Skip to content

Fuzzing: Add 2 fuzzers#362

Closed
AdamKorcz wants to merge 1 commit intoopencontainers:masterfrom
AdamKorcz:fuzz1
Closed

Fuzzing: Add 2 fuzzers#362
AdamKorcz wants to merge 1 commit intoopencontainers:masterfrom
AdamKorcz:fuzz1

Conversation

@AdamKorcz
Copy link
Contributor

@AdamKorcz AdamKorcz commented Mar 12, 2021

This PR adds two fuzzers that were originally committed to OSS-fuzz. As it is unsure whether or not Umoci qualifies for OSS-fuzz integration, I am moving them over here.

I will be adding more fuzzers as well as documentation on running these locally in later PRs.

Signed-off-by: AdamKorcz adam@adalogics.com

@cyphar
Copy link
Member

cyphar commented Mar 12, 2021

CI is failing because of golint failures:

/home/travis/gopath/src/github.com/opencontainers/umoci/oci/casext/fuzzer.go:28:1: exported function Fuzz should have comment or be unexported
/home/travis/gopath/src/github.com/opencontainers/umoci/pkg/hardening/fuzzer.go:22:2: a blank import should be only in a main or test package, or have a comment justifying it
/home/travis/gopath/src/github.com/opencontainers/umoci/pkg/hardening/fuzzer.go:27:1: exported function Fuzz should have comment or be unexported

cyphar
cyphar reviewed Mar 12, 2021
View reviewed changes
@codecov-io
Copy link

codecov-io commented Mar 16, 2021

Codecov Report

Merging #362 (259b8f1) into master (64c4898) will decrease coverage by 5.79%.
The diff coverage is 19.23%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #362      +/-   ##
==========================================
- Coverage   74.26%   68.47%   -5.80%     
==========================================
  Files          58       58              
  Lines        3078     3112      +34     
==========================================
- Hits         2286     2131     -155     
- Misses        463      642     +179     
- Partials      329      339      +10
Impacted Files Coverage Δ
oci/casext/fuzzer.go 0.00% <0.00%> (ø)
oci/layer/tar_generate.go 71.42% <ø> (ø)
pkg/hardening/fuzzer.go 0.00% <0.00%> (ø)
pkg/system/tarmode_unix.go 58.33% <58.33%> (ø)
pkg/fseval/fseval_default.go 88.46% <100.00%> (ø)
pkg/system/mknod_unix.go 100.00% <100.00%> (ø)
pkg/unpriv/unpriv.go 75.00% <100.00%> (-3.19%) ⬇️
api.go 0.00% <0.00%> (-100.00%) ⬇️
pkg/testutils/ftimes.go 0.00% <0.00%> (-100.00%) ⬇️
pkg/testutils/ftimes_unix.go 0.00% <0.00%> (-100.00%) ⬇️
... and 24 more

@AdamKorcz
Add 2 fuzzers
712d329 
Signed-off-by: AdamKorcz <adam@adalogics.com>
@AdamKorcz
Copy link
Contributor Author

AdamKorcz commented Mar 17, 2021

@cyphar Why does CI complain about the build comment in this PR?

@cyphar
Copy link
Member

cyphar commented Mar 18, 2021
edited
Loading

Go needs the // +build tag to be at the top of the file, it can't be after the copyright comments. (Right now the // +build comment is just a comment -- which is why the CodeCov coverage has dropped -- there's a bunch of dead code not being executed by the test suite.)

(The error is coming from go vet.)

@cyphar cyphar mentioned this pull request Mar 18, 2021
Merged
@cyphar
Copy link
Member

cyphar commented Mar 18, 2021

I've carried this in #365.

@cyphar cyphar closed this Mar 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cyphar cyphar cyphar left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AdamKorcz @cyphar @codecov-io