mastersans
commented
3 months ago @DelusionalOptimist I'll more research regarding all the possible components of the project that would benefits with fuzzing and will share my findings.
Open nyrahul opened 10 months ago
mastersans
commented
3 months ago @DelusionalOptimist I'll more research regarding all the possible components of the project that would benefits with fuzzing and will share my findings.
DelusionalOptimist
commented
3 months ago Thanks @mastersans. Was great to know about your experience with fuzz testing in the community call. Looking forward to you findings!
nyrahul
commented
3 months ago @DelusionalOptimist I'll more research regarding all the possible components of the project that would benefits with fuzzing and will share my findings.
This would be amazing to get it done! Fuzzing is an interesting topic. One good reference is Cilium fuzzing audit report.
A good first step would be to simply use go fuzzing with KubeArmor ginkgo testsuites.
mastersans
commented
1 month ago @DelusionalOptimist I wanted to ask that the kubearmor configmap handler referred here, is it referred to THIS FUNCTION. ?
DelusionalOptimist
commented
1 month ago This function is the one where KubeArmor reads the configmap data - https://github.com/kubearmor/KubeArmor/blob/a5f584c38ee7cd674d1e95a3f7ce7842212dfe12/KubeArmor/core/kubeUpdate.go#L2361
prady0t
commented
4 days ago Here is a workflow example of how we can proceed :
ContainerPolicy for different values of data taking valid json structures as initial values (seed corpus).project.yaml : file to define the project configuration for OSS-Fuzz.
Once we have our PR merged (on oss-fuzz repo) oss-fuzz will run the fuzzers (which are available) continously. For future additions of fuzzers, we will just have to modify the files accordingly such that they are discoverable by oss-fuzz.
Any reported bug can then be fixed.We can start by finding functions whose fuzz testing can potentially find vulnerabilities. We can look at the Cilium report (mentioned above) to find such functions in the Cilium repo and look for similar (if any) functions in KubeArmor.
nyrahul
commented
3 days ago @prady0t This makes complete sense to me! Automation using OSS Fuzz can be tried later once we have a single fucntion fuzz tested. Thanks
prady0t
commented
3 days ago @prady0t This makes complete sense to me! Automation using OSS Fuzz can be tried later once we have a single fucntion fuzz tested. Thanks
Do you think the function I mentioned above is a good one to write a fuzzer for?
nyrahul
commented
3 days ago @prady0t This makes complete sense to me! Automation using OSS Fuzz can be tried later once we have a single fucntion fuzz tested. Thanks
Do you think the function I mentioned above is a good one to write a fuzzer for?
KubeArmor receives external input in following ways:
It is best we start with any of these and your proposal to start with ContainerPolicy makes sense to me.
Feature Request
Short Description
KubeArmor is a security tool and thus security testing of KubeArmor itself is important/imperative.
Fuzz testing involves testing all/most combinations of external inputs to the subsystem. For example, KubeArmor policies are provided by the users and thus might have unwanted effects if the policies are incorrectly formed. The intention of the fuzz testing is to ensure that appropriate input set is derived by the test tool (Google's oss-fuzz is popular) and provided as input to KubeArmor. The execution is then profiled (either using pprof/other tools) to check for any anomalies and unwanted side effects of the execution.
Tasks: