fuzz: introduce continuous fuzzing for Caddy#2723
Conversation
mohammed90
force-pushed
the
v2-fuzz
branch
4 times, most recently
from
229005c to
3f66cb5
Compare
mohammed90
changed the title
mohammed90
force-pushed
the
v2-fuzz
branch
6 times, most recently
from
56f2492 to
71eea0c
Compare
mholt
left a comment
mholt
left a comment
There was a problem hiding this comment.
This is looking pretty good. What's the status of the draft at this point?
fuzz/go.mod
Outdated
| @@ -0,0 +1,10 @@ | |||
| module local.tld/fuzz | |||
There was a problem hiding this comment.
Does the fuzzer need to be its own module? AFAIK, having multiple modules in a repository can cause complications in some cases.
There was a problem hiding this comment.
Unfortunately, yes due to go-fuzz not yet being able to handle modules. Creating another module is a workaround as described by mvdan here. It will not work without it due to SIV /v2.
The only pain points I've been experiencing is the tendency of the tools to automatically adding the go-fuzz module to Caddy's go.mod and adding Caddy v1.0.3 to Caddy v2's go.sum. I had to keep an eye on them and constantly revert them.
There was a problem hiding this comment.
Are we going to have to keep go.mod and go.sum maintained then, you think? Dang, I wish they'd make it work with modules... this might be kind of annoying.
There was a problem hiding this comment.
I'm not sure. Do you think this is a bug? Should it modify the root go.mod and go.sum with dependencies of the submodule?
|
It's ready for review. The only reason it's still marked as draft for now is because it needs one more commit to uncomment a few lines in the |
|
Okay, I have registered the Fuzzit API key with Azure Pipelines and uploaded the targets to Fuzzit. It should be ready to go I think! |
mholt
left a comment
mholt
left a comment
There was a problem hiding this comment.
The pipeline is ready to go. This PR looks good, just uncomment the env var bit and I'll probably approve this PR when the fuzzing works in CI. :)
fuzz/go.mod
Outdated
| @@ -0,0 +1,10 @@ | |||
| module local.tld/fuzz | |||
There was a problem hiding this comment.
Are we going to have to keep go.mod and go.sum maintained then, you think? Dang, I wish they'd make it work with modules... this might be kind of annoying.
mohammed90
force-pushed
the
v2-fuzz
branch
6 times, most recently
from
07a5122 to
c234ac1
Compare
|
Waiting on dvyukov/go-fuzz#263 |
|
Now I guess we're waiting on dvyukov/go-fuzz#274 ? |
For perfect solution? yes, I presume. However, mvdan is in the same boat as us, and he was able to do it without the temporary GOPATH (but still with the submodule) in this commit. I'll fiddle with it again this coming weekend. |
|
I really really don't want to do a submodule. I guess we can wait until they're ready to support modules. |
|
Note for later in case I forget: once go-fuzz gets proper module support, I don't think we'll need the |
|
Now that dvyukov/go-fuzz#274 is merged, I would be curious to hear if it works for you. ;-) |
| - job: fuzzing | ||
| displayName: 'Scheduled Fuzzing' | ||
| # Only run this job on schedules, not PRs. | ||
| condition: eq(variables['Build.Reason'], 'Schedule') |
There was a problem hiding this comment.
Azure Pipelines doesn't seem to support having a particular job on schedule while others triggered on PR, hence the condition.
|
@thepudds the latest |
mohammed90
changed the title
|
Great! Thanks so much for all the work you put into this, @mohammed90 ! |
3 participants
1. What does this change do, exactly?
Introduce fuzzers to Caddy's codebase for continuous fuzzing on CI. Closes #2710 .
2. Please link to the relevant issues.
#2710
3. Which documentation changes (if any) need to be made because of this PR?
N/A
4. Checklist