Skip to content

Add basic fuzz test + Enable codeql on GHA #12596

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 10, 2025
Merged

Add basic fuzz test + Enable codeql on GHA #12596

merged 2 commits into from
Jul 10, 2025

Conversation

dereknola
Copy link
Member

Proposed Changes

  • Adds a basic fuzz test on the VerifyHash function
  • Enables CodeQL static code analysis on our GitHub Actions

Types of Changes

New Unit test

Verification

CI Still green

Testing

Linked Issues

N/A

User-Facing Change

Further Comments

dereknola added 2 commits July 2, 2025 10:24
@dereknola
Add basic fuzz test
215b036 
Signed-off-by: Derek Nola <derek.nola@suse.com>
@dereknola
Add basic codeql workflow
8011830 
Signed-off-by: Derek Nola <derek.nola@suse.com>
@dereknola dereknola requested a review from a team as a code owner July 8, 2025 16:26
@codecov Codecov
Copy link

codecov bot commented Jul 8, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 19.95%. Comparing base (6d076f4) to head (8011830).
Report is 13 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12596      +/-   ##
==========================================
+ Coverage   19.90%   19.95%   +0.04%     
==========================================
  Files         184      183       -1     
  Lines       19265    19268       +3     
==========================================
+ Hits         3835     3844       +9     
+ Misses      14998    14990       -8     
- Partials      432      434       +2
Flag Coverage Δ
unittests 19.95% <ø> (+0.04%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 8, 2025 


Report Summary

┌─────────────────────────────┬──────────┬─────────────────┬─────────┐
│           Target            │   Type   │ Vulnerabilities │ Secrets │
├─────────────────────────────┼──────────┼─────────────────┼─────────┤
│ bin/cni                     │ gobinary │        0        │    -    │
├─────────────────────────────┼──────────┼─────────────────┼─────────┤
│ bin/containerd-shim-runc-v2 │ gobinary │        0        │    -    │
├─────────────────────────────┼──────────┼─────────────────┼─────────┤
│ bin/k3s                     │ gobinary │        0        │    -    │
├─────────────────────────────┼──────────┼─────────────────┼─────────┤
│ bin/runc                    │ gobinary │        0        │    -    │
└─────────────────────────────┴──────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/v0.63/docs/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


bin/k3s (gobinary)
==================
Total: 0 (HIGH: 0, CRITICAL: 0)


Suppressed Vulnerabilities (Total: 1)
=====================================
┌─────────────────────────────┬────────────────┬──────────┬──────────────┬─────────────────────────────┬──────────────────────┐
│           Library           │ Vulnerability  │ Severity │    Status    │          Statement          │        Source        │
├─────────────────────────────┼────────────────┼──────────┼──────────────┼─────────────────────────────┼──────────────────────┤
│ github.com/pion/interceptor │ CVE-2025-49140 │ HIGH     │ not_affected │ vulnerable_code_not_present │ rancher.openvex.json │
└─────────────────────────────┴────────────────┴──────────┴──────────────┴─────────────────────────────┴──────────────────────┘

@dereknola dereknola merged commit 907d03d into k3s-io:master Jul 10, 2025
41 checks passed
This was referenced Jul 11, 2025
Merged
Merged
Merged
Merged
@dereknola dereknola deleted the fuzz branch July 11, 2025 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brandond brandond brandond approved these changes

@cwayne18 cwayne18 cwayne18 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dereknola @brandond @cwayne18