diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 710932703..1dbed5fd3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -36,6 +36,8 @@ jobs: run: make validate-openapi - name: Build run: make -C $GITHUB_WORKSPACE all + - name: Fuzz-Build + run: make -C $GITHUB_WORKSPACE fuzz - name: Test run: go test -v ./... - name: Ensure no files were modified as a result of the build diff --git a/.gitignore b/.gitignore index 5e3151211..e7f7cea2f 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ logid swagger dist/* hack/tools/bin/* +*fuzz.zip diff --git a/Makefile b/Makefile index 30194739c..3d81e5d92 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ .PHONY: all test clean clean-gen lint gosec ko ko-local sign-container cross-cli -all: rekor-cli rekor-server +all: rekor-cli rekor-server GENSRC = pkg/generated/client/%.go pkg/generated/models/%.go pkg/generated/restapi/%.go OPENAPIDEPS = openapi.yaml $(shell find pkg/types -iname "*.json") @@ -83,6 +83,9 @@ rekor-server: $(SRCS) test: go test ./... +fuzz: + go-fuzz-build ./tests/fuzz/... + clean: rm -rf dist rm -rf hack/tools/bin diff --git a/go.mod b/go.mod index 9d2b09b87..b7b1740d5 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/sigstore/rekor go 1.16 require ( - github.com/AdaLogics/go-fuzz-headers v0.0.0-20211102141018-f7be0cbad29c // indirect + github.com/AdaLogics/go-fuzz-headers v0.0.0-20211102141018-f7be0cbad29c github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d github.com/blang/semver v3.5.1+incompatible github.com/cavaliercoder/badio v0.0.0-20160213150051-ce5280129e9e // indirect @@ -59,7 +59,7 @@ require ( golang.org/x/mod v0.5.1 golang.org/x/net v0.0.0-20210825183410-e898025ed96a golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - golang.org/x/sys v0.0.0-20211111213525-f221eed1c01e // indirect + golang.org/x/sys v0.0.0-20211112193437-faf0a1b62c6b // indirect golang.org/x/tools v0.1.7 // indirect google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 google.golang.org/grpc v1.42.0 diff --git a/go.sum b/go.sum index 7073f2576..bff2f035c 100644 --- a/go.sum +++ b/go.sum @@ -1605,10 +1605,11 @@ golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210909193231-528a39cd75f3 h1:3Ad41xy2WCESpufXwgs7NpDSu+vjxqLt2UFqUV+20bI= golang.org/x/sys v0.0.0-20210909193231-528a39cd75f3/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211111213525-f221eed1c01e h1:zeJt6jBtVDK23XK9QXcmG0FvO0elikp0dYZQZOeL1y0= golang.org/x/sys v0.0.0-20211111213525-f221eed1c01e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211112193437-faf0a1b62c6b h1:uo+9AuR+gDt/gdj+1BaLhdOHsaGI6YU6585IiDcLrFE= +golang.org/x/sys v0.0.0-20211112193437-faf0a1b62c6b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b h1:9zKuko04nR4gjZ4+DNjHqRlAJqbJETHwiNKDqTfOjfE= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1715,7 +1716,6 @@ golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.7 h1:6j8CgantCy3yc8JGBqkDLMKWqZ0RDU2g1HVgacojGWQ= golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=