From 8a26e56cd7c1ae8a8a30656d47698004d3cb569b Mon Sep 17 00:00:00 2001 From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> Date: Fri, 12 May 2023 21:28:14 +0100 Subject: [PATCH] [golang-appengine] initial integration (#10299) Signed-off-by: AdamKorcz --- projects/golang-appengine/Dockerfile | 20 +++++++++++ projects/golang-appengine/build.sh | 23 ++++++++++++ projects/golang-appengine/fuzz_test.go | 50 ++++++++++++++++++++++++++ projects/golang-appengine/project.yaml | 9 +++++ 4 files changed, 102 insertions(+) create mode 100644 projects/golang-appengine/Dockerfile create mode 100644 projects/golang-appengine/build.sh create mode 100644 projects/golang-appengine/fuzz_test.go create mode 100644 projects/golang-appengine/project.yaml diff --git a/projects/golang-appengine/Dockerfile b/projects/golang-appengine/Dockerfile new file mode 100644 index 000000000..67edca703 --- /dev/null +++ b/projects/golang-appengine/Dockerfile @@ -0,0 +1,20 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder-go +RUN git clone --depth 1 https://github.com/golang/appengine +WORKDIR $SRC/appengine +COPY build.sh fuzz_test.go $SRC/ diff --git a/projects/golang-appengine/build.sh b/projects/golang-appengine/build.sh new file mode 100644 index 000000000..87da22e0c --- /dev/null +++ b/projects/golang-appengine/build.sh @@ -0,0 +1,23 @@ +#!/bin/bash -eu +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cp $SRC/fuzz_test.go ./v2/blobstore/ +cd $SRC/appengine/v2 +go mod tidy +printf "package appengine\nimport _ \"github.com/AdamKorcz/go-118-fuzz-build/testing\"\n" > register.go +go mod tidy +compile_native_go_fuzzer google.golang.org/appengine/v2/blobstore FuzzParseUpload FuzzParseUpload diff --git a/projects/golang-appengine/fuzz_test.go b/projects/golang-appengine/fuzz_test.go new file mode 100644 index 000000000..d1fef7891 --- /dev/null +++ b/projects/golang-appengine/fuzz_test.go @@ -0,0 +1,50 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package blobstore + +import ( + "bytes" + "net/http" + "testing" + + fuzz "github.com/AdaLogics/go-fuzz-headers" +) + +func FuzzParseUpload(f *testing.F) { + f.Fuzz(func(t *testing.T, body, headers []byte) { + r, err := http.NewRequest("POST", "", bytes.NewReader(body)) + if err != nil { + return + } + ff := fuzz.NewConsumer(headers) + h := make(map[string][]string, 0) + ff.FuzzMap(&h) + if len(h) == 0 { + return + } + _, ok := h["Content-Type"] + if !ok { + hSlice := make([]string, 0) + err := ff.CreateSlice(&hSlice) + if err != nil { + return + } + h["Content-Type"] = hSlice + } + r.Header = h + ParseUpload(r) + }) +} diff --git a/projects/golang-appengine/project.yaml b/projects/golang-appengine/project.yaml new file mode 100644 index 000000000..3b0b7c826 --- /dev/null +++ b/projects/golang-appengine/project.yaml @@ -0,0 +1,9 @@ +homepage: "https://github.com/golang/appengine" +language: go +main_repo: "https://github.com/golang/appengine" +auto_ccs: + - "adam@adalogics.com" +fuzzing_engines: + - libfuzzer +sanitizers: + - address