Updated Django to use a python based fuzzer. (#6940)

3 files changed, 48 insertions, 71 deletions

diff --git a/projects/django/Dockerfile b/projects/django/Dockerfile
index 25af4313..0f3a65a7 100644
--- a/projects/django/Dockerfile
+++ b/projects/django/Dockerfile
@@ -14,10 +14,13 @@
 #
 ################################################################################
 
-FROM gcr.io/oss-fuzz-base/base-builder
-RUN apt-get update && \
-    apt-get install -y build-essential libncursesw5-dev libreadline-dev libssl-dev libgdbm-dev libc6-dev libsqlite3-dev tk-dev libbz2-dev zlib1g-dev libffi-dev wget
-RUN wget -q https://github.com/python/cpython/archive/v3.8.7.tar.gz
-RUN git clone --depth 1 https://github.com/django/django-fuzzers.git
+FROM gcr.io/oss-fuzz-base/base-builder-python
+
+RUN apt-get update && apt-get install -y libgdal26
+
 RUN git clone --depth 1 https://github.com/django/django.git
+RUN git clone --depth 1 https://github.com/django/django-fuzzers.git
+
 COPY build.sh $SRC/
+
+WORKDIR $SRC/django
diff --git a/projects/django/build.sh b/projects/django/build.sh
index 962b9f9e..3769279f 100755
--- a/projects/django/build.sh
+++ b/projects/django/build.sh
@@ -1,5 +1,5 @@
 #!/bin/bash -eu
-# Copyright 2019 Google Inc.
+# Copyright 2021 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,60 +15,34 @@
 #
 ################################################################################
 
-# Ignore memory leaks from python scripts invoked in the build
-export ASAN_OPTIONS="detect_leaks=0"
-export MSAN_OPTIONS="halt_on_error=0:exitcode=0:report_umrs=0"
-
-# Remove -pthread from CFLAGS, this trips up ./configure
-# which thinks pthreads are available without any CLI flags
-CFLAGS=${CFLAGS//"-pthread"/}
-
-FLAGS=()
-case $SANITIZER in
-  address)
-    FLAGS+=("--with-address-sanitizer")
-    ;;
-  memory)
-    FLAGS+=("--with-memory-sanitizer")
-    # installing ensurepip takes a while with MSAN instrumentation, so
-    # we disable it here
-    FLAGS+=("--without-ensurepip")
-    # -msan-keep-going is needed to allow MSAN's halt_on_error to function
-    FLAGS+=("CFLAGS=-mllvm -msan-keep-going=1")
-    ;;
-  undefined)
-    FLAGS+=("--with-undefined-behavior-sanitizer")
-    ;;
-esac
-
-export CPYTHON_INSTALL_PATH=$SRC/cpython-install
-rm -rf $CPYTHON_INSTALL_PATH
-mkdir $CPYTHON_INSTALL_PATH
-
-tar zxf v3.8.7.tar.gz
-cd cpython-3.8.7/
-cp $SRC/django-fuzzers/python_coverage.h Python/
-
-# Patch the interpreter to record code coverage
-sed -i '1 s/^.*$/#include "python_coverage.h"/g' Python/ceval.c
-sed -i 's/case TARGET\(.*\): {/\0\nfuzzer_record_code_coverage(f->f_code, f->f_lasti);/g' Python/ceval.c
-
-./configure "${FLAGS[@]:-}" --prefix=$CPYTHON_INSTALL_PATH
-make -j$(nproc)
-make install
-
-cp -R $CPYTHON_INSTALL_PATH $OUT/
-
-rm -rf $OUT/django-dependencies
-mkdir $OUT/django-dependencies
-$CPYTHON_INSTALL_PATH/bin/pip3 install asgiref pytz sqlparse backports.zoneinfo -t $OUT/django-dependencies
-
-cd $SRC/django-fuzzers
-rm $CPYTHON_INSTALL_PATH/lib/python3.8/lib-dynload/_tkinter*.so
-make
-
-cp -R $SRC/django/* $OUT/
-
-cp $SRC/django-fuzzers/fuzzer-utils $OUT/
-cp $SRC/django-fuzzers/utils.py $OUT/
-zip -j $OUT/fuzzer-utils_seed_corpus.zip $SRC/django-fuzzers/corp-utils/*
+# Build and install project (using current CFLAGS, CXXFLAGS). This is required
+# for projects with C extensions so that they're built with the proper flags.
+pip3 install .
+
+export DJANGO_SETTINGS_MODULE=fuzzer_project.settings
+
+# Build fuzzers into $OUT. These could be detected in other ways.
+for fuzzer in $(find $SRC -name '*_fuzzer.py'); do
+  fuzzer_basename=$(basename -s .py $fuzzer)
+  fuzzer_package=${fuzzer_basename}.pkg
+
+  # To avoid issues with Python version conflicts, or changes in environment
+  # over time on the OSS-Fuzz bots, we use pyinstaller to create a standalone
+  # package. Though not necessarily required for reproducing issues, this is
+  # required to keep fuzzers working properly in OSS-Fuzz.
+  pyinstaller --distpath $OUT --onefile --name $fuzzer_package $fuzzer
+
+  # Create execution wrapper. Atheris requires that certain libraries are
+  # preloaded, so this is also done here to ensure compatibility and simplify
+  # test case reproduction. Since this helper script is what OSS-Fuzz will
+  # actually execute, it is also always required.
+  # NOTE: If you are fuzzing python-only code and do not have native C/C++
+  # extensions, then remove the LD_PRELOAD line below as preloading sanitizer
+  # library is not required and can lead to unexpected startup crashes.
+  echo "#!/bin/sh
+# LLVMFuzzerTestOneInput for fuzzer detection.
+this_dir=\$(dirname \"\$0\")
+ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \
+\$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename
+  chmod +x $OUT/$fuzzer_basename
+done
\ No newline at end of file
diff --git a/projects/django/project.yaml b/projects/django/project.yaml
index b3836b9a..e6846c87 100644
--- a/projects/django/project.yaml
+++ b/projects/django/project.yaml
@@ -1,13 +1,13 @@
 homepage: "https://www.djangoproject.com/"
-language: c++
-primary_contact: "guidovranken@gmail.com"
+language: python
+primary_contact: "f.apolloner@gmail.com"
 auto_ccs:
- - "f.apolloner@gmail.com"
- - "info+django+security@markusholtermann.eu"
- - "jammamarkus@gmail.com"
+  - "jammamarkus@gmail.com"
+  - "guidovranken@gmail.com"
+  - "info+django+security@markusholtermann.eu"
 fuzzing_engines:
   - libfuzzer
-  - honggfuzz
 sanitizers:
- - undefined
-main_repo: 'https://github.com/django/django.git'
+  - address
+  - undefined
+main_repo: "https://github.com/django/django.git"