diff options
| author |  DavidKorczynski <david@adalogics.com> | 2022-07-15 21:15:17 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-07-15 13:15:17 -0700 |
| commit | e9fda0e9d3d54d93dbbc14a22efad89696abdddf (patch) | |
| tree | 44bea2ba01f9d0b3785f65486304f34d0e58d0fc | |
| parent | 6f6c9416cb2b6b639b9b4456d08450069a06ba6f (diff) | |
python-cloud-storage: initial integration (#7999)
| -rw-r--r-- | projects/gcp-python-cloud-storage/Dockerfile | 21 | ||||
| -rw-r--r-- | projects/gcp-python-cloud-storage/build.sh | 22 | ||||
| -rw-r--r-- | projects/gcp-python-cloud-storage/fuzz_fileio.py | 55 | ||||
| -rw-r--r-- | projects/gcp-python-cloud-storage/project.yaml | 12 |
4 files changed, 110 insertions, 0 deletions
diff --git a/projects/gcp-python-cloud-storage/Dockerfile b/projects/gcp-python-cloud-storage/Dockerfile new file mode 100644 index 00000000..0644c77e --- /dev/null +++ b/projects/gcp-python-cloud-storage/Dockerfile @@ -0,0 +1,21 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder-python +RUN pip3 install --upgrade pip && pip3 install mock +RUN git clone https://github.com/googleapis/python-storage +COPY build.sh fuzz_fileio.py $SRC/ +WORKDIR python-storage diff --git a/projects/gcp-python-cloud-storage/build.sh b/projects/gcp-python-cloud-storage/build.sh new file mode 100644 index 00000000..b8fc1994 --- /dev/null +++ b/projects/gcp-python-cloud-storage/build.sh @@ -0,0 +1,22 @@ +#!/bin/bash -eu +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +pip3 install . + +for fuzzer in $(find $SRC -name 'fuzz_*.py'); do + compile_python_fuzzer $fuzzer +done diff --git a/projects/gcp-python-cloud-storage/fuzz_fileio.py b/projects/gcp-python-cloud-storage/fuzz_fileio.py new file mode 100644 index 00000000..e8ca853c --- /dev/null +++ b/projects/gcp-python-cloud-storage/fuzz_fileio.py @@ -0,0 +1,55 @@ +#!/usr/bin/python3 +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import atheris +import sys +import mock + +with atheris.instrument_imports(): + from google.cloud.storage.fileio import BlobReader + + +global_data = None +def TestOneInput(data): + global_data = data + fdp = atheris.FuzzedDataProvider(data) + + blob = mock.Mock() + def read_fuzz_data(start=0, end=None, **_): + return global_data[start:end] + + blob.download_as_bytes = mock.Mock(side_effect=read_fuzz_data) + blob.size = len(data) + blob.chunk_size = None + download_kwargs = {"if_metageneration_match": 1} + reader = BlobReader(blob, **download_kwargs) + try: + reader.read(fdp.ConsumeIntInRange(0, len(data)*2)) + except UnicodeDecodeError: + return + + reader.seek( + pos = fdp.ConsumeIntInRange(0, len(data)*2), + whence = fdp.ConsumeIntInRange(0, 2) + ) + + +def main(): + atheris.instrument_all() + atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True) + atheris.Fuzz() + +if __name__ == "__main__": + main() diff --git a/projects/gcp-python-cloud-storage/project.yaml b/projects/gcp-python-cloud-storage/project.yaml new file mode 100644 index 00000000..12220ea3 --- /dev/null +++ b/projects/gcp-python-cloud-storage/project.yaml @@ -0,0 +1,12 @@ +fuzzing_engines: +- libfuzzer +homepage: https://github.com/googleapis/python-storage +language: python +main_repo: https://github.com/googleapis/python-storage +sanitizers: +- address +- undefined +vendor_ccs: +- david@adalogics.com +- adam@adalogics.com +- arthur.chan@adalogics.com |