1
+ FROM golang:1.16-buster as builder
2
+
3
+ RUN echo "deb http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list \
4
+ && echo "deb-src http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list
5
+ RUN set -eux; \
6
+ apt-get update \
7
+ && apt-get install -y \
8
+ libgit2-dev/unstable \
9
+ zlib1g-dev/unstable \
10
+ libssh2-1-dev/unstable \
11
+ libpcre3-dev/unstable \
12
+ clang \
13
+ curl \
14
+ cmake \
15
+ vim \
16
+ zlib1g-dev \
17
+ && apt-get clean \
18
+ && apt-get autoremove --purge -y \
19
+ && rm -rf /var/lib/apt/lists/*
20
+
21
+ RUN git clone https://github.com/fluxcd/source-controller /workspace
22
+ WORKDIR /workspace
23
+
24
+ # BUILD STATIC DEPENDENCIES TO LINK WITH OUR FUZZER:
25
+
26
+ # Make dir for .a files
27
+ RUN mkdir /static_a_files
28
+
29
+ # Build libgit2
30
+ ARG LIBGIT2_VER=1.1.0
31
+ RUN curl -L https://github.com/libgit2/libgit2/releases/download/v$LIBGIT2_VER/libgit2-$LIBGIT2_VER.tar.gz -o /tmp/libgit2.tar.gz \
32
+ && cd /tmp \
33
+ && tar -xvf /tmp/libgit2.tar.gz \
34
+ && cd libgit2-1.1.0 \
35
+ && mkdir build && cd build \
36
+ && cmake .. -DBUILD_SHARED_LIBS=OFF \
37
+ && make \
38
+ && mv libgit2.a /static_a_files/
39
+
40
+ # Build openssl
41
+ ARG OPENSSL_VERSION=1.1.1g
42
+ ARG OPENSSL_HASH=ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46
43
+ RUN set -ex \
44
+ && curl -s -O https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz \
45
+ && echo "${OPENSSL_HASH} openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum -c \
46
+ && tar -xzf openssl-${OPENSSL_VERSION}.tar.gz \
47
+ && cd openssl-${OPENSSL_VERSION} \
48
+ && ./Configure linux-x86_64 no-shared --static \
49
+ && make \
50
+ && mv libcrypto.a /static_a_files/ \
51
+ && mv libssl.a /static_a_files/
52
+
53
+ # Build libssh2
54
+ RUN git clone https://github.com/libssh2/libssh2 \
55
+ && cd libssh2 \
56
+ && mkdir build \
57
+ && cd build \
58
+ && cmake .. -DBUILD_SHARED_LIBS=OFF \
59
+ && make \
60
+ && mv ./src/libssh2.a /static_a_files/
61
+
62
+ COPY fuzz.go /workspace/controllers/
63
+ RUN go mod download
64
+
65
+ RUN go get -u github.com/dvyukov/go-fuzz/go-fuzz@latest github.com/dvyukov/go-fuzz/go-fuzz-build@latest
66
+ RUN go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
67
+ RUN go get github.com/AdaLogics/go-fuzz-headers
68
+
69
+ RUN go mod download golang.org/x/sync
70
+ # A few fixes, see: https://github.com/dvyukov/go-fuzz/issues/325
71
+ RUN sed -i '23 a type X = fs.FileInfo\n ' /go/pkg/mod/k8s.io/client-go@v0.21.3/util/homedir/homedir.go
72
+ RUN sed -i '22 a "io/fs" \n ' /go/pkg/mod/k8s.io/client-go@v0.21.3/util/homedir/homedir.go
73
+
74
+
75
+ RUN mkdir /fuzzers
76
+ RUN cd /workspace && rm -r hack && rm -r docs \
77
+ && go mod download \
78
+ && go mod tidy \
79
+ && go get github.com/dvyukov/go-fuzz/go-fuzz-dep
80
+
81
+
82
+ # Build the fuzzers
83
+ RUN cd /workspace/controllers \
84
+ && go-fuzz-build -libfuzzer -func=FuzzStorageArchive\
85
+ && clang -o /fuzzers/FuzzStorageArchive reflect-fuzz.a \
86
+ /static_a_files/libgit2.a \
87
+ /static_a_files/libssh2.a \
88
+ /static_a_files/libssl.a \
89
+ /static_a_files/libcrypto.a \
90
+ -lz -lpcre -fsanitize=fuzzer
91
+
92
+ RUN cd /workspace/controllers \
93
+ && go-fuzz-build -libfuzzer -func=FuzzStorageCopy\
94
+ && clang -o /fuzzers/FuzzStorageCopy \
95
+ reflect-fuzz.a \
96
+ /static_a_files/libgit2.a \
97
+ /static_a_files/libssh2.a \
98
+ /static_a_files/libssl.a \
99
+ /static_a_files/libcrypto.a \
100
+ -lz -lpcre -fsanitize=fuzzer
101
+
102
+ RUN cd /workspace/controllers \
103
+ && go-fuzz-build -libfuzzer -func=FuzzRandomGitFiles\
104
+ && clang -o /fuzzers/FuzzRandomGitFiles \
105
+ reflect-fuzz.a \
106
+ /static_a_files/libgit2.a \
107
+ /static_a_files/libssh2.a \
108
+ /static_a_files/libssl.a \
109
+ /static_a_files/libcrypto.a \
110
+ -lz -lpcre -fsanitize=fuzzer
111
+
112
+ RUN cd /workspace/controllers \
113
+ && go-fuzz-build -libfuzzer -func=FuzzGitResourceObject\
114
+ && clang -o /fuzzers/FuzzGitResourceObject \
115
+ reflect-fuzz.a \
116
+ /static_a_files/libgit2.a \
117
+ /static_a_files/libssh2.a \
118
+ /static_a_files/libssl.a \
119
+ /static_a_files/libcrypto.a \
120
+ -lz -lpcre -fsanitize=fuzzer
121
+
122
+ RUN cd /workspace/controllers \
123
+ && go-fuzz-build -libfuzzer -func=FuzzHelmchartController\
124
+ && clang -o /fuzzers/FuzzHelmchartController \
125
+ reflect-fuzz.a \
126
+ /static_a_files/libgit2.a \
127
+ /static_a_files/libssh2.a \
128
+ /static_a_files/libssl.a \
129
+ /static_a_files/libcrypto.a \
130
+ -lz -lpcre -fsanitize=fuzzer
131
+
132
+
133
+ # The fuzzers can now be executed from /fuzzers/fuzzer_name.
134
+ # Uncomment below to run:
135
+ # RUN cd controllers && /fuzzers/FuzzRandomGitFiles
0 commit comments