diff options
author | 2022-04-08 17:34:05 +0100 | |
---|---|---|
committer | 2022-04-08 12:34:05 -0400 | |
commit | 6288dc25d970efb55b735625c3be6dbb6efe024a (patch) | |
tree | 7675f8977ed29b0b5ca8c463d920b8c3b1e515d3 /projects/aiohttp | |
parent | 0f7337c56074bf30d90f432fc3797d2460a1a64a (diff) |
aiohttp: initial integration. (#4764)
* aiohttp: initial integration.
* aiohttp: update to 2022
* set main_repo
* updated to latest python base image
Diffstat (limited to 'projects/aiohttp')
-rw-r--r-- | projects/aiohttp/Dockerfile | 23 | ||||
-rwxr-xr-x | projects/aiohttp/build.sh | 28 | ||||
-rw-r--r-- | projects/aiohttp/fuzz_http_parser.py | 43 | ||||
-rw-r--r-- | projects/aiohttp/fuzz_payload_url.py | 43 | ||||
-rw-r--r-- | projects/aiohttp/project.yaml | 11 |
5 files changed, 148 insertions, 0 deletions
diff --git a/projects/aiohttp/Dockerfile b/projects/aiohttp/Dockerfile new file mode 100644 index 00000000..762b02d2 --- /dev/null +++ b/projects/aiohttp/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder-python +RUN apt-get update && apt-get install -y pkg-config zlib1g zlib1g-dev libjpeg-dev libpng-dev npm +RUN git clone --recurse-submodules https://github.com/aio-libs/aiohttp +COPY build.sh $SRC/ +COPY fuzz_* $SRC/aiohttp/ + +WORKDIR $SRC/aiohttp diff --git a/projects/aiohttp/build.sh b/projects/aiohttp/build.sh new file mode 100755 index 00000000..17023bba --- /dev/null +++ b/projects/aiohttp/build.sh @@ -0,0 +1,28 @@ +#!/bin/bash -eu +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +ln -s /usr/local/bin/python3 /usr/local/bin/python +ln -s /usr/local/bin/pip3 /usr/local/bin/pip + +# install aiohttp +pip3 install -r requirements/dev.txt +pre-commit install +make install-dev + +# Build fuzzers in $OUT. +for fuzzer in $(find $SRC -name 'fuzz_*.py'); do + compile_python_fuzzer $fuzzer +done diff --git a/projects/aiohttp/fuzz_http_parser.py b/projects/aiohttp/fuzz_http_parser.py new file mode 100644 index 00000000..93c078ab --- /dev/null +++ b/projects/aiohttp/fuzz_http_parser.py @@ -0,0 +1,43 @@ +#!/usr/bin/python3 + +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +import sys +import atheris + +# aiohttp imports +import asyncio +with atheris.instrument_imports(): + import aiohttp + from aiohttp.base_protocol import BaseProtocol + from aiohttp import http_exceptions, streams + +@atheris.instrument_func +def TestOneInput(data): + loop = asyncio.get_event_loop() + pr = BaseProtocol(loop) + h_p = aiohttp.http_parser.HttpRequestParser(pr, loop, 32768) + try: + h_p.feed_data(data) + except aiohttp.http_exceptions.HttpProcessingError: + None + +def main(): + atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True) + loop = asyncio.get_event_loop() + asyncio.set_event_loop(loop) + atheris.Fuzz() + +if __name__ == "__main__": + main() diff --git a/projects/aiohttp/fuzz_payload_url.py b/projects/aiohttp/fuzz_payload_url.py new file mode 100644 index 00000000..8d4fd3d9 --- /dev/null +++ b/projects/aiohttp/fuzz_payload_url.py @@ -0,0 +1,43 @@ +#!/usr/bin/python3 + +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +import sys +import atheris + +# aiohttp specific +with atheris.instrument_imports(): + from aiohttp import http_exceptions, payload + from yarl import URL + +@atheris.instrument_func +def TestOneInput(data): + fdp = atheris.FuzzedDataProvider(data) + original = fdp.ConsumeString(sys.maxsize) + + try: + p = payload.StringPayload(original) + except UnicodeEncodeError: + None + try: + u = URL(original) + except ValueError: + None + +def main(): + atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True) + atheris.Fuzz() + +if __name__ == "__main__": + main() diff --git a/projects/aiohttp/project.yaml b/projects/aiohttp/project.yaml new file mode 100644 index 00000000..9b1172f7 --- /dev/null +++ b/projects/aiohttp/project.yaml @@ -0,0 +1,11 @@ +homepage: "https://github.com/aio-libs/aiohttp" +main_repo: "https://github.com/aio-libs/aiohttp" +language: python +primary_contact: "david@adalogics.com" +auto_ccs : + - "adam@adalogics.com" +fuzzing_engines: + - libfuzzer +sanitizers: + - address + - undefined |