diff options
| -rw-r--r-- | infra/base-images/base-builder/Dockerfile | 3 | ||||
| -rwxr-xr-x | infra/base-images/base-builder/compile | 2 | ||||
| -rw-r--r-- | projects/bleach/linkify_fuzzer.py | 3 | ||||
| -rw-r--r-- | projects/bleach/sanitize_fuzzer.py | 3 | ||||
| -rw-r--r-- | projects/bs4/bs4_fuzzer.py | 8 | ||||
| -rw-r--r-- | projects/pygments/pygments_fuzzer.py | 8 | ||||
| -rw-r--r-- | projects/python-lz4/fuzz_lz4.py | 3 | ||||
| -rw-r--r-- | projects/pyyaml/fuzz_loader.py | 4 | ||||
| -rw-r--r-- | projects/pyyaml/fuzz_reader.py | 6 | ||||
| -rw-r--r-- | projects/scapy/pcap_fuzzer.py | 11 | ||||
| -rw-r--r-- | projects/sqlalchemy/sqlalchemy_fuzzer.py | 10 | ||||
| -rw-r--r-- | projects/ujson/hypothesis_structured_fuzzer.py | 3 | ||||
| -rwxr-xr-x | projects/ujson/json_differential_fuzzer.py | 10 | ||||
| -rwxr-xr-x | projects/ujson/ujson_fuzzer.py | 2 | ||||
| -rw-r--r-- | projects/urllib3/fuzz_urlparse.py | 1 |
15 files changed, 49 insertions, 28 deletions
diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile index 7522338b4..25f28ef94 100644 --- a/infra/base-images/base-builder/Dockerfile +++ b/infra/base-images/base-builder/Dockerfile @@ -63,8 +63,9 @@ RUN export PYTHON_DEPS="\ # Install latest atheris for python fuzzing, pyinstaller for fuzzer packaging, # six for Bazel rules. +RUN echo ATHERIS INSTALL RUN unset CFLAGS CXXFLAGS && pip3 install -v --no-cache-dir \ - atheris==1.0.11 pyinstaller==4.1 six==1.15.0 && \ + atheris>=2.0.6 pyinstaller==4.1 six==1.15.0 && \ rm -rf /tmp/* # Download and install the latest stable Go. diff --git a/infra/base-images/base-builder/compile b/infra/base-images/base-builder/compile index 696359871..9af91b2e4 100755 --- a/infra/base-images/base-builder/compile +++ b/infra/base-images/base-builder/compile @@ -118,7 +118,7 @@ export CFLAGS="$CFLAGS $SANITIZER_FLAGS $COVERAGE_FLAGS" export CXXFLAGS="$CFLAGS $CXXFLAGS_EXTRA" if [ "$FUZZING_LANGUAGE" = "python" ]; then - sanitizer_with_fuzzer_lib_dir=`python3 -c "import atheris; import os; print(os.path.dirname(atheris.path()))"` + sanitizer_with_fuzzer_lib_dir=`python3 -c "import atheris; import os; print(atheris.path())"` sanitizer_with_fuzzer_output_lib=$OUT/sanitizer_with_fuzzer.so if [ "$SANITIZER" = "address" ]; then cp $sanitizer_with_fuzzer_lib_dir/asan_with_fuzzer.so $sanitizer_with_fuzzer_output_lib diff --git a/projects/bleach/linkify_fuzzer.py b/projects/bleach/linkify_fuzzer.py index 6a42b079c..7de97641f 100644 --- a/projects/bleach/linkify_fuzzer.py +++ b/projects/bleach/linkify_fuzzer.py @@ -16,7 +16,8 @@ import sys import atheris -import bleach +with atheris.instrument_imports(): + import bleach def TestOneInput(input_bytes): diff --git a/projects/bleach/sanitize_fuzzer.py b/projects/bleach/sanitize_fuzzer.py index 33378167c..3ae4344ce 100644 --- a/projects/bleach/sanitize_fuzzer.py +++ b/projects/bleach/sanitize_fuzzer.py @@ -16,7 +16,8 @@ import sys import atheris -import bleach +with atheris.instrument_imports(): + import bleach def TestOneInput(input_bytes): diff --git a/projects/bs4/bs4_fuzzer.py b/projects/bs4/bs4_fuzzer.py index 119426174..b5125121a 100644 --- a/projects/bs4/bs4_fuzzer.py +++ b/projects/bs4/bs4_fuzzer.py @@ -14,12 +14,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -import logging import sys -import warnings import atheris -from bs4 import BeautifulSoup +with atheris.instrument_imports(): + import logging + import warnings + from bs4 import BeautifulSoup try: @@ -33,6 +34,7 @@ except ImportError: pass +@atheris.instrument_func def TestOneInput(data): """TestOneInput gets random data from the fuzzer, and throws it at bs4.""" if len(data) < 1: diff --git a/projects/pygments/pygments_fuzzer.py b/projects/pygments/pygments_fuzzer.py index 9d21ba320..feea49934 100644 --- a/projects/pygments/pygments_fuzzer.py +++ b/projects/pygments/pygments_fuzzer.py @@ -16,11 +16,13 @@ import sys import atheris -import pygments -import pygments.formatters -import pygments.lexers +with atheris.instrument_imports(): + import pygments + import pygments.formatters + import pygments.lexers +@atheris.instrument_func def TestOneInput(input_bytes): fdp = atheris.FuzzedDataProvider(input_bytes) data = fdp.ConsumeUnicode(atheris.ALL_REMAINING) diff --git a/projects/python-lz4/fuzz_lz4.py b/projects/python-lz4/fuzz_lz4.py index ff6787d1b..6a7e21d22 100644 --- a/projects/python-lz4/fuzz_lz4.py +++ b/projects/python-lz4/fuzz_lz4.py @@ -15,7 +15,8 @@ import sys import atheris -import lz4.frame +with atheris.instrument_imports(): + import lz4.frame def TestOneInput(data): c =lz4.frame.compress(data) diff --git a/projects/pyyaml/fuzz_loader.py b/projects/pyyaml/fuzz_loader.py index 6600d842b..6cbfaf0c9 100644 --- a/projects/pyyaml/fuzz_loader.py +++ b/projects/pyyaml/fuzz_loader.py @@ -16,9 +16,11 @@ import atheris -import yaml +with atheris.instrument_imports(): + import yaml +@atheris.instrument_func def TestOneInput(input_bytes): try: context = yaml.load(input_bytes, Loader=yaml.FullLoader) diff --git a/projects/pyyaml/fuzz_reader.py b/projects/pyyaml/fuzz_reader.py index d7a0e2cb2..5cd0d1e86 100644 --- a/projects/pyyaml/fuzz_reader.py +++ b/projects/pyyaml/fuzz_reader.py @@ -15,8 +15,10 @@ # limitations under the License. import sys import atheris -import yaml.reader +with atheris.instrument_imports(): + import yaml.reader +@atheris.instrument_func def TestOneInput(data): if len(data) < 1: return @@ -30,7 +32,7 @@ def TestOneInput(data): return def main(): - atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True) + atheris.Setup(sys.argv, TestOneInput) atheris.Fuzz() if __name__ == "__main__": diff --git a/projects/scapy/pcap_fuzzer.py b/projects/scapy/pcap_fuzzer.py index aaf1f5ffb..0b72f0abb 100644 --- a/projects/scapy/pcap_fuzzer.py +++ b/projects/scapy/pcap_fuzzer.py @@ -14,13 +14,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -import io import sys import atheris -import scapy -import scapy.error -import scapy.utils +with atheris.instrument_imports(): + import io + import scapy + import scapy.error + import scapy.utils def TestOneInput(input_bytes): @@ -31,7 +32,7 @@ def TestOneInput(input_bytes): def main(): - atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True) + atheris.Setup(sys.argv, TestOneInput) atheris.Fuzz() diff --git a/projects/sqlalchemy/sqlalchemy_fuzzer.py b/projects/sqlalchemy/sqlalchemy_fuzzer.py index 64c53ee19..d3ae577ba 100644 --- a/projects/sqlalchemy/sqlalchemy_fuzzer.py +++ b/projects/sqlalchemy/sqlalchemy_fuzzer.py @@ -17,11 +17,13 @@ import sys import atheris -import sqlalchemy -from sqlalchemy import create_engine -from sqlalchemy import Table, Column, Integer, String, MetaData -from sqlalchemy.sql import text +with atheris.instrument_imports(): + import sqlalchemy + from sqlalchemy import create_engine + from sqlalchemy import Table, Column, Integer, String, MetaData + from sqlalchemy.sql import text +@atheris.instrument_func def TestOneInput(input_bytes): try: sql_string = input_bytes.decode("utf-8") diff --git a/projects/ujson/hypothesis_structured_fuzzer.py b/projects/ujson/hypothesis_structured_fuzzer.py index c07a2cf5f..ef43c263d 100644 --- a/projects/ujson/hypothesis_structured_fuzzer.py +++ b/projects/ujson/hypothesis_structured_fuzzer.py @@ -58,6 +58,7 @@ UJSON_ENCODE_KWARGS = { @given(obj=JSON_OBJECTS, kwargs=st.fixed_dictionaries(UJSON_ENCODE_KWARGS)) +@atheris.instrument_func def test_ujson_roundtrip(obj, kwargs): """Check that all JSON objects round-trip regardless of other options.""" assert obj == ujson.decode(ujson.encode(obj, **kwargs)) @@ -68,5 +69,5 @@ if __name__ == "__main__": # and minimize any failures discovered by earlier runs or by OSS-Fuzz, or # briefly search for new failures if none are known. # Or, when running via OSS-Fuzz, we'll execute it via the fuzzing hook: - atheris.Setup(sys.argv, test_ujson_roundtrip.hypothesis.fuzz_one_input) + atheris.Setup(sys.argv, atheris.instrument_func(test_ujson_roundtrip.hypothesis.fuzz_one_input)) atheris.Fuzz() diff --git a/projects/ujson/json_differential_fuzzer.py b/projects/ujson/json_differential_fuzzer.py index fd26de18f..4ab012c54 100755 --- a/projects/ujson/json_differential_fuzzer.py +++ b/projects/ujson/json_differential_fuzzer.py @@ -37,12 +37,15 @@ values that are too big or too small is techincally fine; however, misinterpreting them is not. """ -import atheris_no_libfuzzer as atheris -import json -import ujson +import atheris import sys +with atheris.instrument_imports(): + import json + import ujson + +@atheris.instrument_func def ClearAllIntegers(data): """Used to prevent known bug; sets all integers in data recursively to 0.""" if type(data) == int: @@ -56,6 +59,7 @@ def ClearAllIntegers(data): return data +@atheris.instrument_func def TestOneInput(input_bytes): fdp = atheris.FuzzedDataProvider(input_bytes) original = fdp.ConsumeUnicode(sys.maxsize) diff --git a/projects/ujson/ujson_fuzzer.py b/projects/ujson/ujson_fuzzer.py index c785ec6ce..51b33a9ff 100755 --- a/projects/ujson/ujson_fuzzer.py +++ b/projects/ujson/ujson_fuzzer.py @@ -29,7 +29,7 @@ coverage. """ import sys -import atheris_no_libfuzzer as atheris +import atheris import ujson diff --git a/projects/urllib3/fuzz_urlparse.py b/projects/urllib3/fuzz_urlparse.py index f2fcd9bbd..81c016453 100644 --- a/projects/urllib3/fuzz_urlparse.py +++ b/projects/urllib3/fuzz_urlparse.py @@ -33,5 +33,6 @@ def main(): atheris.Fuzz() if __name__ == "__main__": + atheris.instrument_all() main() |