aiohttp: initial integration. (#4764)

* aiohttp: initial integration.

* aiohttp: update to 2022

* set main_repo

* updated to latest python base image

5 files changed, 148 insertions, 0 deletions

diff --git a/projects/aiohttp/Dockerfile b/projects/aiohttp/Dockerfile
new file mode 100644
index 00000000..762b02d2
--- /dev/null
+++ b/projects/aiohttp/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder-python
+RUN apt-get update && apt-get install -y pkg-config zlib1g zlib1g-dev libjpeg-dev libpng-dev npm
+RUN git clone --recurse-submodules https://github.com/aio-libs/aiohttp
+COPY build.sh $SRC/
+COPY fuzz_* $SRC/aiohttp/
+
+WORKDIR $SRC/aiohttp
diff --git a/projects/aiohttp/build.sh b/projects/aiohttp/build.sh
new file mode 100755
index 00000000..17023bba
--- /dev/null
+++ b/projects/aiohttp/build.sh
@@ -0,0 +1,28 @@
+#!/bin/bash -eu
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+ln -s /usr/local/bin/python3 /usr/local/bin/python
+ln -s /usr/local/bin/pip3 /usr/local/bin/pip
+
+# install aiohttp
+pip3 install -r requirements/dev.txt
+pre-commit install
+make install-dev
+
+# Build fuzzers in $OUT.
+for fuzzer in $(find $SRC -name 'fuzz_*.py'); do
+  compile_python_fuzzer $fuzzer
+done
diff --git a/projects/aiohttp/fuzz_http_parser.py b/projects/aiohttp/fuzz_http_parser.py
new file mode 100644
index 00000000..93c078ab
--- /dev/null
+++ b/projects/aiohttp/fuzz_http_parser.py
@@ -0,0 +1,43 @@
+#!/usr/bin/python3
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import sys
+import atheris
+
+# aiohttp imports
+import asyncio
+with atheris.instrument_imports():
+    import aiohttp
+    from aiohttp.base_protocol import BaseProtocol
+    from aiohttp import http_exceptions, streams
+
+@atheris.instrument_func
+def TestOneInput(data):
+    loop = asyncio.get_event_loop()
+    pr = BaseProtocol(loop)
+    h_p = aiohttp.http_parser.HttpRequestParser(pr, loop, 32768)
+    try:
+        h_p.feed_data(data)
+    except aiohttp.http_exceptions.HttpProcessingError:
+        None
+
+def main():
+    atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True)
+    loop = asyncio.get_event_loop()
+    asyncio.set_event_loop(loop)
+    atheris.Fuzz()
+
+if __name__ == "__main__":
+    main()
diff --git a/projects/aiohttp/fuzz_payload_url.py b/projects/aiohttp/fuzz_payload_url.py
new file mode 100644
index 00000000..8d4fd3d9
--- /dev/null
+++ b/projects/aiohttp/fuzz_payload_url.py
@@ -0,0 +1,43 @@
+#!/usr/bin/python3
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import sys
+import atheris
+
+# aiohttp specific
+with atheris.instrument_imports():
+    from aiohttp import http_exceptions, payload
+    from yarl import URL
+
+@atheris.instrument_func
+def TestOneInput(data):
+    fdp = atheris.FuzzedDataProvider(data)
+    original = fdp.ConsumeString(sys.maxsize)
+
+    try:
+        p = payload.StringPayload(original)
+    except UnicodeEncodeError:
+        None
+    try:
+        u = URL(original)
+    except ValueError:
+        None
+
+def main():
+    atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True)
+    atheris.Fuzz()
+
+if __name__ == "__main__":
+    main()
diff --git a/projects/aiohttp/project.yaml b/projects/aiohttp/project.yaml
new file mode 100644
index 00000000..9b1172f7
--- /dev/null
+++ b/projects/aiohttp/project.yaml
@@ -0,0 +1,11 @@
+homepage: "https://github.com/aio-libs/aiohttp"
+main_repo: "https://github.com/aio-libs/aiohttp"
+language: python
+primary_contact: "david@adalogics.com"
+auto_ccs :
+  - "adam@adalogics.com"
+fuzzing_engines:
+  - libfuzzer
+sanitizers:
+  - address
+  - undefined