Add fuzzing test.

openshift · Mar 12, 2018 · 2f89ba9 · 2f89ba9
1 parent 4212252
commit 2f89ba9
Showing 1 changed file with 69 additions and 0 deletions.
diff --git a/pkg/oc/admin/migrate/scc/scc_test.go b/pkg/oc/admin/migrate/scc/scc_test.go
@@ -2,8 +2,11 @@ package scc
 
 import (
 	"reflect"
+	"strings"
 	"testing"
 
+	fuzz "github.com/google/gofuzz"
+
 	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
@@ -117,3 +120,69 @@ func TestConvertSccToClusterRoleBindingWithEmptyUsersAndGroups(t *testing.T) {
 		t.Fatalf("expected nil but got %#v", binding)
 	}
 }
+
+func TestEverythingWithFuzzing(t *testing.T) {
+	fuzzer := createFuzzerForSCC()
+	scc := securityapi.SecurityContextConstraints{}
+
+	for i := 0; i < 100; i++ {
+		fuzzer.Fuzz(&scc)
+
+		_, err := convertSccToPsp(&scc)
+		if err != nil && !knownPossibleError(err) {
+			t.Errorf("unexpected error while creating PSP for SCC: %v\nSCC:\n%#v\n", err, scc)
+		}
+
+		_, err = convertSccToClusterRole(&scc)
+		if err != nil {
+			t.Errorf("unexpected error while creating cluster role for SCC: %v\nSCC:\n%#v\n", err, scc)
+		}
+
+		_, err = convertSccToClusterRoleBinding(&scc)
+		if err != nil {
+			t.Errorf("unexpected error while creating cluster role binding for SCC: %v\nSCC:\n%#v\n", err, scc)
+		}
+	}
+}
+
+func knownPossibleError(err error) bool {
+	msg := err.Error()
+	switch {
+	case strings.HasPrefix(msg, "found RunAsUser with both uid"), strings.HasPrefix(msg, "found RunAsUser with half-filled range"):
+		return true
+	default:
+		return false
+	}
+}
+
+func createFuzzerForSCC() *fuzz.Fuzzer {
+	return fuzz.New().Funcs(func(scc *securityapi.SecurityContextConstraints, c fuzz.Continue) {
+		c.FuzzNoCustom(scc)
+
+		seLinuxTypes := []securityapi.SELinuxContextStrategyType{
+			securityapi.SELinuxStrategyMustRunAs,
+			securityapi.SELinuxStrategyRunAsAny,
+		}
+		scc.SELinuxContext.Type = seLinuxTypes[c.Rand.Intn(len(seLinuxTypes))]
+
+		runAsUserTypes := []securityapi.RunAsUserStrategyType{
+			securityapi.RunAsUserStrategyMustRunAs,
+			securityapi.RunAsUserStrategyMustRunAsNonRoot,
+			securityapi.RunAsUserStrategyMustRunAsRange,
+			securityapi.RunAsUserStrategyRunAsAny,
+		}
+		scc.RunAsUser.Type = runAsUserTypes[c.Rand.Intn(len(runAsUserTypes))]
+
+		supplementalGroupsTypes := []securityapi.SupplementalGroupsStrategyType{
+			securityapi.SupplementalGroupsStrategyMustRunAs,
+			securityapi.SupplementalGroupsStrategyRunAsAny,
+		}
+		scc.SupplementalGroups.Type = supplementalGroupsTypes[c.Rand.Intn(len(supplementalGroupsTypes))]
+
+		fsGroupTypes := []securityapi.FSGroupStrategyType{
+			securityapi.FSGroupStrategyMustRunAs,
+			securityapi.FSGroupStrategyRunAsAny,
+		}
+		scc.FSGroup.Type = fsGroupTypes[c.Rand.Intn(len(fsGroupTypes))]
+	})
+}