Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor Fuzz implementation #212

Merged
merged 2 commits into from
Jan 12, 2022
Merged

Refactor Fuzz implementation #212

merged 2 commits into from
Jan 12, 2022

Conversation

pjbgf
Copy link
Member

@pjbgf pjbgf commented Jan 10, 2022

Following-up from the security audit, I reviewed the initial Fuzz PR and created this PR that supersedes it.

Main changes:

  • Structure the fuzz implementation to be closer to what fuzz testing might look like once leveraging the golang 1.18 built-in fuzz feature.
  • Add Makefile target to enable smoke testing fuzzers locally.
  • Add github workflow to test and upload crash results.
  • Add documentation and fix issue with the FuzzEventf target.

The changes aim to make it easier to test fuzzers locally. And decrease the amount of changes to adopt built-in support for fuzzing.

Oss-fuzz aims to add support to the golang native fuzzing once 1.18 is released officially.

@pjbgf pjbgf requested a review from hiddeco as a code owner January 10, 2022 13:10
@pjbgf pjbgf changed the title Refactor Fuzz implementation WIP: Refactor Fuzz implementation Jan 10, 2022
@pjbgf pjbgf changed the title WIP: Refactor Fuzz implementation Refactor Fuzz implementation Jan 10, 2022
@pjbgf pjbgf force-pushed the fuzz branch 2 times, most recently from 81793b0 to b728528 Compare January 10, 2022 17:01
@AdamKorcz
Fuzzing: Initial commit
283b5db 
Signed-off-by: AdamKorcz <adam@adalogics.com>
@pjbgf pjbgf force-pushed the fuzz branch 5 times, most recently from bc730e6 to bb09769 Compare January 11, 2022 15:45
@pjbgf pjbgf mentioned this pull request Jan 11, 2022
Open
hiddeco
hiddeco approved these changes Jan 11, 2022
View reviewed changes
Copy link
Member

@hiddeco hiddeco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me, thank you very much @pjbgf 🙇

stefanprodan
stefanprodan reviewed Jan 11, 2022
View reviewed changes
runtime/events/events_fuzzer.go Outdated

if os.Getenv("KUBEBUILDER_ASSETS") == "" {
cmd := exec.Command("/usr/bin/bash", "-c", `go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest && \
/root/go/bin/setup-envtest use -p path 1.21.x`)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we move the Kubernetes version into the Makefile?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@stefanprodan good point. I changed it to use the value from ENVTEST_BIN_VERSION.
The default value of 1.23 is to keep the calls from oss-fuzz deterministic. PTAL

stefanprodan
stefanprodan reviewed Jan 11, 2022
View reviewed changes
runtime/go.sum Outdated
github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ=
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did we end up with 500 new dependencies in here?

@stefanprodan
Copy link
Member

stefanprodan commented Jan 11, 2022
edited
Loading

@pjbgf would it be possible to have a dedicated module for fuzz that imports all our packages and the fuzz specific ones? This would keep the runtime dependencies to a minimum.

@pjbgf
Copy link
Member Author

pjbgf commented Jan 11, 2022
edited
Loading

@pjbgf would it be possible to have a dedicated module for fuzz that imports all our packages and the fuzz specific ones? This would keep the runtime dependencies to a minimum.

Sure, will move them all to the fuzz directory and move them back at execution time.

Refactor fuzzing
ab49d7b 
Structure the fuzz implementation to be closer to what go native will support.
Add Makefile target to enable smoketesting fuzzers.
Add github workflow to test and upload crash results.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
stefanprodan
stefanprodan approved these changes Jan 12, 2022
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @pjbgf 🏅

@stefanprodan stefanprodan added the area/ci CI related issues and pull requests label Jan 12, 2022
@stefanprodan stefanprodan merged commit cc5bf6a into fluxcd:main Jan 12, 2022
@stefanprodan stefanprodan mentioned this pull request Jan 12, 2022
Closed
@pjbgf pjbgf deleted the fuzz branch January 12, 2022 10:15
@stefanprodan stefanprodan mentioned this pull request Jan 19, 2022
Closed
24 tasks
@pjbgf pjbgf mentioned this pull request Feb 16, 2022
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stefanprodan stefanprodan stefanprodan approved these changes

@darkowlzz darkowlzz Awaiting requested review from darkowlzz darkowlzz is a code owner

@hiddeco hiddeco Awaiting requested review from hiddeco hiddeco is a code owner

Assignees
No one assigned
Labels
area/ci CI related issues and pull requests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pjbgf @stefanprodan @hiddeco @AdamKorcz