Skip to content

Commit 6dacad7

Browse files
author
Paulo Gomes
authored
Merge pull request #965 from pjbgf/fix-broken-fuzz
Migrate to Go Native fuzz and improve reliability
2 parents b2eb601 + c5ded6f commit 6dacad7

10 files changed

+600
-344
lines changed

ATTRIBUTIONS.md

+31
Original file line numberDiff line numberDiff line change
@@ -1199,3 +1199,34 @@ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
11991199
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
12001200
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
12011201
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1202+
1203+
----------------------------------------------------------------------
1204+
1205+
The built-in git_fs_path_basename_r() function is based on the
1206+
Android implementation, BSD licensed:
1207+
1208+
Copyright (C) 2008 The Android Open Source Project
1209+
All rights reserved.
1210+
1211+
Redistribution and use in source and binary forms, with or without
1212+
modification, are permitted provided that the following conditions
1213+
are met:
1214+
* Redistributions of source code must retain the above copyright
1215+
notice, this list of conditions and the following disclaimer.
1216+
* Redistributions in binary form must reproduce the above copyright
1217+
notice, this list of conditions and the following disclaimer in
1218+
the documentation and/or other materials provided with the
1219+
distribution.
1220+
1221+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1222+
AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
1223+
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
1224+
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
1225+
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
1226+
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
1227+
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
1228+
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
1229+
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
1230+
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
1231+
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1232+
SUCH DAMAGE.

Makefile

+20-11
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,11 @@ REPOSITORY_ROOT := $(shell git rev-parse --show-toplevel)
3333
BUILD_DIR := $(REPOSITORY_ROOT)/build
3434

3535
# Other dependency versions
36-
ENVTEST_BIN_VERSION ?= 1.19.2
36+
ENVTEST_BIN_VERSION ?= 1.24.0
37+
38+
# FUZZ_TIME defines the max amount of time, in Go Duration,
39+
# each fuzzer should run for.
40+
FUZZ_TIME ?= 1m
3741

3842
# Caches libgit2 versions per tag, "forcing" rebuild only when needed.
3943
LIBGIT2_PATH := $(BUILD_DIR)/libgit2/$(LIBGIT2_TAG)
@@ -134,7 +138,6 @@ tidy: ## Run go mod tidy
134138
fmt: ## Run go fmt against code
135139
go fmt ./...
136140
cd api; go fmt ./...
137-
cd tests/fuzz; go fmt .
138141

139142
vet: $(LIBGIT2) ## Run go vet against code
140143
go vet ./...
@@ -206,9 +209,9 @@ ifneq ($(shell grep -o 'LIBGIT2_IMG ?= \w.*' Makefile | cut -d ' ' -f 3):$(shell
206209
exit 1; \
207210
}
208211
endif
209-
ifneq ($(shell grep -o 'LIBGIT2_TAG ?= \w.*' Makefile | cut -d ' ' -f 3), $(shell grep -o "LIBGIT2_TAG=.*" tests/fuzz/oss_fuzz_build.sh | sed 's;LIBGIT2_TAG="$${LIBGIT2_TAG:-;;g' | sed 's;}";;g'))
212+
ifneq ($(shell grep -o 'LIBGIT2_TAG ?= \w.*' Makefile | cut -d ' ' -f 3), $(shell grep -o "LIBGIT2_TAG=.*" tests/fuzz/oss_fuzz_prebuild.sh | sed 's;LIBGIT2_TAG="$${LIBGIT2_TAG:-;;g' | sed 's;}";;g'))
210213
@{ \
211-
echo "LIBGIT2_TAG must match in both Makefile and tests/fuzz/oss_fuzz_build.sh"; \
214+
echo "LIBGIT2_TAG must match in both Makefile and tests/fuzz/oss_fuzz_prebuild.sh"; \
212215
exit 1; \
213216
}
214217
endif
@@ -232,26 +235,32 @@ rm -rf $$TMP_DIR ;\
232235
}
233236
endef
234237

235-
# Build fuzzers
238+
# Build fuzzers used by oss-fuzz.
236239
fuzz-build: $(LIBGIT2)
237-
rm -rf $(BUILD_DIR)/fuzz/
238-
mkdir -p $(BUILD_DIR)/fuzz/out/
240+
rm -rf $(shell pwd)/build/fuzz/
241+
mkdir -p $(shell pwd)/build/fuzz/out/
239242

240-
docker build . --pull --tag local-fuzzing:latest -f tests/fuzz/Dockerfile.builder
243+
docker build . --tag local-fuzzing:latest -f tests/fuzz/Dockerfile.builder
241244
docker run --rm \
242245
-e FUZZING_LANGUAGE=go -e SANITIZER=address \
243246
-e CIFUZZ_DEBUG='True' -e OSS_FUZZ_PROJECT_NAME=fluxcd \
244-
-v "$(BUILD_DIR)/fuzz/out":/out \
247+
-v "$(shell pwd)/build/fuzz/out":/out \
245248
local-fuzzing:latest
246249

250+
# Run each fuzzer once to ensure they will work when executed by oss-fuzz.
247251
fuzz-smoketest: fuzz-build
248252
docker run --rm \
249-
-v "$(BUILD_DIR)/fuzz/out":/out \
250-
-v "$(shell go env GOMODCACHE):/root/go/pkg/mod" \
253+
-v "$(shell pwd)/build/fuzz/out":/out \
251254
-v "$(shell pwd)/tests/fuzz/oss_fuzz_run.sh":/runner.sh \
252255
local-fuzzing:latest \
253256
bash -c "/runner.sh"
254257

258+
# Run fuzz tests for the duration set in FUZZ_TIME.
259+
fuzz-native:
260+
KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) \
261+
FUZZ_TIME=$(FUZZ_TIME) \
262+
./tests/fuzz/native_go_run.sh
263+
255264
# Creates an env file that can be used to load all source-controller's dependencies
256265
# this is handy when you want to run adhoc debug sessions on tests or start the
257266
# controller in a new debug session.

0 commit comments

Comments
 (0)