[sqlalchemy] Initial integration (#5740)

4 files changed, 112 insertions, 0 deletions

diff --git a/projects/sqlalchemy/Dockerfile b/projects/sqlalchemy/Dockerfile
new file mode 100644
index 000000000..7881f0bca
--- /dev/null
+++ b/projects/sqlalchemy/Dockerfile
@@ -0,0 +1,20 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN git clone --depth 1 --branch rel_1_3 https://github.com/sqlalchemy/sqlalchemy
+WORKDIR $SRC/sqlalchemy
+COPY build.sh sqlalchemy_fuzzer.py $SRC/
diff --git a/projects/sqlalchemy/build.sh b/projects/sqlalchemy/build.sh
new file mode 100644
index 000000000..8f4bee46e
--- /dev/null
+++ b/projects/sqlalchemy/build.sh
@@ -0,0 +1,31 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+python3 setup.py install
+for fuzzer in $(find $SRC -name '*_fuzzer.py'); do
+  fuzzer_basename=$(basename -s .py $fuzzer)
+  fuzzer_package=${fuzzer_basename}.pkg
+  pyinstaller --distpath $OUT --onefile --name $fuzzer_package $fuzzer
+
+  # Create execution wrapper.
+  echo "#!/bin/sh
+# LLVMFuzzerTestOneInput for fuzzer detection.
+this_dir=\$(dirname \"\$0\")
+ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \
+\$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename
+  chmod u+x $OUT/$fuzzer_basename
+done
diff --git a/projects/sqlalchemy/project.yaml b/projects/sqlalchemy/project.yaml
new file mode 100644
index 000000000..2fe9bf515
--- /dev/null
+++ b/projects/sqlalchemy/project.yaml
@@ -0,0 +1,11 @@
+homepage: "https://www.sqlalchemy.org"
+language: python
+primary_contact: "mike_mp@zzzcomputing.com"
+auto_ccs:
+  - "Adam@adalogics.com"
+fuzzing_engines:
+  - libfuzzer
+sanitizers:
+  - address
+  - undefined
+main_repo: "ihttps://github.com/sqlalchemy/sqlalchemy"
diff --git a/projects/sqlalchemy/sqlalchemy_fuzzer.py b/projects/sqlalchemy/sqlalchemy_fuzzer.py
new file mode 100644
index 000000000..64c53ee19
--- /dev/null
+++ b/projects/sqlalchemy/sqlalchemy_fuzzer.py
@@ -0,0 +1,50 @@
+#!/usr/bin/python3
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import sys
+import atheris
+
+import sqlalchemy
+from sqlalchemy import create_engine
+from sqlalchemy import Table, Column, Integer, String, MetaData
+from sqlalchemy.sql import text
+
+def TestOneInput(input_bytes):
+    try:
+        sql_string = input_bytes.decode("utf-8")
+        metadata = MetaData()
+        fuzz_table = Table('fuzz_table', metadata,
+          Column('id', Integer, primary_key=True),
+          Column('column1', String),
+          Column('column2', String),
+        )
+
+        engine = create_engine('sqlite:///fuzz.db')
+        metadata.create_all(engine)
+        statement = text(sql_string)
+        with engine.connect() as conn:            
+            conn.execute(statement)
+    except Exception as e:
+        pass
+
+
+def main():
+  atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True)
+  atheris.Fuzz()
+
+
+if __name__ == "__main__":
+  main()