fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for multiple fuzz sanitizers 

The oss-fuzz repository contains the configuration for fluxcd supported sanitizers.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
This commit is contained in:
Paulo Gomes 2022-02-15 16:57:38 +00:00
parent 69ae21be63
commit db0f033409
No known key found for this signature in database
GPG Key ID: 9995233870E99BEE
1 changed files with 24 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
tests/fuzz/oss_fuzz_build.sh
View File

@ -21,9 +21,7 @@ GOPATH="${GOPATH:-/root/go}"
GO_SRC="${GOPATH}/src" GO_SRC="${GOPATH}/src"
PROJECT_PATH="github.com/fluxcd/source-controller" PROJECT_PATH="github.com/fluxcd/source-controller"
cd "${GO_SRC}" pushd "${GO_SRC}/${PROJECT_PATH}"
pushd "${PROJECT_PATH}"
export TARGET_DIR="$(/bin/pwd)/build/libgit2/${LIBGIT2_TAG}" export TARGET_DIR="$(/bin/pwd)/build/libgit2/${LIBGIT2_TAG}"
@ -58,9 +56,7 @@ export CGO_LDFLAGS="$(pkg-config --libs --static --cflags libssh2 openssl libgit
go mod tidy -compat=1.17 go mod tidy -compat=1.17
popd pushd "tests/fuzz"
pushd "${PROJECT_PATH}/tests/fuzz"
# Setup files to be embedded into controllers_fuzzer.go's testFiles variable. # Setup files to be embedded into controllers_fuzzer.go's testFiles variable.
mkdir -p testdata/crd mkdir -p testdata/crd
@ -69,28 +65,31 @@ cp -r ../../controllers/testdata/certs testdata/
go mod tidy -compat=1.17 go mod tidy -compat=1.17
# ref: https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/compile_go_fuzzer # Using compile_go_fuzzer to compile fails when statically linking libgit2 dependencies
go-fuzz -tags gofuzz -func=FuzzRandomGitFiles -o gitrepository_fuzzer.a . # via CFLAGS/CXXFLAGS.
clang -o /out/fuzz_random_git_files \ function go_compile(){
gitrepository_fuzzer.a \ function=$1
"${TARGET_DIR}/lib/libgit2.a" \ fuzzer=$2
"${TARGET_DIR}/lib/libssh2.a" \
"${TARGET_DIR}/lib/libz.a" \
"${TARGET_DIR}/lib64/libssl.a" \
"${TARGET_DIR}/lib64/libcrypto.a" \
-fsanitize=fuzzer
go-fuzz -tags gofuzz -func=FuzzGitResourceObject -o fuzz_git_resource_object.a . if [[ $SANITIZER = *coverage* ]]; then
clang -o /out/fuzz_git_resource_object \ # ref: https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/compile_go_fuzzer
fuzz_git_resource_object.a \ compile_go_fuzzer "${PROJECT_PATH}/tests/fuzz" "${function}" "${fuzzer}"
"${TARGET_DIR}/lib/libgit2.a" \ else
"${TARGET_DIR}/lib/libssh2.a" \ go-fuzz -tags gofuzz -func="${function}" -o "${fuzzer}.a" .
"${TARGET_DIR}/lib/libz.a" \ ${CXX} ${CXXFLAGS} ${LIB_FUZZING_ENGINE} -o "${OUT}/${fuzzer}" \
"${TARGET_DIR}/lib64/libssl.a" \ "${fuzzer}.a" \
"${TARGET_DIR}/lib64/libcrypto.a" \ "${TARGET_DIR}/lib/libgit2.a" "${TARGET_DIR}/lib/libssh2.a" \
-fsanitize=fuzzer "${TARGET_DIR}/lib/libz.a" "${TARGET_DIR}/lib64/libssl.a" \
"${TARGET_DIR}/lib64/libcrypto.a" \
-fsanitize="${SANITIZER}"
fi
}
go_compile FuzzRandomGitFiles fuzz_gitrepository_fuzzer
go_compile FuzzGitResourceObject fuzz_git_resource_object
# By now testdata is embedded in the binaries and no longer needed. # By now testdata is embedded in the binaries and no longer needed.
rm -rf testdata/ rm -rf testdata/
popd popd
popd