From d18cc7df58b9b1dae3bceafb9c0a6a3e1edd68e5 Mon Sep 17 00:00:00 2001
From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Date: Fri, 5 Mar 2021 16:17:35 +0000
Subject: [PATCH] [runc] Initial integration (#5287)

* [teleport] Initial integration

* Minor update to run tests again

* Remove debugging things

* Removed an unfinished file

* Small nit

* Added maintainers

* Update Dockerfile

* Update build.sh

* Update project.yaml

* Updated licenses

Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
---
 projects/runc/Dockerfile        | 24 ++++++++++++++
 projects/runc/build.sh          | 25 ++++++++++++++
 projects/runc/configs_fuzzer.go | 35 ++++++++++++++++++++
 projects/runc/id_map_fuzzer.go  | 28 ++++++++++++++++
 projects/runc/project.yaml      | 16 +++++++++
 projects/runc/user_fuzzer.go    | 58 +++++++++++++++++++++++++++++++++
 6 files changed, 186 insertions(+)
 create mode 100644 projects/runc/Dockerfile
 create mode 100644 projects/runc/build.sh
 create mode 100644 projects/runc/configs_fuzzer.go
 create mode 100644 projects/runc/id_map_fuzzer.go
 create mode 100644 projects/runc/project.yaml
 create mode 100644 projects/runc/user_fuzzer.go

diff --git a/projects/runc/Dockerfile b/projects/runc/Dockerfile
new file mode 100644
index 000000000..63e3017f6
--- /dev/null
+++ b/projects/runc/Dockerfile
@@ -0,0 +1,24 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN git clone --depth 1 https://github.com/opencontainers/runc
+COPY build.sh \
+     id_map_fuzzer.go \
+     user_fuzzer.go \
+     configs_fuzzer.go \
+     $SRC/
+WORKDIR $SRC/runc
diff --git a/projects/runc/build.sh b/projects/runc/build.sh
new file mode 100644
index 000000000..4c30ab5ac
--- /dev/null
+++ b/projects/runc/build.sh
@@ -0,0 +1,25 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+mv $SRC/id_map_fuzzer.go $SRC/runc/libcontainer/system/
+compile_go_fuzzer ./libcontainer/system Fuzz id_map_fuzzer linux
+
+mv $SRC/user_fuzzer.go $SRC/runc/libcontainer/user
+compile_go_fuzzer ./libcontainer/user Fuzz user_fuzzer
+
+mv $SRC/configs_fuzzer.go $SRC/runc/libcontainer/configs
+compile_go_fuzzer ./libcontainer/configs Fuzz configs_fuzzer
diff --git a/projects/runc/configs_fuzzer.go b/projects/runc/configs_fuzzer.go
new file mode 100644
index 000000000..d482ba0fa
--- /dev/null
+++ b/projects/runc/configs_fuzzer.go
@@ -0,0 +1,35 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package configs
+
+import(
+	"fmt"
+)
+
+
+func Fuzz(data []byte) int {
+	hookNameList := []string {"prestart",
+				  "createRuntime",
+				  "createContainer",
+				  "startContainer",
+				  "poststart"}
+
+	for _, hookName := range hookNameList {
+		hooks := Hooks{}
+		_ = hooks.UnmarshalJSON([]byte(fmt.Sprintf(`{"%s" :[%s]}`, hookName, data)))
+	}
+	return 1
+}
diff --git a/projects/runc/id_map_fuzzer.go b/projects/runc/id_map_fuzzer.go
new file mode 100644
index 000000000..4d842a4cb
--- /dev/null
+++ b/projects/runc/id_map_fuzzer.go
@@ -0,0 +1,28 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package system
+
+import (
+	"strings"
+	"github.com/opencontainers/runc/libcontainer/user"
+)
+
+
+func Fuzz(data []byte) int {
+	uidmap, _ := user.ParseIDMap(strings.NewReader(string(data)))
+	_ = UIDMapInUserNS(uidmap)
+	return 1
+}
diff --git a/projects/runc/project.yaml b/projects/runc/project.yaml
new file mode 100644
index 000000000..fc387c82b
--- /dev/null
+++ b/projects/runc/project.yaml
@@ -0,0 +1,16 @@
+homepage: "https://github.com/opencontainers/runc"
+main_repo: "https://github.com/opencontainers/runc"
+primary_contact: "cyphar@cyphar.com"
+auto_ccs:
+  - "adam@adalogics.com"
+  - "michael@docker.com"
+  - "mpatel@redhat.com"
+  - "dqminh89@gmail.com"
+  - "h.huangqiang@huawei.com"
+  - "akihiro.suda.cz@hco.ntt.co.jp"
+  - "kolyshkin@gmail.com"
+language: go
+fuzzing_engines:
+  - libfuzzer
+sanitizers:
+  - address
diff --git a/projects/runc/user_fuzzer.go b/projects/runc/user_fuzzer.go
new file mode 100644
index 000000000..b3a2ca71c
--- /dev/null
+++ b/projects/runc/user_fuzzer.go
@@ -0,0 +1,58 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package user
+
+import (
+	"strings"
+	"io"
+)
+
+
+func IsDivisbleBy(n int, divisibleby int) bool {
+	return (n % divisibleby) == 0
+}
+
+func Fuzz(data []byte) int {
+	if len(data)==0 {
+		return -1
+	}
+	divisible := IsDivisbleBy(len(data), 5)
+	if divisible==false {
+		return -1
+	}
+
+	var divided [][]byte
+
+	chunkSize := len(data)/5
+
+	for i := 0; i < len(data); i += chunkSize {
+	    end := i + chunkSize
+
+	    divided = append(divided, data[i:end])
+	}
+
+	_, _ = ParsePasswdFilter(strings.NewReader(string(divided[0])), nil)
+
+	var passwd, group io.Reader
+
+	group = strings.NewReader(string(divided[1]))
+	_, _ = GetAdditionalGroups([]string{string(divided[2])}, group)
+
+
+	passwd = strings.NewReader(string(divided[3]))
+	_, _ = GetExecUser(string(divided[4]), nil, passwd, group)
+	return 1
+}