From 48abb1cbc138cd9c013369ea4608dd2fe5ca7a62 Mon Sep 17 00:00:00 2001 From: David Lakin Date: Sat, 4 May 2024 14:40:26 -0400 Subject: [PATCH 1/2] Add git.Blob fuzz target Based on the `test_blob.py` unit test. --- fuzzing/dictionaries/fuzz_blob.dict | 1 + fuzzing/fuzz-targets/fuzz_blob.py | 36 +++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 fuzzing/dictionaries/fuzz_blob.dict create mode 100644 fuzzing/fuzz-targets/fuzz_blob.py diff --git a/fuzzing/dictionaries/fuzz_blob.dict b/fuzzing/dictionaries/fuzz_blob.dict new file mode 100644 index 000000000..7f123f830 --- /dev/null +++ b/fuzzing/dictionaries/fuzz_blob.dict @@ -0,0 +1 @@ +"\\377\\377\\377\\377\\377\\377\\377\\377" diff --git a/fuzzing/fuzz-targets/fuzz_blob.py b/fuzzing/fuzz-targets/fuzz_blob.py new file mode 100644 index 000000000..9d296de40 --- /dev/null +++ b/fuzzing/fuzz-targets/fuzz_blob.py @@ -0,0 +1,36 @@ +import atheris +import sys +import os +import tempfile + +if getattr(sys, "frozen", False) and hasattr(sys, "_MEIPASS"): + path_to_bundled_git_binary = os.path.abspath(os.path.join(os.path.dirname(__file__), "git")) + os.environ["GIT_PYTHON_GIT_EXECUTABLE"] = path_to_bundled_git_binary + +with atheris.instrument_imports(): + import git + + +def TestOneInput(data): + fdp = atheris.FuzzedDataProvider(data) + + with tempfile.TemporaryDirectory() as temp_dir: + repo = git.Repo.init(path=temp_dir) + blob = git.Blob( + repo, + **{ + "binsha": git.Blob.NULL_BIN_SHA, + "path": fdp.ConsumeUnicodeNoSurrogates(fdp.remaining_bytes()), + }, + ) + + _ = blob.mime_type + + +def main(): + atheris.Setup(sys.argv, TestOneInput) + atheris.Fuzz() + + +if __name__ == "__main__": + main() From 6823e4543f33eb623df14a5a27c9731199de7a4f Mon Sep 17 00:00:00 2001 From: David Lakin Date: Sat, 4 May 2024 15:44:23 -0400 Subject: [PATCH 2/2] Use fuzzed data for all git.Blob arguments This increases the edges reached by the fuzzer, making for a more effective test with higher coverage. --- fuzzing/fuzz-targets/fuzz_blob.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/fuzzing/fuzz-targets/fuzz_blob.py b/fuzzing/fuzz-targets/fuzz_blob.py index 9d296de40..ce888e85f 100644 --- a/fuzzing/fuzz-targets/fuzz_blob.py +++ b/fuzzing/fuzz-targets/fuzz_blob.py @@ -16,13 +16,17 @@ def TestOneInput(data): with tempfile.TemporaryDirectory() as temp_dir: repo = git.Repo.init(path=temp_dir) - blob = git.Blob( - repo, - **{ - "binsha": git.Blob.NULL_BIN_SHA, - "path": fdp.ConsumeUnicodeNoSurrogates(fdp.remaining_bytes()), - }, - ) + binsha = fdp.ConsumeBytes(20) + mode = fdp.ConsumeInt(fdp.ConsumeIntInRange(0, fdp.remaining_bytes())) + path = fdp.ConsumeUnicodeNoSurrogates(fdp.remaining_bytes()) + + try: + blob = git.Blob(repo, binsha, mode, path) + except AssertionError as e: + if "Require 20 byte binary sha, got" in str(e): + return -1 + else: + raise e _ = blob.mime_type pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy