1+ FROM golang:1.16-buster as builder
2+
3+ RUN echo "deb http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list \
4+ && echo "deb-src http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list
5+ RUN set -eux; \
6+ apt-get update \
7+ && apt-get install -y \
8+ libgit2-dev/unstable \
9+ zlib1g-dev/unstable \
10+ libssh2-1-dev/unstable \
11+ libpcre3-dev/unstable \
12+ clang \
13+ curl \
14+ cmake \
15+ vim \
16+ zlib1g-dev \
17+ && apt-get clean \
18+ && apt-get autoremove --purge -y \
19+ && rm -rf /var/lib/apt/lists/*
20+
21+ RUN git clone https://github.com/fluxcd/source-controller /workspace
22+ WORKDIR /workspace
23+
24+ # BUILD STATIC DEPENDENCIES TO LINK WITH OUR FUZZER:
25+
26+ # Make dir for .a files
27+ RUN mkdir /static_a_files
28+
29+ # Build libgit2
30+ ARG LIBGIT2_VER=1.1.0
31+ RUN curl -L https://github.com/libgit2/libgit2/releases/download/v$LIBGIT2_VER/libgit2-$LIBGIT2_VER.tar.gz -o /tmp/libgit2.tar.gz \
32+ && cd /tmp \
33+ && tar -xvf /tmp/libgit2.tar.gz \
34+ && cd libgit2-1.1.0 \
35+ && mkdir build && cd build \
36+ && cmake .. -DBUILD_SHARED_LIBS=OFF \
37+ && make \
38+ && mv libgit2.a /static_a_files/
39+
40+ # Build openssl
41+ ARG OPENSSL_VERSION=1.1.1g
42+ ARG OPENSSL_HASH=ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46
43+ RUN set -ex \
44+ && curl -s -O https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz \
45+ && echo "${OPENSSL_HASH} openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum -c \
46+ && tar -xzf openssl-${OPENSSL_VERSION}.tar.gz \
47+ && cd openssl-${OPENSSL_VERSION} \
48+ && ./Configure linux-x86_64 no-shared --static \
49+ && make \
50+ && mv libcrypto.a /static_a_files/ \
51+ && mv libssl.a /static_a_files/
52+
53+ # Build libssh2
54+ RUN git clone https://github.com/libssh2/libssh2 \
55+ && cd libssh2 \
56+ && mkdir build \
57+ && cd build \
58+ && cmake .. -DBUILD_SHARED_LIBS=OFF \
59+ && make \
60+ && mv ./src/libssh2.a /static_a_files/
61+
62+ COPY fuzz.go /workspace/controllers/
63+ RUN go mod download
64+
65+ RUN go get -u github.com/dvyukov/go-fuzz/go-fuzz@latest github.com/dvyukov/go-fuzz/go-fuzz-build@latest
66+ RUN go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
67+ RUN go get github.com/AdaLogics/go-fuzz-headers
68+
69+ RUN go mod download golang.org/x/sync
70+ # A few fixes, see: https://github.com/dvyukov/go-fuzz/issues/325
71+ RUN sed -i '23 a type X = fs.FileInfo\n ' /go/pkg/mod/k8s.io/client-go@v0.21.3/util/homedir/homedir.go
72+ RUN sed -i '22 a "io/fs" \n ' /go/pkg/mod/k8s.io/client-go@v0.21.3/util/homedir/homedir.go
73+
74+
75+ RUN mkdir /fuzzers
76+ RUN cd /workspace && rm -r hack && rm -r docs \
77+ && go mod download \
78+ && go mod tidy \
79+ && go get github.com/dvyukov/go-fuzz/go-fuzz-dep
80+
81+
82+ # Build the fuzzers
83+ RUN cd /workspace/controllers \
84+ && go-fuzz-build -libfuzzer -func=FuzzStorageArchive\
85+ && clang -o /fuzzers/FuzzStorageArchive reflect-fuzz.a \
86+ /static_a_files/libgit2.a \
87+ /static_a_files/libssh2.a \
88+ /static_a_files/libssl.a \
89+ /static_a_files/libcrypto.a \
90+ -lz -lpcre -fsanitize=fuzzer
91+
92+ RUN cd /workspace/controllers \
93+ && go-fuzz-build -libfuzzer -func=FuzzStorageCopy\
94+ && clang -o /fuzzers/FuzzStorageCopy \
95+ reflect-fuzz.a \
96+ /static_a_files/libgit2.a \
97+ /static_a_files/libssh2.a \
98+ /static_a_files/libssl.a \
99+ /static_a_files/libcrypto.a \
100+ -lz -lpcre -fsanitize=fuzzer
101+
102+ RUN cd /workspace/controllers \
103+ && go-fuzz-build -libfuzzer -func=FuzzRandomGitFiles\
104+ && clang -o /fuzzers/FuzzRandomGitFiles \
105+ reflect-fuzz.a \
106+ /static_a_files/libgit2.a \
107+ /static_a_files/libssh2.a \
108+ /static_a_files/libssl.a \
109+ /static_a_files/libcrypto.a \
110+ -lz -lpcre -fsanitize=fuzzer
111+
112+ RUN cd /workspace/controllers \
113+ && go-fuzz-build -libfuzzer -func=FuzzGitResourceObject\
114+ && clang -o /fuzzers/FuzzGitResourceObject \
115+ reflect-fuzz.a \
116+ /static_a_files/libgit2.a \
117+ /static_a_files/libssh2.a \
118+ /static_a_files/libssl.a \
119+ /static_a_files/libcrypto.a \
120+ -lz -lpcre -fsanitize=fuzzer
121+
122+ RUN cd /workspace/controllers \
123+ && go-fuzz-build -libfuzzer -func=FuzzHelmchartController\
124+ && clang -o /fuzzers/FuzzHelmchartController \
125+ reflect-fuzz.a \
126+ /static_a_files/libgit2.a \
127+ /static_a_files/libssh2.a \
128+ /static_a_files/libssl.a \
129+ /static_a_files/libcrypto.a \
130+ -lz -lpcre -fsanitize=fuzzer
131+
132+
133+ # The fuzzers can now be executed from /fuzzers/fuzzer_name.
134+ # Uncomment below to run:
135+ # RUN cd controllers && /fuzzers/FuzzRandomGitFiles
0 commit comments