Merge pull request #529 from pjbgf/fuzz-update

fuzz: Fix upstream build and optimise execution

.github/workflows/cifuzz.yaml

@@ -13,12 +13,16 @@ jobs:
     steps:
     - name: Checkout
       uses: actions/checkout@v3
+    - name: Setup Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: 1.18.x
     - name: Restore Go cache
       uses: actions/cache@v3
       with:
-        path: /home/runner/work/_temp/_github_home/go/pkg/mod
+        path: ~/go/pkg/mod
         key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
         restore-keys: |
-          ${{ runner.os }}-go-
+          ${{ runner.os }}-go
     - name: Smoke test Fuzzers
       run: make fuzz-smoketest

Makefile

@@ -151,10 +151,11 @@ fuzz-build:
 	rm -rf $(BUILD_DIR)/fuzz/
 	mkdir -p $(BUILD_DIR)/fuzz/out/
 
-	docker build . --tag local-fuzzing:latest -f tests/fuzz/Dockerfile.builder
+	docker build . --pull --tag local-fuzzing:latest -f tests/fuzz/Dockerfile.builder
 	docker run --rm \
 		-e FUZZING_LANGUAGE=go -e SANITIZER=address \
 		-e CIFUZZ_DEBUG='True' -e OSS_FUZZ_PROJECT_NAME=fluxcd \
+		-v "$(shell go env GOMODCACHE):/root/go/pkg/mod" \
 		-v "$(BUILD_DIR)/fuzz/out":/out \
 		local-fuzzing:latest
 

tests/fuzz/Dockerfile.builder

@@ -1,16 +1,6 @@
-FROM golang:1.18 AS go
-
 FROM gcr.io/oss-fuzz-base/base-builder-go
 
-# ensures golang 1.18 to enable go native fuzzing.
-COPY --from=go /usr/local/go /usr/local/
-
 COPY ./ $GOPATH/src/github.com/fluxcd/helm-controller/
 COPY ./tests/fuzz/oss_fuzz_build.sh $SRC/build.sh
 
-# Temporarily overrides compile_native_go_fuzzer.
-# Pending upstream merge: https://github.com/google/oss-fuzz/pull/8285
-COPY tests/fuzz/compile_native_go_fuzzer.sh /usr/local/bin/compile_native_go_fuzzer
-RUN go install golang.org/x/tools/cmd/goimports@latest
-
 WORKDIR $SRC

tests/fuzz/oss_fuzz_build.sh

@@ -19,23 +19,61 @@ set -euxo pipefail
 GOPATH="${GOPATH:-/root/go}"
 GO_SRC="${GOPATH}/src"
 PROJECT_PATH="github.com/fluxcd/helm-controller"
+TMP_DIR=$(mktemp -d /tmp/oss_fuzz-XXXXXX)
+
+cleanup(){
+	rm -rf "${TMP_DIR}"
+}
+trap cleanup EXIT
+
+install_deps(){
+	if ! command -v go-118-fuzz-build &> /dev/null || ! command -v addimport &> /dev/null; then
+		mkdir -p "${TMP_DIR}/go-118-fuzz-build"
+
+		git clone https://github.com/AdamKorcz/go-118-fuzz-build "${TMP_DIR}/go-118-fuzz-build"
+		cd "${TMP_DIR}/go-118-fuzz-build"
+		go build -o "${GOPATH}/bin/go-118-fuzz-build"
+
+		cd addimport
+		go build -o "${GOPATH}/bin/addimport"
+	fi
+
+	if ! command -v goimports &> /dev/null; then
+		go install golang.org/x/tools/cmd/goimports@latest
+	fi
+}
+
+# Removes the content of test funcs which could cause the Fuzz
+# tests to break.
+remove_test_funcs(){
+	filename=$1
+
+	echo "removing co-located *testing.T"
+	sed -i -e '/func Test.*testing.T) {$/ {:r;/\n}/!{N;br}; s/\n.*\n/\n/}' "${filename}"
+
+	# After removing the body of the go testing funcs, consolidate the imports.
+	goimports -w "${filename}"
+}
+
+install_deps
 
 cd "${GO_SRC}/${PROJECT_PATH}"
 
-go install github.com/AdamKorcz/go-118-fuzz-build@latest
 go get github.com/AdamKorcz/go-118-fuzz-build/utils
 
 # Iterate through all Go Fuzz targets, compiling each into a fuzzer.
 test_files=$(grep -r --include='**_test.go' --files-with-matches 'func Fuzz' .)
 for file in ${test_files}
 do
+	remove_test_funcs "${file}"
+
 	targets=$(grep -oP 'func \K(Fuzz\w*)' "${file}")
 	for target_name in ${targets}
 	do
-        fuzzer_name=$(echo "${target_name}" | tr '[:upper:]' '[:lower:]')
-        target_dir=$(dirname "${file}")
+		fuzzer_name=$(echo "${target_name}" | tr '[:upper:]' '[:lower:]')
+		target_dir=$(dirname "${file}")
 
 		echo "Building ${file}.${target_name} into ${fuzzer_name}"
-        compile_native_go_fuzzer "${target_dir}" "${target_name}" "${fuzzer_name}" fuzz
+		compile_native_go_fuzzer "${target_dir}" "${target_name}" "${fuzzer_name}"
 	done
 done