Add two fuzzers to integrate containerd into OSS-fuzz by AdamKorcz · Pull Request #4841 · containerd/containerd

AdamKorcz · 2020-12-14T12:37:48Z

This PR adds two fuzzers to set up continuous fuzzing for containerd on the OSS-fuzz platform.

Fuzzing is a method for testing whereby pseudo-random data is passed to a target entry point in an application - which in these two fuzzers are filters.Parse and platforms.Parse respectively. The application is then observed in the hope of finding bugs and vulnerabilities.
Integrating containerd into OSS-fuzz will allow these two fuzzers to run continuously and look for harder-to-find bugs. If bugs are found maintainers get notified with emails containing a link to a detailed bug report that includes stacktrace and reproducible test case.
I have set up a draft integration PR on the OSS-fuzz side that will be updated according to the progression of this PR: google/oss-fuzz#4839. The build currently fails but I will get it up and running once the fuzzers here are integrated. In the PR on OSS-fuzz there is a project.yaml file which requires at least one maintainers email address.

Signed-off-by: AdamKorcz [email protected]

k8s-ci-robot · 2020-12-14T12:37:57Z

Hi @AdamKorcz. Thanks for your PR.

I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

theopenlab-ci · 2020-12-14T12:52:56Z

Build succeeded.

containerd-build-arm64 : FAILURE in 12m 07s (non-voting)

theopenlab-ci · 2020-12-14T16:30:16Z

Build succeeded.

containerd-build-arm64 : SUCCESS in 5m 33s (non-voting)

kzys

Looks good to me.

Does it make sense to at least build them on GitHub Actions? If we change the signature of Parse() methods, we may forget to update the Fuzz functions, since // +build gofuzz excludes them.

AdamKorcz · 2020-12-16T22:36:20Z

@kzys that is a good point, however as OSS-fuzz runs fuzzers several times per week, maintainers will get notified in case the fuzzers can't be built.

mxpv · 2020-12-16T22:45:46Z

@AdamKorcz If I get this right, each function/API must be wrapped in order to be tested by oss-fuzz, right? If so I'd rather prefer to have a separate package fuzz/ with all wrappers in one place instead of spreading it across the codebase. Would that be reasonable?

AdamKorcz · 2020-12-17T17:30:04Z

@AdamKorcz If I get this right, each function/API must be wrapped in order to be tested by oss-fuzz, right? If so I'd rather prefer to have a separate package fuzz/ with all wrappers in one place instead of spreading it across the codebase. Would that be reasonable?

That is not a problem. It will work fine with OSS-fuzz. I have made the changes in the commit.

cpuguy83

LGTM

cpuguy83 · 2020-12-18T18:59:04Z

can you squash commits?

Signed-off-by: AdamKorcz <[email protected]>

AdamKorcz · 2020-12-19T13:00:53Z

Hereby squashed

theopenlab-ci · 2020-12-19T13:08:00Z

Build succeeded.

containerd-build-arm64 : SUCCESS in 6m 00s (non-voting)

estesp

LGTM

AdamKorcz · 2020-12-27T15:06:35Z

Thank you for merging this in. To finish the integration on the OSS-fuzz side we need at least one maintainers email address in the project.yaml file in this PR: google/oss-fuzz#4839. Please leave the maintainer email addresses in this thread or in the PR on the OSS-fuzz github repository and I will get it added in project.yaml.

Please note that I have added my own email address on the mailing list to see the integration through to completion. This does mean that all bugs and vulnerabilities will be visible by me as all email addresses on that list will have access to these, and if you prefer me off the list, just let me know, and I will remove myself.

k8s-ci-robot added the needs-ok-to-test label Dec 14, 2020

kzys reviewed Dec 16, 2020

View reviewed changes

mxpv approved these changes Dec 18, 2020

View reviewed changes

cpuguy83 approved these changes Dec 18, 2020

View reviewed changes

Added 2 fuzzers

3698bc4

Signed-off-by: AdamKorcz <[email protected]>

cpuguy83 approved these changes Dec 19, 2020

View reviewed changes

AkihiroSuda approved these changes Dec 22, 2020

View reviewed changes

estesp approved these changes Dec 23, 2020

View reviewed changes

estesp merged commit ac5ca3a into containerd:master Dec 23, 2020

AdamKorcz mentioned this pull request Dec 27, 2020

[containerd] Initial integration google/oss-fuzz#4839

Merged

samuelkarp mentioned this pull request Jun 15, 2022

Use Go 1.18's testing.F on simple fuzzers #7056

Merged

Conversation

AdamKorcz commented Dec 14, 2020

Uh oh!

k8s-ci-robot commented Dec 14, 2020

Uh oh!

theopenlab-ci Bot commented Dec 14, 2020

Uh oh!

theopenlab-ci Bot commented Dec 14, 2020

Uh oh!

kzys left a comment

Choose a reason for hiding this comment

Uh oh!

AdamKorcz commented Dec 16, 2020

Uh oh!

mxpv commented Dec 16, 2020

Uh oh!

AdamKorcz commented Dec 17, 2020

Uh oh!

cpuguy83 left a comment

Choose a reason for hiding this comment

Uh oh!

cpuguy83 commented Dec 18, 2020

Uh oh!

AdamKorcz commented Dec 19, 2020

Uh oh!

theopenlab-ci Bot commented Dec 19, 2020

Uh oh!

estesp left a comment

Choose a reason for hiding this comment

Uh oh!

AdamKorcz commented Dec 27, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants