fluxcd
/
helm-controller
mirror of https://github.com/fluxcd/helm-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fuzzing: Initial commit 

Signed-off-by: AdamKorcz <adam@adalogics.com>
This commit is contained in:
AdamKorcz 2021-10-01 13:28:05 +01:00 committed by Paulo Gomes
parent 0246b7d42a
commit c4d512399c
No known key found for this signature in database
GPG Key ID: 9995233870E99BEE
2 changed files with 168 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
fuzz/Dockerfile Normal file
View File

@ -0,0 +1,21 @@
FROM golang:1.16-buster as builder
RUN apt-get update && apt-get install -y clang git
RUN git clone --branch fuzz1 --depth 1 https://github.com/AdamKorcz/helm-controller /helm-controller
COPY fuzz.go /helm-controller/controllers/
RUN cd /helm-controller/controllers \
&& go get github.com/AdaLogics/go-fuzz-headers
RUN cd / \
&& go get -u github.com/mdempsky/go114-fuzz-build
RUN mkdir /fuzzers
RUN cd /helm-controller/controllers \
&& go114-fuzz-build -o FuzzHelmreleaseComposeValues.a -func FuzzHelmreleaseComposeValues . \
&& clang -o /fuzzers/FuzzHelmreleaseComposeValues FuzzHelmreleaseComposeValues.a -fsanitize=fuzzer
RUN cd /helm-controller/controllers \
&& go114-fuzz-build -o FuzzHelmreleasereconcile.a -func FuzzHelmreleasereconcile . \
&& clang -o /fuzzers/FuzzHelmreleasereconcile FuzzHelmreleasereconcile.a -fsanitize=fuzzer
# Uncomment here to run the fuzzer
#RUN /fuzzers/FuzzHelmreleaseComposeValues

147
fuzz/fuzz.go Normal file
View File

@ -0,0 +1,147 @@
//go:build gofuzz
// +build gofuzz
/*
Copyright 2020 The Flux authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package controllers
import (
"context"
v2 "github.com/fluxcd/helm-controller/api/v2beta1"
"github.com/go-logr/logr"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
"sigs.k8s.io/controller-runtime/pkg/log"
"sync"
fuzz "github.com/AdaLogics/go-fuzz-headers"
)
var (
initter sync.Once
scheme *runtime.Scheme
)
// An init function that is invoked by way of sync.Do
func initFunc() {
scheme = runtime.NewScheme()
err := corev1.AddToScheme(scheme)
if err != nil {
panic(err)
}
err = v2.AddToScheme(scheme)
if err != nil {
panic(err)
}
}
// FuzzHelmreleaseComposeValues implements a fuzzer
// that targets HelmReleaseReconciler.composeValues()
func FuzzHelmreleaseComposeValues(data []byte) int {
initter.Do(initFunc)
f := fuzz.NewConsumer(data)
hr := v2.HelmRelease{}
err := f.GenerateStruct(&hr)
if err != nil {
return 0
}
r, err := createReconciler(f)
if err != nil {
return 0
}
_, _ = r.composeValues(logr.NewContext(context.TODO(), log.NullLogger{}), hr)
return 1
}
// FuzzHelmreleasereconcile implements a fuzzer
// that targets HelmReleaseReconciler.reconcile()
func FuzzHelmreleasereconcile(data []byte) int {
initter.Do(initFunc)
f := fuzz.NewConsumer(data)
hr := v2.HelmRelease{}
err := f.GenerateStruct(&hr)
if err != nil {
return 0
}
r, err := createReconciler(f)
if err != nil {
return 0
}
_, _, _ = r.reconcile(logr.NewContext(context.TODO(), log.NullLogger{}), hr)
return 1
}
// Allows the fuzzer to create a reconciler
func createReconciler(f *fuzz.ConsumeFuzzer) (*HelmReleaseReconciler, error) {
// Get the type of object:
var resources []runtime.Object
r := &HelmReleaseReconciler{}
getSecret, err := f.GetBool()
if err != nil {
return r, err
}
name, err := f.GetString()
if err != nil {
return r, err
}
if getSecret {
inputMap := make(map[string][]byte)
err = f.FuzzMap(&inputMap)
if err != nil {
return r, err
}
resources = []runtime.Object{
valuesSecret(name, inputMap),
}
} else {
inputMap := make(map[string]string)
err = f.FuzzMap(&inputMap)
if err != nil {
return r, err
}
resources = []runtime.Object{
valuesConfigMap(name, inputMap),
}
}
c := fake.NewFakeClientWithScheme(scheme, resources...)
r.Client = c
return r, nil
}
// Taken from
// https://github.com/fluxcd/helm-controller/blob/main/controllers/helmrelease_controller_test.go#L282
func valuesSecret(name string, data map[string][]byte) *corev1.Secret {
return &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{Name: name},
Data: data,
}
}
// Taken from
// https://github.com/fluxcd/helm-controller/blob/main/controllers/helmrelease_controller_test.go#L289
func valuesConfigMap(name string, data map[string]string) *corev1.ConfigMap {
return &corev1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{Name: name},
Data: data,
}
}