-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add fuzzer with OSS-fuzz build script #14202
Conversation
Commit bb44428dd151a795e3045c910072b113ccf91e57 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
Commit bb44428dd151a795e3045c910072b113ccf91e57 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
Thanks for this @AdamKorcz :) Yes, it would be great to get Cilium fuzzed regularly by OSS-Fuzz. Looking at OSS-Fuzz's guidelines for new projects it looks like Cilium is well qualified. I've opened google/oss-fuzz#4784 to get Cilium added to OSS-Fuzz as having a PR from a Cilium maintainer skips a manual email verification step. There are obviously several entry points for fuzzing and Cilium and this is great start, thank you. Let's wait to see if Cilium gets accepted and then merge this and add more. |
@AdamKorcz note that for this PR to be merged, all commits will need the |
@twpayne Thanks for the heads up! |
@twpayne Let me know if anything else is missing from my side. |
@AdamKorcz can this script be moved out of the |
@nebril that is not an issue. The build file has hereby been moved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@AdamKorcz thanks, I think @nebril was referring to both files, oss-fuzz-build.sh
and fuzz/fuzz.go
to be moved into test/
directory.
Commit be696169abc2894124c30b3dc72601ea817f5a70 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
Commit be696169abc2894124c30b3dc72601ea817f5a70 does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
Commit 98ea01ff46669eb78125a3c5f4c7617ce1f5b7ff does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
@aanm Oh sorry about that. Both files have now been moved to |
Signed-off-by: AdamKorcz <adam@adalogics.com>
test-me-please |
Let me know if there is anything missing from my side. |
retest-runtime |
This PR adds a fuzzer implemented with the go-fuzz fuzzing engine. Furthermore a build script is added to set up continuous fuzzing by way of OSS-fuzz.
Fuzzing is a way of testing programs wherby pseudo-random data is passed to a target application with the goal of finding bugs and vulnerabilities. In this fuzzer, the entrypoint to Cilium is the
UnmarshalJSON
implementatin in thelabels
package.Integrating Cilium into OSS-fuzz allows Google to run all fuzzers in the Cilium project continuously free of charge. If bugs are found, maintainers get notified with detailed bug reports that include stack trace and reproducible test case. The service is offered free of charge to open source project with an implied expectation that bugs are fixed, and it has contributed to finding vulnerabilities in major open source projects like Kubernetes.
If there is interest in integrating Cilium, I will be happy to complete the integration on the OSS-fuzz side. For this at least one maintainer email address is needed.
Signed-off-by: AdamKorcz adam@adalogics.com