clusterfuzzlite: pin dependencies, update dictionary, fix fuzz server (…

…#2785)

* clusterfuzzlite: pin dependencies, update dictionary, fix fuzz server performance.

Signed-off-by: Sepehrdad Sh <26747519+sepehrdaddev@users.noreply.github.com>

* clusterfuzzlite: enable parallel fuzzing

Signed-off-by: Sepehrdad Sh <26747519+sepehrdaddev@users.noreply.github.com>

---------

Signed-off-by: Sepehrdad Sh <26747519+sepehrdaddev@users.noreply.github.com>

.clusterfuzzlite/Dockerfile

@@ -1,4 +1,4 @@
-FROM gcr.io/oss-fuzz-base/base-builder-go
+FROM gcr.io/oss-fuzz-base/base-builder-go@sha256:f7970e735dcd3c5f360ae92b40a20414d70ef3b534ff6f3566dcad1b1cb2ec4c
 
 COPY . $SRC/skipper
 COPY ./.clusterfuzzlite/build.sh $SRC/

.github/workflows/cflite_pr.yaml

@@ -18,17 +18,18 @@ jobs:
     steps:
     - name: Build Fuzzers (${{ matrix.sanitizer }})
       id: build
-      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
       with:
         language: go
         github-token: ${{ secrets.GITHUB_TOKEN }}
         sanitizer: ${{ matrix.sanitizer }}
     - name: Run Fuzzers (${{ matrix.sanitizer }})
       id: run
-      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      uses: google/clusterfuzzlite/actions/run_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
         fuzz-seconds: 300
         mode: 'code-change'
         sanitizer: ${{ matrix.sanitizer }}
         output-sarif: true
+        parallel-fuzzing: true

fuzz/dictionaries/FuzzParseEskip.dict

@@ -1,188 +1,193 @@
-"&&"
-"*"
-"->"
-")"
-":"
-","
-"("
-";"
-"<shunt>"
-"<loopback>"
-"<dynamic>"
-"<"
-">"
-"backendIsProxy"
-"modRequestHeader"
-"setRequestHeader"
-"appendRequestHeader"
-"dropRequestHeader"
-"modResponseHeader"
-"setResponseHeader"
-"appendResponseHeader"
-"dropResponseHeader"
-"setContextRequestHeader"
+"absorb"
+"absorbSilent"
+"admissionControl"
+"After"
+"apiUsageMonitoring"
 "appendContextRequestHeader"
-"setContextResponseHeader"
 "appendContextResponseHeader"
+"appendRequestHeader"
+"appendResponseHeader"
+"auditLog"
+"backendBandwidth"
+"backendChunks"
+"backendIsProxy"
+"backendLatency"
+"backendRatelimit"
+"backendTimeout"
+"bandwidth"
+"basicAuth"
+"bearerinjector"
+"Before"
+"Between"
+"blockContent"
+"blockContentHex"
+"chunks"
+"ClientIP"
+"clientRatelimit"
+"clusterClientRatelimit"
+"clusterLeakyBucketRatelimit"
+"clusterRatelimit"
+"compress"
+"consecutiveBreaker"
+"consistentHashBalanceFactor"
+"consistentHashKey"
+"ContentLengthBetween"
+"Cookie"
 "copyRequestHeader"
 "copyResponseHeader"
-"modPath"
-"setPath"
-"redirectTo"
-"redirectToLower"
-"static"
-"stripQuery"
-"preserveHost"
-"status"
-"compress"
+"corsOrigin"
+"Cron"
 "decompress"
-"setQuery"
+"disableAccessLog"
+"disableBreaker"
+"disableRatelimit"
 "dropQuery"
+"dropRequestCookie"
+"dropRequestHeader"
+"dropResponseCookie"
+"dropResponseHeader"
+"enableAccessLog"
+"endpointCreated"
+"errors"
+"fadeIn"
+"False"
+"fifo"
+"fifoWithBody"
+"flowId"
+"ForwardedHost"
+"ForwardedProtocol"
+"forwardToken"
+"forwardTokenField"
+"grantCallback"
+"grantClaimsQuery"
+"grantLogout"
+"Header"
+"HeaderRegexp"
+"HeaderSHA256"
+"headerToQuery"
+"healthcheck"
+"histogramRequestLatency"
+"histogramResponseLatency"
+"Host"
+"HostAny"
 "inlineContent"
 "inlineContentIfStatus"
-"flowId"
-"xforward"
-"xforwardFirst"
-"randomContent"
-"repeatContent"
-"repeatContentHex"
-"wrapContent"
-"wrapContentHex"
-"backendTimeout"
-"readTimeout"
-"writeTimeout"
-"blockContent"
-"blockContentHex"
+"invalid predicate parameters"
+"jsCookie"
+"JWTPayloadAllKV"
+"JWTPayloadAllKVRegexp"
+"JWTPayloadAnyKV"
+"JWTPayloadAnyKVRegexp"
+"jwtValidation"
 "latency"
-"bandwidth"
-"chunks"
-"backendLatency"
-"backendBandwidth"
-"backendChunks"
-"absorb"
-"absorbSilent"
-"uniformRequestLatency"
-"uniformResponseLatency"
+"lifo"
+"lifoGroup"
+"logHeader"
+"lua"
+"Method"
+"Methods"
+"modPath"
+"modRequestHeader"
+"modResponseHeader"
 "normalRequestLatency"
 "normalResponseLatency"
-"histogramRequestLatency"
-"histogramResponseLatency"
-"logHeader"
-"tee"
-"teenf"
-"teeLoopback"
-"sed"
-"sedDelim"
-"sedRequest"
-"sedRequestDelim"
-"basicAuth"
-"webhook"
-"oauthTokeninfoAnyScope"
+"oauthGrant"
+"oauthOidcAllClaims"
+"oauthOidcAnyClaims"
+"oauthOidcUserInfo"
+"oauthTokeninfoAllKV"
 "oauthTokeninfoAllScope"
 "oauthTokeninfoAnyKV"
-"oauthTokeninfoAllKV"
-"oauthTokenintrospectionAnyClaims"
+"oauthTokeninfoAnyScope"
 "oauthTokenintrospectionAllClaims"
-"oauthTokenintrospectionAnyKV"
 "oauthTokenintrospectionAllKV"
-"secureOauthTokenintrospectionAnyClaims"
-"secureOauthTokenintrospectionAllClaims"
-"secureOauthTokenintrospectionAnyKV"
-"secureOauthTokenintrospectionAllKV"
-"forwardToken"
-"forwardTokenField"
-"oauthGrant"
-"grantCallback"
-"grantLogout"
-"grantClaimsQuery"
-"jwtValidation"
-"oauthOidcUserInfo"
-"oauthOidcAnyClaims"
-"oauthOidcAllClaims"
+"oauthTokenintrospectionAnyClaims"
+"oauthTokenintrospectionAnyKV"
 "oidcClaimsQuery"
-"dropRequestCookie"
-"dropResponseCookie"
-"requestCookie"
-"responseCookie"
-"jsCookie"
-"consecutiveBreaker"
+"opaAuthorizeRequest"
+"opaServeResponse"
+"originMarker"
+"Path"
+"PathRegexp"
+"PathSubtree"
+"preserveHost"
+"QueryParam"
+"queryToHeader"
+"randomContent"
 "rateBreaker"
-"disableBreaker"
-"admissionControl"
-"clientRatelimit"
 "ratelimit"
-"clusterClientRatelimit"
-"clusterRatelimit"
-"clusterLeakyBucketRatelimit"
-"backendRatelimit"
 "ratelimitFailClosed"
-"lua"
-"corsOrigin"
-"headerToQuery"
-"queryToHeader"
-"disableAccessLog"
-"enableAccessLog"
-"auditLog"
-"unverifiedAuditLog"
-"setDynamicBackendHostFromHeader"
-"setDynamicBackendSchemeFromHeader"
-"setDynamicBackendUrlFromHeader"
+"readTimeout"
+"redirectTo"
+"redirectToLower"
+"repeatContent"
+"repeatContentHex"
+"requestCookie"
+"responseCookie"
+"rfcHost"
+"rfcPath"
+"secureOauthTokenintrospectionAllClaims"
+"secureOauthTokenintrospectionAllKV"
+"secureOauthTokenintrospectionAnyClaims"
+"secureOauthTokenintrospectionAnyKV"
+"sed"
+"sedDelim"
+"sedRequest"
+"sedRequestDelim"
+"setContextRequestHeader"
+"setContextResponseHeader"
 "setDynamicBackendHost"
+"setDynamicBackendHostFromHeader"
 "setDynamicBackendScheme"
+"setDynamicBackendSchemeFromHeader"
 "setDynamicBackendUrl"
-"apiUsageMonitoring"
-"fifo"
-"lifo"
-"lifoGroup"
-"rfcPath"
-"rfcHost"
-"bearerinjector"
-"tracingBaggageToTag"
-"stateBagToTag"
-"tracingTag"
-"tracingTagFromResponse"
-"tracingSpanName"
-"originMarker"
-"fadeIn"
-"endpointCreated"
-"consistentHashKey"
-"consistentHashBalanceFactor"
-"opaAuthorizeRequest"
-"opaServeResponse"
-"healthcheck"
+"setDynamicBackendUrlFromHeader"
 "setFastCgiFilename"
-"disableRatelimit"
-"unknownRatelimit"
-"Path"
-"PathSubtree"
-"PathRegexp"
-"Host"
-"HostAny"
-"ForwardedHost"
-"ForwardedProtocol"
-"Weight"
-"True"
-"False"
+"setPath"
+"setQuery"
+"setRequestHeader"
+"setRequestHeaderFromSecret"
+"setResponseHeader"
 "Shutdown"
-"Method"
-"Methods"
-"Header"
-"HeaderRegexp"
-"Cookie"
-"JWTPayloadAnyKV"
-"JWTPayloadAllKV"
-"JWTPayloadAnyKVRegexp"
-"JWTPayloadAllKVRegexp"
-"HeaderSHA256"
-"After"
-"Before"
-"Between"
-"Cron"
-"QueryParam"
 "Source"
 "SourceFromLast"
-"ClientIP"
+"stateBagToTag"
+"static"
+"status"
+"stripQuery"
+"tarpit"
+"tee"
 "Tee"
+"teeLoopback"
+"teenf"
+"tracingBaggageToTag"
+"tracingSpanName"
+"tracingTag"
+"tracingTagFromResponse"
 "Traffic"
 "TrafficSegment"
-"ContentLengthBetween"
+"True"
+"uniformRequestLatency"
+"uniformResponseLatency"
+"unknownRatelimit"
+"unverifiedAuditLog"
+"webhook"
+"Weight"
+"wrapContent"
+"wrapContentHex"
+"writeTimeout"
+"xforward"
+"xforwardFirst"
+"&&"
+"("
+")"
+"*"
+","
+"->"
+":"
+";"
+"<"
+">"
+"<dynamic>"
+"<loopback>"
+"<shunt>"

fuzz/fuzz_targets/FuzzServer.go

@@ -21,7 +21,7 @@ var (
 )
 
 func find_address() (string, error) {
-	l, err := net.ListenTCP("tcp", &net.TCPAddr{})
+	l, err := net.ListenTCP("tcp", &net.TCPAddr{IP: net.ParseIP("127.0.0.1")})
 
 	if err != nil {
 		return "", err
@@ -61,7 +61,7 @@ func run_server() {
 	cfg.AccessLogDisabled = true
 	cfg.ApplicationLog = "/dev/null"
 	cfg.Address = addr
-	cfg.SupportListener = ":0"
+	cfg.SupportListener = "127.0.0.1:0"
 
 	go func() {
 		log.Fatal(skipper.Run(cfg.ToOptions()))