Skip to content

[gitpython] Fix Broken Build #11763

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

[gitpython] Fix Broken Build #11763

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c3bedd8
Fix Fuzzing Build Failure Due to Outdated `pip`
DaveLak Mar 30, 2024
908ba9c
Improve fuzzer efficiency
DaveLak Mar 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion projects/gitpython/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.
FROM gcr.io/oss-fuzz-base/base-builder-python
RUN git clone https://github.com/gitpython-developers/gitpython gitpython
RUN git clone https://github.com/gitpython-developers/gitpython gitpython \
&& python3 -m pip install --upgrade pip;

RUN mkdir -p $SRC/seed_data \
&& git clone --depth 1 https://github.com/DaveLak/oss-fuzz-inputs.git oss-fuzz-inputs \
&& rsync -avc oss-fuzz-inputs/gitpython/ $SRC/seed_data/ \
&& rm -rf oss-fuzz-inputs;

RUN git clone --depth 1 https://github.com/google/fuzzing fuzzing \
&& cat fuzzing/dictionaries/utf8.dict \
>> $SRC/seed_data/__base.dict \
&& rm -rf fuzzing;

COPY *.sh *py $SRC/
WORKDIR $SRC/gitpython
29 changes: 26 additions & 3 deletions projects/gitpython/build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,32 @@
# limitations under the License.
#
################################################################################
pip3 install .
python3 -m pip install .

# Directory to look in for dictionaries, options files, and seed corpa:
SEED_DATA_DIR="$SRC/seed_data"

find $SEED_DATA_DIR \( -name '*_seed_corpus.zip' -o -name '*.options' -o -name '*.dict' \) \
! \( -name '__base.*' \) -exec printf 'Copying: %s\n' {} \; \
-exec chmod a-x {} \; \
-exec cp {} "$OUT" \;

# Build fuzzers in $OUT.
for fuzzer in $(find $SRC -name 'fuzz_*.py'); do
compile_python_fuzzer $fuzzer
find "$SRC" -maxdepth 1 -name 'fuzz_*.py' -print0 | while IFS= read -r -d $'\0' fuzz_harness; do
compile_python_fuzzer "$fuzz_harness"

common_base_dictionary_filename="$SEED_DATA_DIR/__base.dict"
if [[ -r "$common_base_dictionary_filename" ]]; then
# Strip the `.py` extension from the filename and replace it with `.dict`.
fuzz_harness_dictionary_filename="$(basename "$fuzz_harness" .py).dict"
output_file="$OUT/$fuzz_harness_dictionary_filename"

printf 'Appending %s to %s\n' "$common_base_dictionary_filename" "$output_file"
# Ensure a newline is added at the end of the file before appending,
# but only if the file already exists and is not empty.
if [[ -s "$output_file" ]]; then
echo >> "$output_file"
fi
cat "$common_base_dictionary_filename" >> "$output_file"
fi
done
28 changes: 17 additions & 11 deletions projects/gitpython/fuzz_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,31 +12,37 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import atheris
import sys
import io
import atheris
from configparser import MissingSectionHeaderError, ParsingError

import configparser
from git import GitConfigParser
with atheris.instrument_imports():
from git import GitConfigParser


def TestOneInput(data):
fdp = atheris.FuzzedDataProvider(data)
sio = io.BytesIO(data)
sio.name = "/tmp/fuzzconfig.config"
git_config = GitConfigParser(sio)
try:
git_config.read()
except configparser.MissingSectionHeaderError:
pass
except configparser.ParsingError:
pass
except UnicodeDecodeError:
pass
except (MissingSectionHeaderError, ParsingError, UnicodeDecodeError):
return -1 # Reject inputs raising expected exceptions
except (IndexError, ValueError) as e:
if isinstance(e, IndexError) and "string index out of range" in str(e):
# Known possibility that might be patched
# See: https://github.com/gitpython-developers/GitPython/issues/1887
pass
elif isinstance(e, ValueError) and "embedded null byte" in str(e):
# The `os.path.expanduser` function, which does not accept strings
# containing null bytes might raise this.
return -1
else:
raise e # Raise unanticipated exceptions as they might be bugs


def main():
atheris.instrument_all()
atheris.Setup(sys.argv, TestOneInput)
atheris.Fuzz()

Expand Down
11 changes: 6 additions & 5 deletions projects/gitpython/fuzz_tree.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,15 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import atheris
import io
import sys
import os
import shutil
import atheris

from git.objects import Tree
from git import Repo
with atheris.instrument_imports():
from git.objects import Tree
from git.repo import Repo


def TestOneInput(data):
Expand All @@ -45,11 +47,10 @@ def TestOneInput(data):
try:
fuzz_tree._deserialize(io.BytesIO(data))
except IndexError:
pass
return -1


def main():
atheris.instrument_all()
atheris.Setup(sys.argv, TestOneInput)
atheris.Fuzz()

Expand Down