From e2ebd1a478b53153484e4cf59d5c5e68072a43eb Mon Sep 17 00:00:00 2001 From: Adam Korczynski Date: Thu, 14 May 2020 11:06:51 +0100 Subject: [PATCH] Add fuzzers Signed-off-by: Adam Korczynski --- go.mod | 1 + go.sum | 5 +++ pkg/provenance/fuzz_test.go | 81 +++++++++++++++++++++++++++++++++++++ pkg/strvals/fuzz_test.go | 26 ++++++++++++ 4 files changed, 113 insertions(+) create mode 100644 pkg/provenance/fuzz_test.go create mode 100644 pkg/strvals/fuzz_test.go diff --git a/go.mod b/go.mod index cc29497a0..28e63d4df 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module helm.sh/helm/v3 go 1.18 require ( + github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8 github.com/BurntSushi/toml v1.2.0 github.com/DATA-DOG/go-sqlmock v1.5.0 github.com/Masterminds/semver/v3 v3.1.1 diff --git a/go.sum b/go.sum index fe7960aa8..25fa08e48 100644 --- a/go.sum +++ b/go.sum @@ -46,6 +46,10 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8 h1:V8krnnfGj4pV65YLUm3C0/8bl7V5Nry2Pwvy3ru/wLc= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8 h1:d+pBUmsteW5tM87xmVXHZ4+LibHRFn40SPAoZJOg2ak= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8/go.mod h1:i9fr2JpcEcY/IHEvzCM3qXUZYOQHgR89dt4es1CgMhc= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= @@ -830,6 +834,7 @@ golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= diff --git a/pkg/provenance/fuzz_test.go b/pkg/provenance/fuzz_test.go new file mode 100644 index 000000000..2c5920536 --- /dev/null +++ b/pkg/provenance/fuzz_test.go @@ -0,0 +1,81 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package provenance + +import ( + "os" + "testing" + + fuzz "github.com/AdaLogics/go-fuzz-headers" +) + +func FuzzNewFromFiles(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + ff := fuzz.NewConsumer(data) + keyFileBytes, err := ff.GetBytes() + if err != nil { + return + } + keyFile, err := os.Create("keyFile") + if err != nil { + return + } + defer keyFile.Close() + defer os.Remove(keyFile.Name()) + _, err = keyFile.Write(keyFileBytes) + if err != nil { + return + } + keyringFile, err := os.Create("keyringFile ") + if err != nil { + return + } + defer keyringFile.Close() + defer os.Remove(keyringFile.Name()) + keyringFileBytes, err := ff.GetBytes() + if err != nil { + return + } + _, err = keyringFile.Write(keyringFileBytes) + if err != nil { + return + } + _, _ = NewFromFiles(keyFile.Name(), keyringFile.Name()) + }) +} + +func FuzzParseMessageBlock(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + _, _, _ = parseMessageBlock(data) + }) +} + +func FuzzMessageBlock(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + ff := fuzz.NewConsumer(data) + err := os.Mkdir("fuzzDir", 0755) + if err != nil { + return + } + defer os.RemoveAll("fuzzDir") + err = ff.CreateFiles("fuzzDir") + if err != nil { + return + } + _, _ = messageBlock("fuzzDir") + return + }) +} diff --git a/pkg/strvals/fuzz_test.go b/pkg/strvals/fuzz_test.go new file mode 100644 index 000000000..5d439e0a0 --- /dev/null +++ b/pkg/strvals/fuzz_test.go @@ -0,0 +1,26 @@ +/* +Copyright The Helm Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package strvals + +import ( + "testing" +) + +func FuzzParse(f *testing.F) { + f.Fuzz(func(t *testing.T, data string) { + _, _ = Parse(data) + }) +}