz/
+	mkdir -p $(shell pwd)/build/fuzz/out/
+
+	docker build . --tag local-fuzzing:latest -f tests/fuzz/Dockerfile.builder
+	docker run --rm \
+		-e FUZZING_LANGUAGE=go -e SANITIZER=address \
+		-e CIFUZZ_DEBUG='True' -e OSS_FUZZ_PROJECT_NAME=fluxcd \
+		-v "$(shell pwd)/build/fuzz/out":/out \
+		local-fuzzing:latest
+
+# Run each fuzzer once to ensure they are working
+fuzz-smoketest: fuzz-build
+	docker run --rm \
+		-v "$(shell pwd)/build/fuzz/out":/out \
+		-v "$(shell pwd)/tests/fuzz/oss_fuzz_run.sh":/runner.sh \
+		local-fuzzing:latest \
+		bash -c "/runner.sh"

api/v2beta1/helmrelease_types.go

@@ -820,8 +820,10 @@ func (in HelmReleaseStatus) GetHelmChart() (string, string) {
 	if in.HelmChart == "" {
 		return "", ""
 	}
-	split := strings.Split(in.HelmChart, string(types.Separator))
-	return split[0], split[1]
+	if split := strings.Split(in.HelmChart, string(types.Separator)); len(split) > 1 {
+		return split[0], split[1]
+	}
+	return "", ""
 }
 
 // HelmReleaseProgressing resets any failures and registers progress toward

fuzz/Dockerfile

@@ -0,0 +1,6 @@
+FROM gcr.io/oss-fuzz-base/base-builder-go
+
+COPY ./ $GOPATH/src/github.com/fluxcd/helm-controller/
+COPY ./tests/fuzz/oss_fuzz_build.sh $SRC/build.sh
+
+WORKDIR $SRC

fuzz/fuzz.go

@@ -0,0 +1,45 @@
+# fuzz testing
+
+Flux is part of Google's [oss fuzz] program which provides continuous fuzzing for 
+open source projects. 
+
+The long running fuzzing execution is configured in the [oss-fuzz repository].
+Shorter executions are done on a per-PR basis, configured as a [github workflow].
+
+For fuzzers to be called, they must be compiled within [oss_fuzz_build.sh](./oss_fuzz_build.sh).
+
+### Testing locally
+
+Build fuzzers:
+
+```bash
+make fuzz-build
+```
+All fuzzers will be built into `./build/fuzz/out`. 
+
+Smoke test fuzzers:
+
+```bash
+make fuzz-smoketest
+```
+
+The smoke test runs each fuzzer once to ensure they are fully functional.
+
+Run fuzzer locally:
+```bash
+./build/fuzz/out/fuzz_conditions_match
+```
+
+Run fuzzer inside a container:
+
+```bash
+	docker run --rm -ti \
+		-v "$(pwd)/build/fuzz/out":/out \
+		gcr.io/oss-fuzz/fluxcd \
+		/out/fuzz_conditions_match
+```
+
+
+[oss fuzz]: https://github.com/google/oss-fuzz
+[oss-fuzz repository]: https://github.com/google/oss-fuzz/tree/master/projects/fluxcd
+[github workflow]: .github/workflows/cifuzz.yaml