Merge pull request #5863 from AdamKorcz/fuzz10

Fuzzing: Add 4 fuzzers

contrib/fuzz/cap_fuzzer.go

@@ -0,0 +1,27 @@
+// +build gofuzz
+
+/*
+   Copyright The containerd Authors.
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package fuzz
+
+import (
+	"bytes"
+
+	"github.com/containerd/containerd/pkg/cap"
+)
+
+func FuzzParseProcPIDStatus(data []byte) int {
+	_, _ = cap.ParseProcPIDStatus(bytes.NewReader(data))
+	return 1
+}

contrib/fuzz/content_fuzzer.go

@@ -32,6 +32,7 @@ import (
 
 	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/content/local"
+	"github.com/containerd/containerd/images/archive"
 )
 
 // checkBlobPath performs some basic validation
@@ -87,8 +88,7 @@ func populateBlobStore(ctx context.Context, cs content.Store, f *fuzz.ConsumeFuz
 	}
 
 	for dgst, p := range blobs {
-		d, err := checkWrite(ctx, cs, dgst, p)
-		_ = d
+		_, err := checkWrite(ctx, cs, dgst, p)
 		if err != nil {
 			return blobs, err
 		}
@@ -112,7 +112,6 @@ func FuzzCSWalk(data []byte) int {
 
 	f := fuzz.NewConsumer(data)
 	blobs, err := populateBlobStore(ctx, cs, f)
-	_ = blobs
 	if err != nil {
 		return 0
 	}
@@ -136,3 +135,34 @@ func FuzzCSWalk(data []byte) int {
 	}
 	return 1
 }
+
+func FuzzArchiveExport(data []byte) int {
+	f := fuzz.NewConsumer(data)
+	manifest := ocispec.Descriptor{}
+	err := f.GenerateStruct(&manifest)
+	if err != nil {
+		return 0
+	}
+	ctx := context.Background()
+	tmpdir, err := ioutil.TempDir("", "fuzzing-")
+	if err != nil {
+		return 0
+	}
+	defer os.RemoveAll(tmpdir)
+	cs, err := local.NewStore(tmpdir)
+	if err != nil {
+		return 0
+	}
+	_, err = populateBlobStore(ctx, cs, f)
+	if err != nil {
+		return 0
+	}
+	w, err := os.Create("fuzz-output-file")
+	if err != nil {
+		return 0
+	}
+	defer w.Close()
+	defer os.Remove("fuzz-output-file")
+	_ = archive.Export(ctx, cs, w, archive.WithManifest(manifest, "name"))
+	return 1
+}

contrib/fuzz/cri_fuzzer.go

@@ -0,0 +1,38 @@
+// +build gofuzz
+
+/*
+   Copyright The containerd Authors.
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package fuzz
+
+import (
+	fuzz "github.com/AdaLogics/go-fuzz-headers"
+	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
+
+	"github.com/containerd/containerd/pkg/cri/server"
+)
+
+func FuzzParseAuth(data []byte) int {
+	f := fuzz.NewConsumer(data)
+	auth := &runtime.AuthConfig{}
+	err := f.GenerateStruct(auth)
+	if err != nil {
+		return 0
+	}
+	host, err := f.GetString()
+	if err != nil {
+		return 0
+	}
+	_, _, _ = server.ParseAuth(auth, host)
+	return 1
+}

contrib/fuzz/docker_fuzzer.go

@@ -29,6 +29,8 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"net/url"
+
+	refDocker "github.com/containerd/containerd/reference/docker"
 )
 
 func FuzzFetcher(data []byte) int {
@@ -76,3 +78,8 @@ func FuzzFetcher(data []byte) int {
 	}
 	return 1
 }
+
+func FuzzParseDockerRef(data []byte) int {
+	_, _ = refDocker.ParseDockerRef(string(data))
+	return 1
+}

contrib/fuzz/oss_fuzz_build.sh

@@ -28,11 +28,15 @@ mv contrib/fuzz/container_fuzzer.go integration/client/
 
 
 compile_go_fuzzer github.com/containerd/containerd/remotes/docker FuzzFetcher fuzz_fetcher
+compile_go_fuzzer github.com/containerd/containerd/remotes/docker FuzzParseDockerRef fuzz_parse_docker_ref
 compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzFiltersParse fuzz_filters_parse
 compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzPlatformsParse fuzz_platforms_parse
 compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzApply fuzz_apply
 compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzImportIndex fuzz_import_index
 compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzCSWalk fuzz_cs_walk
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzArchiveExport fuzz_archive_export
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzParseAuth fuzz_parse_auth
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzParseProcPIDStatus fuzz_parse_proc_pid_status
 
 # FuzzCreateContainer requires more setup than the fuzzers above.
 # We need the binaries from "make".
@@ -70,6 +74,6 @@ for i in $( ls *_test.go ); do mv $i ./${i%.*}_fuzz.go; done
 # Remove windows test to avoid double declarations:
 rm ./client_windows_test_fuzz.go
 rm ./helpers_windows_test_fuzz.go
-compile_go_fuzzer . FuzzCreateContainerNoTearDown fuzz_create_container_no_teardown
-compile_go_fuzzer . FuzzCreateContainerWithTearDown fuzz_create_container_with_teardown
-compile_go_fuzzer . FuzzNoTearDownWithDownload fuzz_no_teardown_with_download
+compile_go_fuzzer github.com/containerd/containerd/integration/client FuzzCreateContainerNoTearDown fuzz_create_container_no_teardown
+compile_go_fuzzer github.com/containerd/containerd/integration/client FuzzCreateContainerWithTearDown fuzz_create_container_with_teardown
+compile_go_fuzzer github.com/containerd/containerd/integration/client FuzzNoTearDownWithDownload fuzz_no_teardown_with_download