Skip to content

Commit 989895a

Browse files
committed
Fuzzing: Initial commit
Signed-off-by: AdamKorcz <adam@adalogics.com>
1 parent d7afc35 commit 989895a

File tree

2 files changed

+926
-0
lines changed

2 files changed

+926
-0
lines changed

fuzzing/Dockerfile

Lines changed: 135 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,135 @@
1+
FROM golang:1.16-buster as builder
2+
3+
RUN echo "deb http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list \
4+
&& echo "deb-src http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list
5+
RUN set -eux; \
6+
apt-get update \
7+
&& apt-get install -y \
8+
libgit2-dev/unstable \
9+
zlib1g-dev/unstable \
10+
libssh2-1-dev/unstable \
11+
libpcre3-dev/unstable \
12+
clang \
13+
curl \
14+
cmake \
15+
vim \
16+
zlib1g-dev \
17+
&& apt-get clean \
18+
&& apt-get autoremove --purge -y \
19+
&& rm -rf /var/lib/apt/lists/*
20+
21+
RUN git clone https://github.com/fluxcd/source-controller /workspace
22+
WORKDIR /workspace
23+
24+
# BUILD STATIC DEPENDENCIES TO LINK WITH OUR FUZZER:
25+
26+
# Make dir for .a files
27+
RUN mkdir /static_a_files
28+
29+
# Build libgit2
30+
ARG LIBGIT2_VER=1.1.0
31+
RUN curl -L https://github.com/libgit2/libgit2/releases/download/v$LIBGIT2_VER/libgit2-$LIBGIT2_VER.tar.gz -o /tmp/libgit2.tar.gz \
32+
&& cd /tmp \
33+
&& tar -xvf /tmp/libgit2.tar.gz \
34+
&& cd libgit2-1.1.0 \
35+
&& mkdir build && cd build \
36+
&& cmake .. -DBUILD_SHARED_LIBS=OFF \
37+
&& make \
38+
&& mv libgit2.a /static_a_files/
39+
40+
# Build openssl
41+
ARG OPENSSL_VERSION=1.1.1g
42+
ARG OPENSSL_HASH=ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46
43+
RUN set -ex \
44+
&& curl -s -O https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz \
45+
&& echo "${OPENSSL_HASH} openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum -c \
46+
&& tar -xzf openssl-${OPENSSL_VERSION}.tar.gz \
47+
&& cd openssl-${OPENSSL_VERSION} \
48+
&& ./Configure linux-x86_64 no-shared --static \
49+
&& make \
50+
&& mv libcrypto.a /static_a_files/ \
51+
&& mv libssl.a /static_a_files/
52+
53+
# Build libssh2
54+
RUN git clone https://github.com/libssh2/libssh2 \
55+
&& cd libssh2 \
56+
&& mkdir build \
57+
&& cd build \
58+
&& cmake .. -DBUILD_SHARED_LIBS=OFF \
59+
&& make \
60+
&& mv ./src/libssh2.a /static_a_files/
61+
62+
COPY fuzz.go /workspace/controllers/
63+
RUN go mod download
64+
65+
RUN go get -u github.com/dvyukov/go-fuzz/go-fuzz@latest github.com/dvyukov/go-fuzz/go-fuzz-build@latest
66+
RUN go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
67+
RUN go get github.com/AdaLogics/go-fuzz-headers
68+
69+
RUN go mod download golang.org/x/sync
70+
# A few fixes, see: https://github.com/dvyukov/go-fuzz/issues/325
71+
RUN sed -i '23 a type X = fs.FileInfo\n' /go/pkg/mod/k8s.io/client-go@v0.21.3/util/homedir/homedir.go
72+
RUN sed -i '22 a "io/fs" \n' /go/pkg/mod/k8s.io/client-go@v0.21.3/util/homedir/homedir.go
73+
74+
75+
RUN mkdir /fuzzers
76+
RUN cd /workspace && rm -r hack && rm -r docs \
77+
&& go mod download \
78+
&& go mod tidy \
79+
&& go get github.com/dvyukov/go-fuzz/go-fuzz-dep
80+
81+
82+
# Build the fuzzers
83+
RUN cd /workspace/controllers \
84+
&& go-fuzz-build -libfuzzer -func=FuzzStorageArchive\
85+
&& clang -o /fuzzers/FuzzStorageArchive reflect-fuzz.a \
86+
/static_a_files/libgit2.a \
87+
/static_a_files/libssh2.a \
88+
/static_a_files/libssl.a \
89+
/static_a_files/libcrypto.a \
90+
-lz -lpcre -fsanitize=fuzzer
91+
92+
RUN cd /workspace/controllers \
93+
&& go-fuzz-build -libfuzzer -func=FuzzStorageCopy\
94+
&& clang -o /fuzzers/FuzzStorageCopy \
95+
reflect-fuzz.a \
96+
/static_a_files/libgit2.a \
97+
/static_a_files/libssh2.a \
98+
/static_a_files/libssl.a \
99+
/static_a_files/libcrypto.a \
100+
-lz -lpcre -fsanitize=fuzzer
101+
102+
RUN cd /workspace/controllers \
103+
&& go-fuzz-build -libfuzzer -func=FuzzRandomGitFiles\
104+
&& clang -o /fuzzers/FuzzRandomGitFiles \
105+
reflect-fuzz.a \
106+
/static_a_files/libgit2.a \
107+
/static_a_files/libssh2.a \
108+
/static_a_files/libssl.a \
109+
/static_a_files/libcrypto.a \
110+
-lz -lpcre -fsanitize=fuzzer
111+
112+
RUN cd /workspace/controllers \
113+
&& go-fuzz-build -libfuzzer -func=FuzzGitResourceObject\
114+
&& clang -o /fuzzers/FuzzGitResourceObject \
115+
reflect-fuzz.a \
116+
/static_a_files/libgit2.a \
117+
/static_a_files/libssh2.a \
118+
/static_a_files/libssl.a \
119+
/static_a_files/libcrypto.a \
120+
-lz -lpcre -fsanitize=fuzzer
121+
122+
RUN cd /workspace/controllers \
123+
&& go-fuzz-build -libfuzzer -func=FuzzHelmchartController\
124+
&& clang -o /fuzzers/FuzzHelmchartController \
125+
reflect-fuzz.a \
126+
/static_a_files/libgit2.a \
127+
/static_a_files/libssh2.a \
128+
/static_a_files/libssl.a \
129+
/static_a_files/libcrypto.a \
130+
-lz -lpcre -fsanitize=fuzzer
131+
132+
133+
# The fuzzers can now be executed from /fuzzers/fuzzer_name.
134+
# Uncomment below to run:
135+
#RUN cd controllers && /fuzzers/FuzzRandomGitFiles

0 commit comments

Comments
 (0)