Improved container and host policy fuzzer

[prady0t]

Purpose of PR?:

Fixing bugs in fuzzers.
Seed value changed from yaml to json for checking for generation of invalid json inputs. ContainerPolicy and HostPolicy now returns err for generated errors.

[prady0t]

FuzzHostPolicy still needs to be updated based on the review. @daemon1024 would love your reviews here

[prady0t]

Inside FuzzContainerPolicy, I've added a new case :

len(policyEvent.Object.Spec.Selector.MatchLabels) == 0 && res.Status == pb.PolicyStatus_Invalid

Based on https://github.com/kubearmor/KubeArmor/blob/2cfc2e24d13eac6d857ad53723f9bd2025892b95/KubeArmor/core/unorchestratedUpdates.go#L234C13-L234C33

This also solved the error we were getting earlier with this value :

"{\"oBjeCt\":{\"metAdAtA\":{\"nAme\":\"0\"}}}"

There are a few more cases where fuzzer throws PolicyStatus_Invalid status, but are very hard for fuzzers to generate values for such cases.

KubeArmor/KubeArmor/core/unorchestratedUpdates.go

Line 238 in 2cfc2e2

if _, ok := secPolicy.Spec.Selector.MatchLabels["kubearmor.io/container.name"]; ok && len(secPolicy.Spec.Selector.MatchLabels) > 1 {

What do you think of these conditions?

[DelusionalOptimist]

There are a few more cases where fuzzer throws PolicyStatus_Invalid status, but are very hard for fuzzers to generate values for such cases.

@prady0t Can you share more on why it is hard? Is it because it's not possible to add a new label through them or have the enforcer based check?

[prady0t]

Yes because it's hard for fuzzer to generate such conditions. We can still add this condition inside fuzzer if we want