sqlalchemy_jsonfield: initial integration (#7846)

* sqlalchemy_jsonfield: initial integration
prepare initial fuzzer

* Fix fuzzer

* Fix fuzzer

4 files changed, 120 insertions, 0 deletions

diff --git a/projects/sqlalchemy_jsonfield/Dockerfile b/projects/sqlalchemy_jsonfield/Dockerfile
new file mode 100644
index 00000000..958d5746
--- /dev/null
+++ b/projects/sqlalchemy_jsonfield/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder-python
+
+RUN git clone https://github.com/sqlalchemy/sqlalchemy
+RUN git clone https://github.com/penguinolog/sqlalchemy_jsonfield
+
+WORKDIR $SRC/sqlalchemy_jsonfield
+COPY build.sh fuzz_*.py $SRC/
diff --git a/projects/sqlalchemy_jsonfield/build.sh b/projects/sqlalchemy_jsonfield/build.sh
new file mode 100644
index 00000000..ec4c8d65
--- /dev/null
+++ b/projects/sqlalchemy_jsonfield/build.sh
@@ -0,0 +1,29 @@
+#!/bin/bash -eu
+# Copyright 2022 Google LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Build and install project (using current CFLAGS, CXXFLAGS).
+pip3 install --upgrade pip
+
+cd $SRC/sqlalchemy
+pip3 install .
+
+cd $SRC/sqlalchemy_jsonfield
+pip3 install .
+
+for fuzzer in $(find $SRC -name 'fuzz_*.py'); do
+   compile_python_fuzzer $fuzzer 
+done
diff --git a/projects/sqlalchemy_jsonfield/fuzz_basic.py b/projects/sqlalchemy_jsonfield/fuzz_basic.py
new file mode 100644
index 00000000..7d10e03f
--- /dev/null
+++ b/projects/sqlalchemy_jsonfield/fuzz_basic.py
@@ -0,0 +1,56 @@
+#!/usr/bin/python3
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import atheris
+import sys
+
+with atheris.instrument_imports():
+   import sqlalchemy
+   from sqlalchemy import create_engine, Table, Column, Integer, MetaData
+   from sqlalchemy.sql import text
+   from sqlalchemy.exc import SQLAlchemyError
+   import sqlalchemy_jsonfield
+   from sqlalchemy_jsonfield import JSONField
+
+@atheris.instrument_func
+def TestInput(data):
+    fdp = atheris.FuzzedDataProvider(data)
+
+    metadata = MetaData()
+    fuzz_table = Table('fuzz_table', metadata,
+        Column('id', Integer, primary_key=True),
+        Column('Col1',
+           JSONField(enforce_string=fdp.ConsumeBool(),enforce_unicode=fdp.ConsumeBool())
+       )
+    )
+
+    engine = create_engine('sqlite:///fuzz.db')
+    metadata.create_all(engine)
+    try:
+        with engine.connect() as conn:
+            conn.execute(text(fdp.ConsumeString(100))) 
+    except (SQLAlchemyError, UnicodeEncodeError) as e:
+       pass
+    except ValueError as e:
+      if "the query contains a null character" not in str(e):
+         raise e
+
+def main():
+  atheris.Setup(sys.argv, TestInput, enable_python_coverage=True)
+  atheris.Fuzz()
+
+
+if __name__ == "__main__":
+  main()
diff --git a/projects/sqlalchemy_jsonfield/project.yaml b/projects/sqlalchemy_jsonfield/project.yaml
new file mode 100644
index 00000000..42c5a68d
--- /dev/null
+++ b/projects/sqlalchemy_jsonfield/project.yaml
@@ -0,0 +1,12 @@
+fuzzing_engines:
+- libfuzzer
+homepage: https://github.com/penguinolog/sqlalchemy_jsonfield
+language: python
+main_repo: https://github.com/penguinolog/sqlalchemy_jsonfield
+sanitizers:
+- address
+- undefined
+vendor_ccs:
+- david@adalogics.com
+- adam@adalogics.com
+- arthur.chan@adalogics.com