From 854befe7b1642437cf26a6023ce5b9b26bde10e3 Mon Sep 17 00:00:00 2001
From: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Date: Sun, 28 Nov 2021 19:39:13 -0600
Subject: Fuzzing sigstore (#6890)

* Fuzzing sigstore

Included sigstore/sigstore project

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

* fixes

* typo

Co-authored-by: Oliver Chang <ochang@google.com>
---
 projects/sigstore/Dockerfile   | 21 +++++++++++++++++++++
 projects/sigstore/build.sh     | 17 +++++++++++++++++
 projects/sigstore/project.yaml | 12 ++++++++++++
 3 files changed, 50 insertions(+)
 create mode 100644 projects/sigstore/Dockerfile
 create mode 100644 projects/sigstore/build.sh
 create mode 100644 projects/sigstore/project.yaml

(limited to 'projects')

diff --git a/projects/sigstore/Dockerfile b/projects/sigstore/Dockerfile
new file mode 100644
index 00000000..a3aa13e7
--- /dev/null
+++ b/projects/sigstore/Dockerfile
@@ -0,0 +1,21 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder-go
+RUN git clone --depth 1 https://github.com/sigstore/sigstore
+
+COPY build.sh $SRC
+WORKDIR $SRC/sigstore/test/fuzz
diff --git a/projects/sigstore/build.sh b/projects/sigstore/build.sh
new file mode 100644
index 00000000..9bdeada0
--- /dev/null
+++ b/projects/sigstore/build.sh
@@ -0,0 +1,17 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+compile_go_fuzzer github.com/sigstore/sigstore/test/fuzz/pem FuzzLoadCertificates FuzzLoadCertificates
diff --git a/projects/sigstore/project.yaml b/projects/sigstore/project.yaml
new file mode 100644
index 00000000..f596b4f4
--- /dev/null
+++ b/projects/sigstore/project.yaml
@@ -0,0 +1,12 @@
+homepage: "https://sigstore.dev"
+main_repo: "https://github.com/sigstore/sigstore"
+primary_contact: "naveensrinivasan@protonmail.com"
+auto_ccs:
+  - lhinds@protonmail.com
+  - bob.callaway@gmail.com
+  - dlorenc@protonmail.com
+language: go
+fuzzing_engines:
+  - libfuzzer
+sanitizers:
+  - address
-- 
cgit v1.2.3