cncf / cncf-fuzzing Goto Github PK

Building fuzzers failed after bumping quic-go version.
Errors are /root/go/pkg/mod/github.com/lucas-clemente/[email protected]/internal/qtls/go118.go:6:13: cannot use "quic-go doesn't build on Go 1.18 yet." (untyped string constant) as int value in variable declaration, but it is normal when we build our artifacts manually.
More details show as follows.
https://github.com/kubeedge/kubeedge/actions/runs/3359066312/jobs/5566711345

cc @AdamKorcz

I ran into containers/conmon#315 (comment) the other day and then I found https://ostif.org/wp-content/uploads/2022/06/CRI-O-audit-by-ada-logics-chainguard-ostif.pdf where scenarios like that were included in the threat model

... and
input from the container’s are also handled in Conmon. These are areas of potential attack
surface against Conmon.

and as far as I understand there should be a fuzz target:

We also developed a fuzzer for Conmon to analyse the logging and parsing routines in conmon/src/ctr_logging.c.

@DavidKorczynski I can't seem to find that fuzz target anywhere. Is there any chance you could point me in the right direction?

I would like to get cloudprovider-azure integrated with CNCF-Fuzzing!

Codebase is at https://github.com/kubernetes-sigs/cloud-provider-azure

It is a set of controllers.

Thanks!

I would like to get Pravega.io integrated with CNCF-Fuzzing!

Codebase is at https://github.com/pravega/pravega

A full deployment involves ZooKeeper, BookKeeper, Pravega Controllers and Pravega Segment Stores.

Thanks!

I am on a Mac M1 (arm64) and seeing the following when pulling the images:

Unable to find image 'gcr.io/oss-fuzz-base/base-runner:latest' locally
latest: Pulling from oss-fuzz-base/base-runner
08c01a0ec47e: Pull complete 
26db2b7fb236: Pull complete 
1f44b92c8dd8: Pull complete 
48a0f87d472e: Pull complete 
987ef13f0fe0: Pull complete 
70c9ed524714: Pull complete 
5ec98123cb3e: Pull complete 
6be990f73bc1: Pull complete 
293df89222b6: Pull complete 
f74545e6eee4: Pull complete 
a9b0edd055b9: Pull complete 
065de64d84f6: Pull complete 
ef7ffe221187: Pull complete 
ee755a457c4d: Pull complete 
Digest: sha256:dde0612a1cefe5fc8fbac9e7046afbbd555553f5392a779ef96fa590bf13e964
Status: Downloaded newer image for gcr.io/oss-fuzz-base/base-runner:latest
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested

Note that even though this looks just like an warning. I am running into segfaults when trying to test the pulled image.