Merge pull request #572 from pjbgf/new-fuzz

fluxcd · Feb 9, 2022 · 657f80b · 657f80b
2 parents e0d0344 + cd6d33c
commit 657f80b
Show file tree

Hide file tree

Showing 8 changed files with 680 additions and 3 deletions.
diff --git a/.github/workflows/cifuzz.yaml b/.github/workflows/cifuzz.yaml
@@ -0,0 +1,24 @@
+name: CIFuzz
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Restore Go cache
+      uses: actions/cache@v1
+      with:
+        path: /home/runner/work/_temp/_github_home/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
+    - name: Smoke test Fuzzers
+      run: make fuzz-smoketest
diff --git a/Makefile b/Makefile
@@ -178,7 +178,7 @@ install-envtest: setup-envtest ## Download envtest binaries locally.
 	mkdir -p ${ENVTEST_ASSETS_DIR}
 	$(ENVTEST) use $(ENVTEST_KUBERNETES_VERSION) --arch=$(ENVTEST_ARCH) --bin-dir=$(ENVTEST_ASSETS_DIR)
 # setup-envtest sets anything below k8s to 0555
-	chmod -R u+w $(BUILD_DIR)
+	chmod -R u+w $(BUILD_DIR)/testbin
 
 libgit2: $(LIBGIT2)  ## Detect or download libgit2 library
 
@@ -221,3 +221,24 @@ go install $(2) ;\
 rm -rf $$TMP_DIR ;\
 }
 endef
+
+# Build fuzzers
+fuzz-build: $(LIBGIT2)
+	rm -rf $(shell pwd)/build/fuzz/
+	mkdir -p $(shell pwd)/build/fuzz/out/
+
+# TODO: remove mapping of current libgit2 dir and pull binaries from release or build dependency chain on demand.
+	docker build . --tag local-fuzzing:latest -f tests/fuzz/Dockerfile.builder
+	docker run --rm \
+		-e FUZZING_LANGUAGE=go -e SANITIZER=address \
+		-e CIFUZZ_DEBUG='True' -e OSS_FUZZ_PROJECT_NAME=fluxcd \
+		-v "$(shell pwd)/build/fuzz/out":/out \
+		-v "$(shell pwd)/build/libgit2":"/root/go/src/github.com/fluxcd/source-controller/build/libgit2" \
+		local-fuzzing:latest
+
+fuzz-smoketest: fuzz-build
+	docker run --rm \
+		-v "$(shell pwd)/build/fuzz/out":/out \
+		-v "$(shell pwd)/tests/fuzz/oss_fuzz_run.sh":/runner.sh \
+		local-fuzzing:latest \
+		bash -c "/runner.sh"
diff --git a/controllers/suite_test.go b/controllers/suite_test.go
@@ -56,7 +56,7 @@ var exampleCA []byte
 var ctx context.Context
 var cancel context.CancelFunc
 
-const timeout = time.Second * 30
+const timeout = time.Second * 60
 
 func TestAPIs(t *testing.T) {
 	RegisterFailHandler(Fail)
@@ -161,7 +161,7 @@ var _ = BeforeSuite(func() {
 	Expect(k8sClient).ToNot(BeNil())
 
 	Eventually(done, timeout).Should(BeClosed())
-}, 60)
+}, timeout.Seconds())
 
 var _ = AfterSuite(func() {
 	cancel()

diff --git a/tests/fuzz/Dockerfile.builder b/tests/fuzz/Dockerfile.builder
@@ -0,0 +1,6 @@
+FROM gcr.io/oss-fuzz-base/base-builder-go
+
+COPY ./ $GOPATH/src/github.com/fluxcd/source-controller/
+COPY ./tests/fuzz/oss_fuzz_build.sh $SRC/build.sh
+
+WORKDIR $SRC