Add fuzz testing to objectinfo parser

This is part of dogfooding GitLab coverage fuzzing feature

3 files changed, 32 insertions, 0 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 51f1af8e7..361d6123a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -192,6 +192,7 @@ include:
   - template: Security/License-Scanning.gitlab-ci.yml
   - template: Security/SAST.gitlab-ci.yml
   - template: Security/Dependency-Scanning.gitlab-ci.yml
+  - template: Security/Coverage-Fuzzing.gitlab-ci.yml
 
 gosec-sast:
   before_script:
@@ -248,6 +249,17 @@ lint:
     - go version
     - make lint
 
+objectinfo_fuzz_test:
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6-golang-1.13-git-2.26
+  extends: .fuzz_base
+  stage: test
+  script:
+    - apt update && apt install -y clang-7
+    - go get github.com/dvyukov/go-fuzz/go-fuzz && go get github.com/dvyukov/go-fuzz/go-fuzz-build
+    - /root/go/bin/go-fuzz-build -libfuzzer -o objectinfo_fuzzer.a ./internal/git/catfile
+    - clang-7 -fsanitize=fuzzer objectinfo_fuzzer.a -o objectinfo_fuzzer
+    - ./gitlab-cov-fuzz run -- ./objectinfo_fuzzer -max_total_time=300
+
 code_navigation:
   allow_failure: true
   script:
diff --git a/changelogs/unreleased/add_fuzz_testing.yml b/changelogs/unreleased/add_fuzz_testing.yml
new file mode 100644
index 000000000..f174fad98
--- /dev/null
+++ b/changelogs/unreleased/add_fuzz_testing.yml
@@ -0,0 +1,5 @@
+---
+title: Add fuzz testing to objectinfo parser
+merge_request: 2481
+author:
+type: other
diff --git a/internal/git/catfile/objectinfo_fuzz.go b/internal/git/catfile/objectinfo_fuzz.go
new file mode 100644
index 000000000..ab3cdaddf
--- /dev/null
+++ b/internal/git/catfile/objectinfo_fuzz.go
@@ -0,0 +1,15 @@
+// +build gofuzz
+
+package catfile
+
+import (
+	"bufio"
+	"bytes"
+)
+
+func Fuzz(data [] byte) int {
+	reader := bufio.NewReader(bytes.NewReader(data))
+	ParseObjectInfo(reader)
+	return 0
+}
+