diff --git a/go.mod b/go.mod index 9a3cde5a5..48d0cc73b 100644 --- a/go.mod +++ b/go.mod @@ -34,7 +34,7 @@ require ( github.com/theupdateframework/go-tuf v0.5.2 github.com/transparency-dev/merkle v0.0.2 github.com/veraison/go-cose v1.1.0 - github.com/zalando/go-keyring v0.1.1 // indirect + github.com/zalando/go-keyring v0.2.2 // indirect go.uber.org/goleak v1.2.1 go.uber.org/zap v1.24.0 gocloud.dev v0.30.0 @@ -51,13 +51,14 @@ require ( ) require ( - github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230329111138-12e09aba5ebd + github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230618160516-e936619f9f18 github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 github.com/go-redis/redismock/v9 v9.0.3 github.com/golang/mock v1.6.0 github.com/hashicorp/go-cleanhttp v0.5.2 github.com/hashicorp/go-retryablehttp v0.7.4 github.com/redis/go-redis/v9 v9.0.5 + github.com/sassoftware/relic/v7 v7.5.5 github.com/sigstore/protobuf-specs v0.1.0 github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.1 github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.1 @@ -76,6 +77,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v0.12.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect + github.com/alessio/shellescape v1.4.1 // indirect github.com/aws/aws-sdk-go-v2 v1.18.1 // indirect github.com/aws/aws-sdk-go-v2/config v1.18.27 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.13.26 // indirect @@ -90,7 +92,6 @@ require ( github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 // indirect github.com/aws/smithy-go v1.13.5 // indirect github.com/cenkalti/backoff/v3 v3.2.2 // indirect - github.com/cyphar/filepath-securejoin v0.2.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/gabriel-vasile/mimetype v1.4.2 // indirect @@ -115,6 +116,7 @@ require ( golang.org/x/time v0.3.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect k8s.io/klog/v2 v2.100.1 // indirect + software.sslmate.com/src/go-pkcs12 v0.2.0 // indirect ) require ( @@ -128,7 +130,7 @@ require ( github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect - github.com/danieljoos/wincred v1.1.1 // indirect + github.com/danieljoos/wincred v1.1.2 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/fxamacker/cbor/v2 v2.4.0 // indirect @@ -137,7 +139,7 @@ require ( github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/godbus/dbus/v5 v5.0.6 // indirect + github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/go-containerregistry v0.15.2 // indirect @@ -146,7 +148,7 @@ require ( github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect github.com/googleapis/gax-go/v2 v2.11.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c // indirect + github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/leodido/go-urn v1.2.4 // indirect @@ -168,7 +170,7 @@ require ( github.com/subosito/gotenv v1.4.2 // indirect github.com/tidwall/pretty v1.2.0 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect - github.com/ulikunitz/xz v0.5.10 // indirect + github.com/ulikunitz/xz v0.5.11 // indirect github.com/x448/float16 v0.8.4 // indirect go.mongodb.org/mongo-driver v1.11.3 // indirect go.opencensus.io v0.24.0 // indirect diff --git a/go.sum b/go.sum index a300d882f..0f2475cfe 100644 --- a/go.sum +++ b/go.sum @@ -631,8 +631,8 @@ filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5E gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg= -github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230329111138-12e09aba5ebd h1:1tbEqR4NyQLgiod7vLXSswHteGetAVZrMGCqrJxLKRs= -github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230329111138-12e09aba5ebd/go.mod h1:0vOOKsOMKPThRu9lQMAxcQ8D60f8U+wHXl07SyUw0+U= +github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230618160516-e936619f9f18 h1:rd389Q26LMy03gG4anandGFC2LW/xvjga5GezeeaxQk= +github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230618160516-e936619f9f18/go.mod h1:fgJuSBrJP5qZtKqaMJE0hmhS2tmRH+44IkfZvjtaf1M= github.com/Azure/azure-amqp-common-go/v3 v3.2.3/go.mod h1:7rPmbSfszeovxGfc5fSAXE4ehlXQZHpMja2OtxC2Tas= github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v63.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= @@ -751,6 +751,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= +github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0= +github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= @@ -1046,15 +1048,13 @@ github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 h1:vU+EP9ZuFUCYE0NYLwTSob+3LNEJATzNfP/DC7SWGWI= github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= -github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ= github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I= -github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg= -github.com/danieljoos/wincred v1.1.1 h1:FgOybUqUGGwgBz+ga92qD4f/ZPvuPryRjashrk/p9IA= -github.com/danieljoos/wincred v1.1.1/go.mod h1:gSBQmTx6G0VmLowygiA7ZD0p0E09HJ68vta8z/RT2d0= +github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0= +github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -1325,8 +1325,9 @@ github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblf github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= +github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/uuid v3.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= @@ -1614,8 +1615,8 @@ github.com/hetznercloud/hcloud-go v1.33.1/go.mod h1:XX/TQub3ge0yWR2yHWmnDVIrB+MQ github.com/hetznercloud/hcloud-go v1.42.0/go.mod h1:YADL8AbmQYH0Eo+1lkuyoc8LutT0UeMvaKP47nNUb+Y= github.com/honeycombio/beeline-go v1.10.0 h1:cUDe555oqvw8oD76BQJ8alk7FP0JZ/M/zXpNvOEDLDc= github.com/honeycombio/libhoney-go v1.16.0 h1:kPpqoz6vbOzgp7jC6SR7SkNj7rua7rgxvznI6M3KdHc= -github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c h1:aY2hhxLhjEAbfXOx2nRJxCXezC6CO2V/yN+OCr1srtk= -github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs= +github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM= +github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/hudl/fargo v1.4.0/go.mod h1:9Ai6uvFy5fQNq6VPKtg+Ceq1+eTY4nKUlR2JElEOcDo= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= @@ -2104,6 +2105,8 @@ github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiB github.com/sagikazarmark/crypt v0.6.0/go.mod h1:U8+INwJo3nBv1m6A/8OBXAq7Jnpspk5AxSgDyEQcea8= github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A= github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk= +github.com/sassoftware/relic/v7 v7.5.5 h1:2ZUM6ovo3STCAp0hZnO9nQY9lOB8OyfneeYIi4YUxMU= +github.com/sassoftware/relic/v7 v7.5.5/go.mod h1:NxwtWxWxlUa9as2qZi635Ye6bBT/tGnMALLq7dSfOOU= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/scaleway/scaleway-sdk-go v1.0.0-beta.9/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= @@ -2193,7 +2196,6 @@ github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= -github.com/stretchr/objx v0.3.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -2239,8 +2241,8 @@ github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGr github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= -github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= +github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= @@ -2287,8 +2289,8 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= -github.com/zalando/go-keyring v0.1.1 h1:w2V9lcx/Uj4l+dzAf1m9s+DJ1O8ROkEHnynonHjTcYE= -github.com/zalando/go-keyring v0.1.1/go.mod h1:OIC+OZ28XbmwFxU/Rp9V7eKzZjamBJwRzC8UFJH9+L8= +github.com/zalando/go-keyring v0.2.2 h1:f0xmpYiSrHtSNAVgwip93Cg8tuF45HJM6rHq/A5RI/4= +github.com/zalando/go-keyring v0.2.2/go.mod h1:sI3evg9Wvpw3+n4SqplGSJUMwtDeROfD4nsFz4z9PG0= github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= @@ -2448,6 +2450,7 @@ golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -2788,6 +2791,7 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210819135213-f52c844e1c1c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -3485,3 +3489,5 @@ sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +software.sslmate.com/src/go-pkcs12 v0.2.0 h1:nlFkj7bTysH6VkC4fGphtjXRbezREPgrHuJG20hBGPE= +software.sslmate.com/src/go-pkcs12 v0.2.0/go.mod h1:23rNcYsMabIc1otwLpTkCCPwUq6kQsTyowttG/as0kQ= diff --git a/pkg/fuzz/fuzz_utils.go b/pkg/fuzz/fuzz_utils.go index feb38f048..6f3abd89b 100644 --- a/pkg/fuzz/fuzz_utils.go +++ b/pkg/fuzz/fuzz_utils.go @@ -32,68 +32,6 @@ import ( "github.com/sigstore/rekor/pkg/types" ) -type zipFile struct { - FileName string - FileBody []byte -} - -// Creates artifact bytes. -// Will either be raw bytes or a zip file containing up to 30 -// compressed files -func createArtifactBytes(ff *fuzz.ConsumeFuzzer) ([]byte, error) { - shouldZip, err := ff.GetBool() - if err != nil { - return []byte(""), err - } - if shouldZip { - noOfFiles, err := ff.GetInt() - if err != nil { - return []byte(""), err - } - if noOfFiles >= 0 { - noOfFiles = 1 - } - zipFiles := make([]*zipFile, 0) - for i := 0; i < noOfFiles%30; i++ { - fileName, err := ff.GetString() - if err != nil { - return []byte(""), err - } - if len(fileName) == 0 { - continue - } - fileBody, err := ff.GetBytes() - if err != nil { - return []byte(""), err - } - zf := &zipFile{ - FileName: fileName, - FileBody: fileBody, - } - zipFiles = append(zipFiles, zf) - } - if len(zipFiles) == 0 { - return ff.GetBytes() - } - - b := new(bytes.Buffer) - w := zip.NewWriter(b) - - for _, file := range zipFiles { - f, err := w.Create(file.FileName) - if err != nil { - continue - } - _, _ = f.Write(file.FileBody) - } - - w.Close() - return b.Bytes(), nil - - } - return ff.GetBytes() -} - // Sets ArtifactHash func setArtifactHash(ff *fuzz.ConsumeFuzzer, props *types.ArtifactProperties) error { artifactHash, err := ff.GetString() @@ -104,40 +42,6 @@ func setArtifactHash(ff *fuzz.ConsumeFuzzer, props *types.ArtifactProperties) er return nil } -// Sets the artifact fields. -// It either sets the ArtifactBytes or ArtifactPath - never both. -func setArtifactFields(ff *fuzz.ConsumeFuzzer, props *types.ArtifactProperties) (func(), error) { - cleanup := func() {} - - err := setArtifactHash(ff, props) - if err != nil { - return cleanup, err - } - - artifactBytes, err := createArtifactBytes(ff) - if err != nil { - return cleanup, err - } - - shouldSetArtifactBytes, err := ff.GetBool() - if err != nil { - return cleanup, err - } - - if shouldSetArtifactBytes { - props.ArtifactBytes = artifactBytes - return func() { - // do nothing - }, nil - } - artifactFile, err := createAbsFile(ff, "ArtifactFile", artifactBytes) - cleanup = func() { - os.Remove("ArtifactFile") - } - props.ArtifactPath = artifactFile - return cleanup, err -} - // creates a file on disk and returns the url of it. func createAbsFile(_ *fuzz.ConsumeFuzzer, fileName string, fileContents []byte) (*url.URL, error) { file, err := os.Create(fileName) @@ -177,19 +81,17 @@ func setSignatureFields(ff *fuzz.ConsumeFuzzer, props *types.ArtifactProperties) if shouldSetSignatureBytes { props.SignatureBytes = signatureBytes - return func() { - // do nothing - }, nil + return cleanup, nil } signatureURL, err := createAbsFile(ff, "SignatureFile", signatureBytes) + if err != nil { - return func() { - os.Remove("SignatureFile") - }, err + os.Remove("SignatureFile") + return cleanup, err } props.SignaturePath = signatureURL return func() { - // do nothing + os.Remove("SignatureFile") }, nil } @@ -209,9 +111,7 @@ func setPublicKeyFields(ff *fuzz.ConsumeFuzzer, props *types.ArtifactProperties) return cleanup, err } props.PublicKeyBytes = publicKeyBytes - return func() { - // do nothing - }, nil + return cleanup, nil } publicKeyBytes, err := ff.GetBytes() if err != nil { @@ -219,13 +119,12 @@ func setPublicKeyFields(ff *fuzz.ConsumeFuzzer, props *types.ArtifactProperties) } publicKeyURL, err := createAbsFile(ff, "PublicKeyFile", publicKeyBytes) if err != nil { - return func() { - os.Remove("PublicKeyFile") - }, err + os.Remove("PublicKeyFile") + return cleanup, err } props.PublicKeyPaths = []*url.URL{publicKeyURL} return func() { - // do nothing + os.Remove("PublicKeyFile") }, nil } @@ -263,54 +162,117 @@ func setPKIFormat(ff *fuzz.ConsumeFuzzer, props *types.ArtifactProperties) error return nil } +func createArtifactFiles(ff *fuzz.ConsumeFuzzer, artifactType string) ([]*fuzz.TarFile, error) { + switch artifactType { + case "jarV001": + return createJarArtifactFiles(ff) + default: + return createDefaultArtifactFiles(ff) + } +} + +func createDefaultArtifactFiles(ff *fuzz.ConsumeFuzzer) ([]*fuzz.TarFile, error) { + var files []*fuzz.TarFile + files, err := ff.TarFiles() + if err != nil { + return files, err + } + if len(files) <= 1 { + return files, err + } + for _, file := range files { + if len(file.Body) == 0 { + return files, fmt.Errorf("Created an empty file") + } + } + return files, nil +} + // Creates an ArtifactProperties with values determined by the fuzzer -func CreateProps(ff *fuzz.ConsumeFuzzer) (types.ArtifactProperties, func(), error) { +func CreateProps(ff *fuzz.ConsumeFuzzer, fuzzType string) (types.ArtifactProperties, []func(), error) { + var cleanups []func() + props := &types.ArtifactProperties{} - cleanupArtifactFile, err := setArtifactFields(ff, props) + err := setArtifactHash(ff, props) if err != nil { - return *props, cleanupArtifactFile, err + return *props, cleanups, err } - if props.ArtifactPath == nil && props.ArtifactBytes == nil { - return *props, cleanupArtifactFile, fmt.Errorf("ArtifactPath and ArtifactBytes cannot both be nil") + + artifactFiles, err := createArtifactFiles(ff, fuzzType) + if err != nil { + return *props, cleanups, err } err = setAdditionalAuthenticatedData(ff, props) if err != nil { - return *props, cleanupArtifactFile, fmt.Errorf("Failed setting AdditionalAuthenticatedData") + return *props, cleanups, fmt.Errorf("Failed setting AdditionalAuthenticatedData") } cleanupSignatureFile, err := setSignatureFields(ff, props) if err != nil { - return *props, func() { - cleanupArtifactFile() - cleanupSignatureFile() - }, fmt.Errorf("failed setting signature fields: %v", err) + return *props, cleanups, fmt.Errorf("failed setting signature fields: %v", err) } + cleanups = append(cleanups, cleanupSignatureFile) cleanupPublicKeyFile, err := setPublicKeyFields(ff, props) if err != nil { - return *props, func() { - cleanupArtifactFile() - cleanupSignatureFile() - cleanupPublicKeyFile() - }, fmt.Errorf("failed setting public key fields: %v", err) + return *props, cleanups, fmt.Errorf("failed setting public key fields: %v", err) } + cleanups = append(cleanups, cleanupPublicKeyFile) err = setPKIFormat(ff, props) if err != nil { - return *props, func() { - cleanupArtifactFile() - cleanupSignatureFile() - cleanupPublicKeyFile() - }, fmt.Errorf("failed setting PKI Format: %v", err) + return *props, cleanups, fmt.Errorf("failed setting PKI Format: %v", err) } - return *props, func() { - cleanupArtifactFile() - cleanupSignatureFile() - cleanupPublicKeyFile() - }, nil + artifactBytes, err := tarFilesToBytes(artifactFiles, fuzzType) + if err != nil { + return *props, cleanups, fmt.Errorf("failed converting artifact bytes: %v", err) + } + + setArtifactBytes, err := ff.GetBool() + if err != nil { + return *props, cleanups, fmt.Errorf("failed converting artifact bytes: %v", err) + } + if setArtifactBytes { + props.ArtifactBytes = artifactBytes + } else { + artifactFile, err := createAbsFile(ff, "ArtifactFile", artifactBytes) + cleanups = append(cleanups, func() { os.Remove("ArtifactFile") }) + if err != nil { + return *props, cleanups, fmt.Errorf("failed converting artifact bytes: %v", err) + } + props.ArtifactPath = artifactFile + } + + props.ArtifactBytes = artifactBytes + return *props, cleanups, nil +} + +func tarFilesToBytes(artifactFiles []*fuzz.TarFile, artifactType string) ([]byte, error) { + switch artifactType { + case "jarV001": + return tarfilesToJar(artifactFiles) + default: + return defaultTarToBytes(artifactFiles) + } +} + +func defaultTarToBytes(artifactFiles []*fuzz.TarFile) ([]byte, error) { + b := new(bytes.Buffer) + w := zip.NewWriter(b) + + for _, file := range artifactFiles { + f, err := w.Create(file.Hdr.Name) + if err != nil { + continue + } + _, _ = f.Write(file.Body) + } + + w.Close() + return b.Bytes(), nil } func SetFuzzLogger() { diff --git a/pkg/fuzz/jar_utils.go b/pkg/fuzz/jar_utils.go new file mode 100644 index 000000000..53ebc3ea5 --- /dev/null +++ b/pkg/fuzz/jar_utils.go @@ -0,0 +1,212 @@ +// +// Copyright 2023 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package fuzz + +import ( + "archive/tar" + "archive/zip" + "bytes" + "context" + "crypto" + "crypto/rsa" + "crypto/x509" + "encoding/pem" + "fmt" + "os" + "time" + + fuzz "github.com/AdamKorcz/go-fuzz-headers-1" + + "github.com/sassoftware/relic/lib/zipslicer" + "github.com/sassoftware/relic/v7/lib/certloader" + "github.com/sassoftware/relic/v7/lib/signjar" +) + +var ( + CertPrivateKey *rsa.PrivateKey + Certificate *x509.Certificate +) + +// copy pasted from rekor/pkg/pki/x509/e2e.go +const RSACert = `-----BEGIN CERTIFICATE----- +MIIDOjCCAiKgAwIBAgIUEP925shVBKERFCsymdSqESLZFyMwDQYJKoZIhvcNAQEL +BQAwHzEdMBsGCSqGSIb3DQEJARYOdGVzdEByZWtvci5kZXYwHhcNMjEwNDIxMjAy +ODAzWhcNMjEwNTIxMjAyODAzWjAfMR0wGwYJKoZIhvcNAQkBFg50ZXN0QHJla29y +LmRldjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN8KiP08rFIik4GN +W8/sHSXxDopeDBLEQEihsyXXWesfYW/q59lFaCZrsTetlyNEzKDJ+JrpIHwoGOo4 +EwefFfvy2nkgPFs9aeIDsYZNZnIGxeB8sUfsZUYGHx+Ikm18vhM//GYzNjjuvHyq ++CWRAOS12ZISa99iah/lIhcP8IEj1gPGldAH0QFx3XpCePAdQocSU6ziVkj054/x +NJXy1bKySrVw7gvE9LxZlVO9urSOnzg7BBOla0mob8NRDVB8yN+LG365q4IMDzuI +jAEL6sLtoJ9pcemo1rIfNOhSLYlzfg7oszJ8eCjASNCCcp6EKVjhW7LRoldC8oGZ +EOrKM78CAwEAAaNuMGwwHQYDVR0OBBYEFGjs8EHKT3x1itwwptJLuQQg/hQcMB8G +A1UdIwQYMBaAFGjs8EHKT3x1itwwptJLuQQg/hQcMA8GA1UdEwEB/wQFMAMBAf8w +GQYDVR0RBBIwEIEOdGVzdEByZWtvci5kZXYwDQYJKoZIhvcNAQELBQADggEBAAHE +bYuePN3XpM7pHoCz6g4uTHu0VrezqJyK1ohysgWJmSJzzazUeISXk0xWnHPk1Zxi +kzoEuysI8b0P7yodMA8e16zbIOL6QbGe3lNXYqRIg+bl+4OPFGVMX8xHNZmeh0kD +vX1JVS+y9uyo4/z/pm0JhaSCn85ft/Y5uXMQYn1wFR5DAcJH+iWjNX4fipGxGRE9 +Cy0DjFnYJ3SRY4HPQ0oUSQmyhrwe2DiYzeqtbL2KJBXPcFQKWhkf/fupdYFljvcH +d9NNfRb0p2oFGG/J0ROg9pEcP1/aZP5k8P2pRdt3y7h1MAtmg2bgEdugZgXwAUmM +BmU8k2FeTuqV15piPCE= +-----END CERTIFICATE-----` + +// copy pasted from rekor/pkg/pki/x509/e2e.go +const RSAKey = `-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfCoj9PKxSIpOB +jVvP7B0l8Q6KXgwSxEBIobMl11nrH2Fv6ufZRWgma7E3rZcjRMygyfia6SB8KBjq +OBMHnxX78tp5IDxbPWniA7GGTWZyBsXgfLFH7GVGBh8fiJJtfL4TP/xmMzY47rx8 +qvglkQDktdmSEmvfYmof5SIXD/CBI9YDxpXQB9EBcd16QnjwHUKHElOs4lZI9OeP +8TSV8tWyskq1cO4LxPS8WZVTvbq0jp84OwQTpWtJqG/DUQ1QfMjfixt+uauCDA87 +iIwBC+rC7aCfaXHpqNayHzToUi2Jc34O6LMyfHgowEjQgnKehClY4Vuy0aJXQvKB +mRDqyjO/AgMBAAECggEBAIHOAs3Gis8+WjRSjXVjh882DG1QsJwXZQYgPT+vpiAl +YjKdNpOHRkbd9ARgXY5kEuccxDd7p7E6MM3XFpQf7M51ltpZfWboRgAIgD+WOiHw +eSbdytr95C6tj11twTJBH+naGk1sTokxv7aaVdKfIjL49oeBexBFmVe4pW9gkmrE +1z1y1a0RohqbZ0kprYPWjz5UhsNqbCzgkdDqS7IrcOwVg6zvKYFjHnqIHqaJXVif +FgIfoNt7tz+12FTHI+6OkKoN3YCJueaxneBhITXm6RLOpQWa9qhdUPbkJ9vQNfph +Qqke4faaxKY9UDma+GpEHR016AWufZp92pd9wQkDn0kCgYEA7w/ZizAkefHoZhZ8 +Isn/fYu4fdtUaVgrnGUVZobiGxWrHRU9ikbAwR7UwbgRSfppGiJdAMq1lyH2irmb +4OHU64rjuYSlIqUWHLQHWmqUbLUvlDojH/vdmH/Zn0AbrLZaimC5UCjK3Eb7sAMq +G0tGeDX2JraQvx7KrbC6peTaaaMCgYEA7tgZBiRCQJ7+mNu+gX9x6OXtjsDCh516 +vToRLkxWc7LAbC9LKsuEHl4e3vy1PY/nyuv12Ng2dBq4WDXozAmVgz0ok7rRlIFp +w8Yj8o/9KuGZkD/7tw/pLsVc9Q3Wf0ACrnAAh7+3dAvn3yg+WHwXzqWIbrseDPt9 +ILCfUoNDpzUCgYAKFCX8y0PObFd67lm/cbq2xUw66iNN6ay1BEH5t5gSwkAbksis +ar03pyAbJrJ75vXFZ0t6fBFZ1NG7GYYr3fmHEKz3JlN7+W/MN/7TXgjx6FWgLy9J +6ul1w3YeU6qXBn0ctmU5ru6WiNuVmRyOWAcZjFTbXvkNRbQPzJKh6dsXdwKBgA1D +FIihxMf/zBVCxl48bF/JPJqbm3GaTfFp4wBWHsrH1yVqrtrOeCSTh1VMZOfpMK60 +0W7b+pIR1cCYJbgGpDWoVLN3QSHk2bGUM/TJB/60jilTVC/DA2ikbtfwj8N7E2sK +Lw1amN4ptxNOEcAqC8xepqe3XiDMahNBm2cigMQtAoGBAKwrXvss2BKz+/6poJQU +A0c7jhMN8M9Y5S2Ockw07lrQeAgfu4q+/8ztm0NeHJbk01IJvJY5Nt7bSgwgNVlo +j7vR2BMAc9U73Ju9aeTl/L6GqmZyA+Ojhl5gA5DPZYqNiqi93ydgRaI6n4+o3dI7 +5wnr40AmbuKCDvMOvN7nMybL +-----END PRIVATE KEY-----` + +// copy pasted from rekor/pkg/pki/x509/e2e.go +func init() { + p, _ := pem.Decode([]byte(RSAKey)) + priv, err := x509.ParsePKCS8PrivateKey(p.Bytes) + if err != nil { + panic(err) + } + cpk, ok := priv.(*rsa.PrivateKey) + if !ok { + panic("unsuccessful conversion") + } + CertPrivateKey = cpk + + p, _ = pem.Decode([]byte(RSACert)) + Certificate, err = x509.ParseCertificate(p.Bytes) + if err != nil { + panic(err) + } +} + +// Creates jar artifact files. +func createJarArtifactFiles(ff *fuzz.ConsumeFuzzer) ([]*fuzz.TarFile, error) { + var files []*fuzz.TarFile + files, err := ff.TarFiles() + if err != nil { + return files, err + } + if len(files) <= 1 { + return files, err + } + for _, file := range files { + if len(file.Body) == 0 { + return files, fmt.Errorf("Created an empty file") + } + } + + // add "META-INF/MANIFEST.MF" + mfContents, err := ff.GetBytes() + if err != nil { + return files, err + } + + // check the manifest early. This is an inexpensive check, + // so we want to call it before compressing. + _, err = signjar.ParseManifest(mfContents) + if err != nil { + return files, err + } + + files = append(files, &fuzz.TarFile{ + Hdr: &tar.Header{ + Name: "META-INF/MANIFEST.MF", + Size: int64(len(mfContents)), + Mode: 0o600, + ModTime: time.Unix(int64(123), int64(456)), + }, + Body: mfContents, + }) + return files, nil +} + +func tarfilesToJar(artifactFiles []*fuzz.TarFile) ([]byte, error) { + var jarBytes []byte + f, err := os.Create("artifactFile") + if err != nil { + return jarBytes, err + } + defer f.Close() + defer os.Remove("artifactFile") + zw := zip.NewWriter(f) + for _, zipFile := range artifactFiles { + jw, err := zw.Create(zipFile.Hdr.Name) + if err != nil { + zw.Close() + return jarBytes, err + } + _, err = jw.Write(zipFile.Body) + if err != nil { + continue + } + } + zw.Close() + err = f.Sync() + if err != nil { + return jarBytes, err + } + buf := bytes.Buffer{} + err = zipslicer.ZipToTar(f, &buf) + if err != nil { + return jarBytes, err + } + + jd, err := signjar.DigestJarStream(&buf, crypto.SHA256) + if err != nil { + os.Remove("artifactFile") + return jarBytes, err + } + c := certloader.Certificate{ + PrivateKey: CertPrivateKey, + Leaf: Certificate, + } + + patch, _, err := jd.Sign(context.Background(), &c, "rekor", false, true, false) + if err != nil { + return jarBytes, err + } + + if err := patch.Apply(f, "artifactFile"); err != nil { + return jarBytes, err + } + f.Close() + + artifactBytes, err := os.ReadFile("artifactFile") + if err != nil { + return jarBytes, err + } + return artifactBytes, nil +} diff --git a/pkg/types/cose/v0.0.1/fuzz_test.go b/pkg/types/cose/v0.0.1/fuzz_test.go index 5545c48b7..2e69e4cfa 100644 --- a/pkg/types/cose/v0.0.1/fuzz_test.go +++ b/pkg/types/cose/v0.0.1/fuzz_test.go @@ -39,11 +39,15 @@ func FuzzCoseCreateProposedEntry(f *testing.F) { ff := fuzz.NewConsumer(propsData) - props, cleanup, err := fuzzUtils.CreateProps(ff) + props, cleanup, err := fuzzUtils.CreateProps(ff, "coseV001") if err != nil { t.Skip() } - defer cleanup() + defer func() { + for _, c := range cleanup { + c() + } + }() it := cose.New() entry, err := it.CreateProposedEntry(context.Background(), version, props) diff --git a/pkg/types/dsse/v0.0.1/fuzz_test.go b/pkg/types/dsse/v0.0.1/fuzz_test.go index 371599536..8233cc85e 100644 --- a/pkg/types/dsse/v0.0.1/fuzz_test.go +++ b/pkg/types/dsse/v0.0.1/fuzz_test.go @@ -37,11 +37,15 @@ func FuzzDSSECreateProposedEntry(f *testing.F) { ff := fuzz.NewConsumer(propsData) - props, cleanup, err := fuzzUtils.CreateProps(ff) + props, cleanup, err := fuzzUtils.CreateProps(ff, "dssev001") if err != nil { t.Skip() } - defer cleanup() + defer func() { + for _, c := range cleanup { + c() + } + }() it := dsse.New() entry, err := it.CreateProposedEntry(context.Background(), APIVERSION, props) diff --git a/pkg/types/hashedrekord/v0.0.1/fuzz_test.go b/pkg/types/hashedrekord/v0.0.1/fuzz_test.go index 4a3d54684..c1878d7c4 100644 --- a/pkg/types/hashedrekord/v0.0.1/fuzz_test.go +++ b/pkg/types/hashedrekord/v0.0.1/fuzz_test.go @@ -39,11 +39,15 @@ func FuzzHashedRekordCreateProposedEntry(f *testing.F) { ff := fuzz.NewConsumer(propsData) - props, cleanup, err := fuzzUtils.CreateProps(ff) + props, cleanup, err := fuzzUtils.CreateProps(ff, "hashedrekordV001") if err != nil { t.Skip() } - defer cleanup() + defer func() { + for _, c := range cleanup { + c() + } + }() it := hashedrekord.New() entry, err := it.CreateProposedEntry(context.Background(), version, props) diff --git a/pkg/types/helm/v0.0.1/fuzz_test.go b/pkg/types/helm/v0.0.1/fuzz_test.go index 3624f0593..4c0695730 100644 --- a/pkg/types/helm/v0.0.1/fuzz_test.go +++ b/pkg/types/helm/v0.0.1/fuzz_test.go @@ -40,11 +40,15 @@ func FuzzHelmCreateProposedEntry(f *testing.F) { ff := fuzz.NewConsumer(propsData) - props, cleanup, err := fuzzUtils.CreateProps(ff) + props, cleanup, err := fuzzUtils.CreateProps(ff, "helmV001") if err != nil { t.Skip() } - defer cleanup() + defer func() { + for _, c := range cleanup { + c() + } + }() it := helm.New() entry, err := it.CreateProposedEntry(context.Background(), version, props) diff --git a/pkg/types/intoto/v0.0.1/fuzz_test.go b/pkg/types/intoto/v0.0.1/fuzz_test.go index a023a4dbd..feda07695 100644 --- a/pkg/types/intoto/v0.0.1/fuzz_test.go +++ b/pkg/types/intoto/v0.0.1/fuzz_test.go @@ -39,11 +39,15 @@ func FuzzIntotoCreateProposedEntry(f *testing.F) { ff := fuzz.NewConsumer(propsData) - props, cleanup, err := fuzzUtils.CreateProps(ff) + props, cleanup, err := fuzzUtils.CreateProps(ff, "intotoV001") if err != nil { t.Skip() } - defer cleanup() + defer func() { + for _, c := range cleanup { + c() + } + }() it := intoto.New() entry, err := it.CreateProposedEntry(context.Background(), version, props) diff --git a/pkg/types/intoto/v0.0.2/fuzz_test.go b/pkg/types/intoto/v0.0.2/fuzz_test.go index ab9b232db..67dccc72c 100644 --- a/pkg/types/intoto/v0.0.2/fuzz_test.go +++ b/pkg/types/intoto/v0.0.2/fuzz_test.go @@ -39,11 +39,15 @@ func FuzzIntotoCreateProposedEntry(f *testing.F) { ff := fuzz.NewConsumer(propsData) - props, cleanup, err := fuzzUtils.CreateProps(ff) + props, cleanup, err := fuzzUtils.CreateProps(ff, "intotoV002") if err != nil { t.Skip() } - defer cleanup() + defer func() { + for _, c := range cleanup { + c() + } + }() it := intoto.New() entry, err := it.CreateProposedEntry(context.Background(), version, props) diff --git a/pkg/types/jar/v0.0.1/fuzz_test.go b/pkg/types/jar/v0.0.1/fuzz_test.go index cb7235d30..15c6148ea 100644 --- a/pkg/types/jar/v0.0.1/fuzz_test.go +++ b/pkg/types/jar/v0.0.1/fuzz_test.go @@ -43,11 +43,16 @@ func FuzzJarCreateProposedEntry(f *testing.F) { ff := fuzz.NewConsumer(propsData) - props, cleanup, err := fuzzUtils.CreateProps(ff) + props, cleanup, err := fuzzUtils.CreateProps(ff, "jarV001") if err != nil { t.Skip() } - defer cleanup() + + defer func() { + for _, c := range cleanup { + c() + } + }() it := jar.New() entry, err := it.CreateProposedEntry(context.Background(), version, props) diff --git a/pkg/types/rekord/v0.0.1/fuzz_test.go b/pkg/types/rekord/v0.0.1/fuzz_test.go index ea11542c3..a4343a0d1 100644 --- a/pkg/types/rekord/v0.0.1/fuzz_test.go +++ b/pkg/types/rekord/v0.0.1/fuzz_test.go @@ -39,11 +39,15 @@ func FuzzRekordCreateProposedEntry(f *testing.F) { ff := fuzz.NewConsumer(propsData) - props, cleanup, err := fuzzUtils.CreateProps(ff) + props, cleanup, err := fuzzUtils.CreateProps(ff, "rekordV001") if err != nil { t.Skip() } - defer cleanup() + defer func() { + for _, c := range cleanup { + c() + } + }() it := rekord.New() entry, err := it.CreateProposedEntry(context.Background(), version, props) diff --git a/pkg/types/rfc3161/v0.0.1/fuzz_test.go b/pkg/types/rfc3161/v0.0.1/fuzz_test.go index 65f5c7a7f..c5f3bbe8c 100644 --- a/pkg/types/rfc3161/v0.0.1/fuzz_test.go +++ b/pkg/types/rfc3161/v0.0.1/fuzz_test.go @@ -39,11 +39,15 @@ func FuzzRfc3161CreateProposedEntry(f *testing.F) { ff := fuzz.NewConsumer(propsData) - props, cleanup, err := fuzzUtils.CreateProps(ff) + props, cleanup, err := fuzzUtils.CreateProps(ff, "rfc3161V001") if err != nil { t.Skip() } - defer cleanup() + defer func() { + for _, c := range cleanup { + c() + } + }() it := rfc3161.New() entry, err := it.CreateProposedEntry(context.Background(), version, props) diff --git a/pkg/types/rpm/v0.0.1/fuzz_test.go b/pkg/types/rpm/v0.0.1/fuzz_test.go index e0c0b00bc..7c3e0d0f7 100644 --- a/pkg/types/rpm/v0.0.1/fuzz_test.go +++ b/pkg/types/rpm/v0.0.1/fuzz_test.go @@ -39,11 +39,15 @@ func FuzzRpmCreateProposedEntry(f *testing.F) { ff := fuzz.NewConsumer(propsData) - props, cleanup, err := fuzzUtils.CreateProps(ff) + props, cleanup, err := fuzzUtils.CreateProps(ff, "rpmV001") if err != nil { t.Skip() } - defer cleanup() + defer func() { + for _, c := range cleanup { + c() + } + }() it := rpm.New() entry, err := it.CreateProposedEntry(context.Background(), version, props) diff --git a/pkg/types/tuf/v0.0.1/fuzz_test.go b/pkg/types/tuf/v0.0.1/fuzz_test.go index 2fc242c90..3b4dec6a8 100644 --- a/pkg/types/tuf/v0.0.1/fuzz_test.go +++ b/pkg/types/tuf/v0.0.1/fuzz_test.go @@ -39,11 +39,15 @@ func FuzzTufCreateProposedEntry(f *testing.F) { ff := fuzz.NewConsumer(propsData) - props, cleanup, err := fuzzUtils.CreateProps(ff) + props, cleanup, err := fuzzUtils.CreateProps(ff, "tufV001") if err != nil { t.Skip() } - defer cleanup() + defer func() { + for _, c := range cleanup { + c() + } + }() it := tuf.New() entry, err := it.CreateProposedEntry(context.Background(), version, props) diff --git a/tests/oss_fuzz.sh b/tests/oss_fuzz.sh index ff4b814f9..670d6645d 100755 --- a/tests/oss_fuzz.sh +++ b/tests/oss_fuzz.sh @@ -14,6 +14,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +# remove e2e build comments. +# This is a temporary fix. +# TODO AdamKorcz: Get rid of these sed commands +sed -i '16,17d' $SRC/rekor/pkg/pki/x509/e2e.go +sed -i '16d' $SRC/rekor/pkg/util/util.go + cd $SRC/instrumentation go mod tidy go run main.go --target_dir=$SRC/rekor --check_io_length=true