github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #7065 from kzys/fuzz-quiet

Browse Source 
Make CI Fuzz less noisy
This commit is contained in:
Kazuyoshi Kato 2022-06-20 19:01:45 -07:00 committed by GitHub
commit 16992a4a2e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 96 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
contrib/fuzz/archive_fuzzer.go
View File

@ -22,15 +22,25 @@ import (
"os" "os"
fuzz "github.com/AdaLogics/go-fuzz-headers" fuzz "github.com/AdaLogics/go-fuzz-headers"
"github.com/sirupsen/logrus"
"github.com/containerd/containerd/archive" "github.com/containerd/containerd/archive"
"github.com/containerd/containerd/content/local" "github.com/containerd/containerd/content/local"
imageArchive "github.com/containerd/containerd/images/archive" imageArchive "github.com/containerd/containerd/images/archive"
"github.com/containerd/containerd/log"
) )
// FuzzApply implements a fuzzer that applies // FuzzApply implements a fuzzer that applies
// a fuzzed tar archive on a directory // a fuzzed tar archive on a directory
func FuzzApply(data []byte) int { func FuzzApply(data []byte) int {
ctx := context.Background()
// Apply() is logging the below message, which is too noisy and not really useful
// if the input is random.
//
// level=warning msg="ignored xattr ... in archive" error="operation not supported"
log.G(ctx).Logger.SetLevel(logrus.PanicLevel)
f := fuzz.NewConsumer(data) f := fuzz.NewConsumer(data)
iters, err := f.GetInt() iters, err := f.GetInt()
if err != nil { if err != nil {
@ -48,7 +58,7 @@ func FuzzApply(data []byte) int {
return 0 return 0
} }
r := bytes.NewReader(rBytes) r := bytes.NewReader(rBytes)
_, _ = archive.Apply(context.Background(), tmpDir, r) _, _ = archive.Apply(ctx, tmpDir, r)
} }
return 1 return 1
} }

47
contrib/fuzz/oss_fuzz_build.sh
View File

@ -16,11 +16,29 @@
set -o nounset set -o nounset
set -o pipefail set -o pipefail
set -o errexit set -o errexit
set -x
IFS=$'\n'
compile_fuzzers() {
local regex=$1
local compile_fuzzer=$2
for line in $(git grep "$regex" | grep -v vendor)
do
if [[ "$line" =~ (.*)/.*:.*(Fuzz[A-Za-z0-9]+) ]]; then
local pkg=${BASH_REMATCH[1]}
local func=${BASH_REMATCH[2]}
"$compile_fuzzer" "github.com/containerd/containerd/$pkg" "$func" "fuzz_$func"
else
echo "failed to parse: $line"
exit 1
fi
done
}
apt-get update && apt-get install -y wget apt-get update && apt-get install -y wget
cd $SRC cd $SRC
wget https://go.dev/dl/go1.18.3.linux-amd64.tar.gz wget --quiet https://go.dev/dl/go1.18.3.linux-amd64.tar.gz
mkdir temp-go mkdir temp-go
rm -rf /root/.go/* rm -rf /root/.go/*
@ -36,7 +54,6 @@ cd "$(dirname "${BASH_SOURCE[0]}")"
cd ../../ cd ../../
# Move all fuzzers that don't have the "fuzz" package out of this dir # Move all fuzzers that don't have the "fuzz" package out of this dir
mv contrib/fuzz/docker_fuzzer.go remotes/docker/
mv contrib/fuzz/container_fuzzer.go integration/client/ mv contrib/fuzz/container_fuzzer.go integration/client/
rm -r vendor rm -r vendor
@ -68,26 +85,13 @@ mv $SRC/cmd-containerd-backup $SRC/containerd/cmd/containerd
# Compile more fuzzers # Compile more fuzzers
mv $SRC/containerd/filters/filter_test.go $SRC/containerd/filters/filter_test_fuzz.go mv $SRC/containerd/filters/filter_test.go $SRC/containerd/filters/filter_test_fuzz.go
go get github.com/AdamKorcz/go-118-fuzz-build/utils go get github.com/AdamKorcz/go-118-fuzz-build/utils
compile_native_go_fuzzer github.com/containerd/containerd/filters FuzzFiltersParse fuzz_filters_parse
compile_native_go_fuzzer github.com/containerd/containerd/pkg/cap FuzzParseProcPIDStatus fuzz_parse_proc_pid_status
compile_native_go_fuzzer github.com/containerd/containerd/platforms FuzzPlatformsParse fuzz_platforms_parse
compile_go_fuzzer github.com/containerd/containerd/remotes/docker FuzzFetcher fuzz_fetcher
compile_go_fuzzer github.com/containerd/containerd/remotes/docker FuzzParseDockerRef fuzz_parse_docker_ref
compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzApply fuzz_apply
compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzImportIndex fuzz_import_index
compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzCSWalk fuzz_cs_walk
compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzArchiveExport fuzz_archive_export
compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzParseAuth fuzz_parse_auth
compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzImageStore fuzz_image_store
compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzLeaseManager fuzz_lease_manager
compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzContainerStore fuzz_container_store
compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzContentStore fuzz_content_store
compile_fuzzers '^func Fuzz.*testing\.F' compile_native_go_fuzzer
compile_fuzzers '^func Fuzz.*data' compile_go_fuzzer
# The below fuzzers require more setup than the fuzzers above. # The below fuzzers require more setup than the fuzzers above.
# We need the binaries from "make". # We need the binaries from "make".
wget -c https://github.com/protocolbuffers/protobuf/releases/download/v3.11.4/protoc-3.11.4-linux-x86_64.zip wget --quiet https://github.com/protocolbuffers/protobuf/releases/download/v3.11.4/protoc-3.11.4-linux-x86_64.zip
unzip protoc-3.11.4-linux-x86_64.zip -d /usr/local unzip protoc-3.11.4-linux-x86_64.zip -d /usr/local
export CGO_ENABLED=1 export CGO_ENABLED=1
@ -102,10 +106,7 @@ make install
# Build static containerd # Build static containerd
cd $SRC/containerd cd $SRC/containerd
make EXTRA_FLAGS="-buildmode pie" \ make STATIC=1
EXTRA_LDFLAGS='-linkmode external -extldflags "-fno-PIC -static"' \
BUILDTAGS="netgo osusergo static_build"
mkdir $OUT/containerd-binaries || true mkdir $OUT/containerd-binaries || true
cd $SRC/containerd/bin && cp * $OUT/containerd-binaries/ && cd - cd $SRC/containerd/bin && cp * $OUT/containerd-binaries/ && cd -

1
integration/client/go.mod
View File

@ -20,6 +20,7 @@ require (
) )
require ( require (
github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8 // indirect
github.com/Microsoft/go-winio v0.5.2 // indirect github.com/Microsoft/go-winio v0.5.2 // indirect
github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver v3.5.1+incompatible // indirect
github.com/cilium/ebpf v0.7.0 // indirect github.com/cilium/ebpf v0.7.0 // indirect

1
integration/client/go.sum
View File

@ -38,6 +38,7 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8 h1:V8krnnfGj4pV65YLUm3C0/8bl7V5Nry2Pwvy3ru/wLc=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg= github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=

56
remotes/docker/converter_fuzz.go Normal file
View File

@ -0,0 +1,56 @@
//go:build gofuzz
// +build gofuzz
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package docker
import (
"context"
"os"
fuzz "github.com/AdaLogics/go-fuzz-headers"
"github.com/containerd/containerd/content/local"
"github.com/containerd/containerd/log"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/sirupsen/logrus"
)
func FuzzConvertManifest(data []byte) int {
ctx := context.Background()
// Do not log the message below
// level=warning msg="do nothing for media type: ..."
log.G(ctx).Logger.SetLevel(logrus.PanicLevel)
f := fuzz.NewConsumer(data)
desc := ocispec.Descriptor{}
err := f.GenerateStruct(&desc)
if err != nil {
return 0
}
tmpdir, err := os.MkdirTemp("", "fuzzing-")
if err != nil {
return 0
}
cs, err := local.NewStore(tmpdir)
if err != nil {
return 0
}
_, _ = ConvertManifest(ctx, cs, desc)
return 1
}

10
contrib/fuzz/docker_fuzzer.go → remotes/docker/fetcher_fuzz.go
View File

@ -3,10 +3,13 @@
/* /*
Copyright The containerd Authors. Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.
You may obtain a copy of the License at You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@ -14,13 +17,6 @@
limitations under the License. limitations under the License.
*/ */
/*
This fuzzer is run continuously by OSS-fuzz.
It is stored in contrib/fuzz for organization,
but in order to execute it, it must be moved to
remotes/docker first.
*/
package docker package docker
import ( import (