Skip to content

Refactor Fuzz implementation#212

Merged
stefanprodan merged 2 commits intofluxcd:mainfrom
pjbgf-forks:fuzz
Jan 12, 2022
Merged

Refactor Fuzz implementation#212
stefanprodan merged 2 commits intofluxcd:mainfrom
pjbgf-forks:fuzz

Conversation

@pjbgf
Copy link
Copy Markdown
Member

@pjbgf pjbgf commented Jan 10, 2022

Following-up from the security audit, I reviewed the initial Fuzz PR and created this PR that supersedes it.

Main changes:

  • Structure the fuzz implementation to be closer to what fuzz testing might look like once leveraging the golang 1.18 built-in fuzz feature.
  • Add Makefile target to enable smoke testing fuzzers locally.
  • Add github workflow to test and upload crash results.
  • Add documentation and fix issue with the FuzzEventf target.

The changes aim to make it easier to test fuzzers locally. And decrease the amount of changes to adopt built-in support for fuzzing.

Oss-fuzz aims to add support to the golang native fuzzing once 1.18 is released officially.

@pjbgf pjbgf requested a review from hiddeco as a code owner January 10, 2022 13:10
@pjbgf pjbgf changed the title Refactor Fuzz implementation WIP: Refactor Fuzz implementation Jan 10, 2022
@pjbgf pjbgf changed the title WIP: Refactor Fuzz implementation Refactor Fuzz implementation Jan 10, 2022
@pjbgf pjbgf force-pushed the fuzz branch 2 times, most recently from 81793b0 to b728528 Compare January 10, 2022 17:01
@AdamKorcz
Fuzzing: Initial commit
283b5db 
Signed-off-by: AdamKorcz <adam@adalogics.com>
@pjbgf pjbgf force-pushed the fuzz branch 5 times, most recently from bc730e6 to bb09769 Compare January 11, 2022 15:45
@pjbgf pjbgf mentioned this pull request Jan 11, 2022
Open
hiddeco
hiddeco reviewed Jan 11, 2022
View reviewed changes
Comment thread .github/workflows/cifuzz.yaml Outdated
hiddeco
hiddeco approved these changes Jan 11, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@hiddeco hiddeco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me, thank you very much @pjbgf 🙇

stefanprodan
stefanprodan reviewed Jan 11, 2022
View reviewed changes
Comment thread runtime/events/events_fuzzer.go Outdated

if os.Getenv("KUBEBUILDER_ASSETS") == "" {
cmd := exec.Command("/usr/bin/bash", "-c", `go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest && \
/root/go/bin/setup-envtest use -p path 1.21.x`)
Copy link
Copy Markdown
Member

@stefanprodan stefanprodan Jan 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we move the Kubernetes version into the Makefile?

Copy link
Copy Markdown
Member Author

@pjbgf pjbgf Jan 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@stefanprodan good point. I changed it to use the value from ENVTEST_BIN_VERSION.
The default value of 1.23 is to keep the calls from oss-fuzz deterministic. PTAL

stefanprodan
stefanprodan reviewed Jan 11, 2022
View reviewed changes
Comment thread runtime/go.sum Outdated
github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ=
Copy link
Copy Markdown
Member

@stefanprodan stefanprodan Jan 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did we end up with 500 new dependencies in here?

@stefanprodan
Copy link
Copy Markdown
Member

stefanprodan commented Jan 11, 2022
edited
Loading

@pjbgf would it be possible to have a dedicated module for fuzz that imports all our packages and the fuzz specific ones? This would keep the runtime dependencies to a minimum.

@pjbgf
Copy link
Copy Markdown
Member Author

pjbgf commented Jan 11, 2022
edited
Loading

@pjbgf would it be possible to have a dedicated module for fuzz that imports all our packages and the fuzz specific ones? This would keep the runtime dependencies to a minimum.

Sure, will move them all to the fuzz directory and move them back at execution time.

Refactor fuzzing
ab49d7b 
Structure the fuzz implementation to be closer to what go native will support.
Add Makefile target to enable smoketesting fuzzers.
Add github workflow to test and upload crash results.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
@pjbgf pjbgf requested review from hiddeco and stefanprodan January 11, 2022 18:57
stefanprodan
stefanprodan approved these changes Jan 12, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @pjbgf 🏅

@stefanprodan stefanprodan added the area/ci CI related issues and pull requests label Jan 12, 2022
@stefanprodan stefanprodan merged commit cc5bf6a into fluxcd:main Jan 12, 2022
@stefanprodan stefanprodan mentioned this pull request Jan 12, 2022
Closed
@pjbgf pjbgf deleted the fuzz branch January 12, 2022 10:15
@stefanprodan stefanprodan mentioned this pull request Jan 19, 2022
Closed
24 tasks
@pjbgf pjbgf mentioned this pull request Feb 16, 2022
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stefanprodan stefanprodan stefanprodan approved these changes

@darkowlzz darkowlzz Awaiting requested review from darkowlzz

@hiddeco hiddeco Awaiting requested review from hiddeco

Assignees

No one assigned

Labels

area/ci CI related issues and pull requests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pjbgf @stefanprodan @hiddeco @AdamKorcz