feat: add dockerfile and script to perform fuzzing test on all swagger files and individual #4569
Conversation
|
Kudos, SonarCloud Quality Gate passed!
|
vli11
force-pushed
the
fuzz_docker_script
branch
from
68fae54 to
807f438
Compare
vli11
changed the title
Dockerfile.fuzz
Outdated
|
|
||
| RUN apk add --no-cache python3 py3-pip bash coreutils | ||
|
|
||
| RUN wget https://github.com/microsoft/restler-fuzzer/archive/refs/tags/v9.2.2.tar.gz |
There was a problem hiding this comment.
Sonarqube is flagging this line:
|
@vli11 , please add make targets for building and running .
|
Dockerfile.fuzz
Outdated
| RUN wget -q "https://github.com/microsoft/restler-fuzzer/archive/refs/tags/v9.2.2.tar.gz" | ||
| RUN tar -xvf v9.2.2.tar.gz && mv restler-fuzzer-9.2.2 restler-fuzzer |
There was a problem hiding this comment.
combine these two runs and delete gz file after mv
There was a problem hiding this comment.
Actually, it is more efficient to just pipe the wget output into tar directly, and use tar options to manipulate the target directory
WORKDIR /restler-fuzzer
RUN wget -q -O - (url.tar.gz) | tar xz --strip-components 1 && mkdir restler_bin`
Dockerfile.fuzz
Outdated
| RUN cd restler-fuzzer; mkdir -p restler_bin | ||
| WORKDIR /restler-fuzzer |
There was a problem hiding this comment.
| RUN cd restler-fuzzer; mkdir -p restler_bin | |
| WORKDIR /restler-fuzzer |
Combined into previous statement
Dockerfile.fuzz
Outdated
| RUN wget -q "https://github.com/microsoft/restler-fuzzer/archive/refs/tags/v9.2.2.tar.gz" && \ | ||
| tar -xvf v9.2.2.tar.gz && \ | ||
| mv restler-fuzzer-9.2.2 restler-fuzzer && \ | ||
| rm v9.2.2.tar.gz && \ | ||
| cd restler-fuzzer && \ | ||
| mkdir -p restler_bin | ||
|
|
||
| WORKDIR /restler-fuzzer |
There was a problem hiding this comment.
| RUN wget -q "https://github.com/microsoft/restler-fuzzer/archive/refs/tags/v9.2.2.tar.gz" && \ | |
| tar -xvf v9.2.2.tar.gz && \ | |
| mv restler-fuzzer-9.2.2 restler-fuzzer && \ | |
| rm v9.2.2.tar.gz && \ | |
| cd restler-fuzzer && \ | |
| mkdir -p restler_bin | |
| WORKDIR /restler-fuzzer | |
| WORKDIR /restler-fuzzer | |
| RUN wget -q -O - "https://github.com/microsoft/restler-fuzzer/archive/refs/tags/v9.2.2.tar.gz" | \ | |
| tar xvf - --strip-components 1 && \ | |
| mkdir -p restler_bin |
|
@vli11 You will have to squash and rebase this PR due to the Semantic PR check failing. |
feat: add dockerfile and script to perform fuzzing test on all swagger files and individual Closes: edgexfoundry#4568 Signed-off-by: Valina Li <[email protected]>
vli11
force-pushed
the
fuzz_docker_script
branch
from
a0e06c8 to
00c7f83
Compare
Signed-off-by: Valina Li <[email protected]>
@vli11 , Hado lint failing on your new docker file. |
FROM mcr.microsoft.com/dotnet/sdk:6.0-alpine hadolint error: DL3026 error: Use only an allowed registry in the FROM image; but docker hub does have this official image https://hub.docker.com/_/microsoft-dotnet-sdk/https://hub.docker.com/_/microsoft-dotnet-sdk/. any suggestions? @lenny-intel @bnevis-i |
I would ignore the error in .hadolint.yaml. https://github.com/edgexfoundry/edgex-go/blob/main/.hadolint.yml |
Signed-off-by: Valina Li <[email protected]>
i wonder what is the reason that Microsoft doesn't publish the latest version to Docker hub. maybe the one in docker hub is stable version |
Signed-off-by: Valina Li <[email protected]>
Because Microsoft has the better registry? (Probably true, it supports the latest OCI registry standards.) |
Signed-off-by: Valina Li <[email protected]>
Signed-off-by: Valina Li <[email protected]>
|
Kudos, SonarCloud Quality Gate passed!
|
If your build fails due to your commit message not passing the build checks, please review the guidelines here: https://github.com/edgexfoundry/edgex-go/blob/main/.github/Contributing.md
PR Checklist
Please check if your PR fulfills the following requirements:
BREAKING CHANGE:describing the break)Testing Instructions
to build:
docker build -f Dockerfile.fuzz -t fuzz-edgex-go:latest .to run:
docker run --net host -v $(pwd)/fuzz_results:/fuzz_results fuzz-edgex-go:latestNew Dependency Instructions (If applicable)