-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added fuzzer for frontend dockerfile parser #1813
base: master
Are you sure you want to change the base?
Conversation
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
@AkihiroSuda The hack/fuzz breaks now because the fuzzer is not yet merged. I assume this is why the build fails |
Signed-off-by: AdamKorcz <[email protected]>
Signed-off-by: AdamKorcz <[email protected]>
My previous assumption was partly correct, and my latest fix demonstrates that it was not because the fuzzer hasn't been merged yet but rather because the |
If there is anything I can do from my side, please let me know. |
Either the Dockerfile or the hack script should actually start the fuzzer. Should we close this for now and revisit then fuzzer is directly added in Go(I believe next version)? |
The upside of waiting as I see it would be to avoid having to rewrite the fuzzer. The downside is that Buildkit does not get fuzzed, and any bugs that fuzzing could find will not be found until fuzzing is released as part of Go. |
This PR reopens #1518
From that PR the following modifications have been made:
1: A docker image has been added that runs the fuzzer. To test this, do the following:
In this regard, the /hack script has been significantly rewritten, as the previous script installed dependencies on the host machine.
Please note that this does affect the host machine in the sense that the fuzzer is copied into the hack/dockerfiles directory. This will be removed once the fuzzer is merged in and is merely a way to test the fuzzer prior to merging.
2: With suggestion from @AkihiroSuda, the file creation inside of the fuzzer has been replaced by
bytes.NewReader(data)
which provided a big effectivity boost, so thank you for that.3: The fuzzer has been moved to the
util/testutil/fuzz
directory.I am tagging @tiborvass and @tonistiigi as you were also involved in the previous PR.
Also, I would like to suggest setting up continuous fuzzing of the Moby project. Some benefits of this will be:
I have worked on the integration with oss-fuzz to set up continuous fuzzing for the Moby project, and I will be happy to complete that integration. All I need for that is a list of maintainer emails for potential bug reports. These will be added to a public list that can be changed at any time.
oss-fuzz has a public disclosure policy of 90 days.