diff --git a/test/fuzz/README.md b/test/fuzz/README.md new file mode 100644 index 0000000000..555a87dfd3 --- /dev/null +++ b/test/fuzz/README.md @@ -0,0 +1,51 @@ +# Fuzzing + + Fuzzing or fuzz testing is an automated software testing technique that + involves providing invalid, unexpected, or random data as inputs to a + computer program. A fuzzing target is defined for running the tests. + These targets are defined in the test/fuzz directory and run using + the instructions given below: + +- Install the package from + using go get command. This is the link for the fuzzing tool that uses + libfuzzer for its implementation purposes. I set it up and made a sample + function to run the fuzzing tests. In these steps following are the important steps + + a.  Run below command to build the file for the function by giving its location. + + ```bash + mkdir output + cd output + go114-fuzz-build -o FuzzTestImageValidate.a + -func FuzzTestImageValidate ../test/fuzz/ + ``` + + b. Run below command to make C binary files for the same function. + + ``` + clang -o FuzzTestImageValidate FuzzTestImageValidate.a + -fsanitize=fuzzer + ``` + + c. Run the fuzzer as below + + ``` + /FuzzTestImageValidate + ``` + +- Execution: Here is an example for execution of some test outputs: + + ```bash + ./FuzzTestImageValidate + INFO: Running with entropic power schedule (0xFF, 100). + INFO: Seed: 376384327 + INFO: 267805 Extra Counters + INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes + INFO: A corpus is not provided, starting from an empty corpus + #2 INITED ft: 35 corp: 1/1b exec/s: 0 rss: 51Mb + ``` + + Here first line contains the byte array provided by libfuzzer to the + function we then typecast it to our struct of IPPool using JSON. + Unmarshal and then run the function. It keeps on running + until it finds a bug. diff --git a/test/fuzz/metal3cluster_manager_test_fuzzer.go b/test/fuzz/metal3cluster_manager_test_fuzzer.go new file mode 100644 index 0000000000..e09b8b8492 --- /dev/null +++ b/test/fuzz/metal3cluster_manager_test_fuzzer.go @@ -0,0 +1,31 @@ +package fuzz_test + +import ( + fuzz "github.com/AdaLogics/go-fuzz-headers" + infrav1 "github.com/metal3-io/cluster-api-provider-metal3/api/v1beta1" + "k8s.io/apimachinery/pkg/util/validation/field" +) + +type ImageValidate struct { + Image infrav1.Image + ErrorExpected bool + Name string +} + +func FuzzTestImageValidate(data []byte) int { + f := fuzz.NewConsumer(data) + tc := &ImageValidate{} + err := f.GenerateStruct(tc) + if err != nil { + return 0 + } + errs := tc.Image.Validate(*field.NewPath("Spec", "Image")) + if tc.ErrorExpected && errs == nil { + return 0 + } + if !tc.ErrorExpected && errs != nil { + return 0 + } + + return 1 +} diff --git a/test/go.mod b/test/go.mod index a46ea7931b..db94d074b3 100644 --- a/test/go.mod +++ b/test/go.mod @@ -28,6 +28,7 @@ replace sigs.k8s.io/cluster-api/test => sigs.k8s.io/cluster-api/test v1.4.2 replace github.com/metal3-io/cluster-api-provider-metal3/api => ./../api require ( + github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 github.com/BurntSushi/toml v1.0.0 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect @@ -43,6 +44,7 @@ require ( github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/coredns/caddy v1.1.1 // indirect github.com/coredns/corefile-migration v1.0.20 // indirect + github.com/cyphar/filepath-securejoin v0.2.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/docker/distribution v2.8.2+incompatible // indirect github.com/docker/go-connections v0.4.0 // indirect @@ -67,7 +69,7 @@ require ( github.com/google/go-github/v48 v48.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect + github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect github.com/google/uuid v1.3.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect @@ -108,6 +110,7 @@ require ( github.com/valyala/fastjson v1.6.4 // indirect golang.org/x/mod v0.10.0 // indirect golang.org/x/net v0.14.0 // indirect + golang.org/x/crypto v0.11.0 // indirect golang.org/x/oauth2 v0.6.0 // indirect golang.org/x/sys v0.11.0 // indirect golang.org/x/term v0.11.0 // indirect diff --git a/test/go.sum b/test/go.sum index b563879b2c..5776470844 100644 --- a/test/go.sum +++ b/test/go.sum @@ -37,6 +37,8 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= @@ -106,6 +108,8 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= +github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -246,8 +250,8 @@ github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE= -github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 h1:SJ+NtwL6QaZ21U+IrK7d0gGgpjGGvd2kz+FzTHVzdqI= github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2/go.mod h1:Tv1PlzqC9t8wNnpPdctvtSUOPUUg4SHeE6vR1Ir2hmg= @@ -566,8 +570,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= -golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU= +golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=