Coverage for /pythoncovmergedfiles/medio/medio/src/fuzz_resources_process.py: 87%

249 statements  

« prev     ^ index     » next       coverage.py v7.3.2, created at 2023-12-08 06:51 +0000

1###### Coverage stub 

2import atexit 

3import coverage 

4cov = coverage.coverage(data_file='.coverage', cover_pylib=True) 

5cov.start() 

6# Register an exist handler that will print coverage 

7def exit_handler(): 

8 cov.stop() 

9 cov.save() 

10atexit.register(exit_handler) 

11####### End of coverage stub 

12#!/usr/bin/python3 

13# Copyright 2023 Google LLC 

14# 

15# Licensed under the Apache License, Version 2.0 (the "License"); 

16# you may not use this file except in compliance with the License. 

17# You may obtain a copy of the License at 

18# 

19# http://www.apache.org/licenses/LICENSE-2.0 

20# 

21# Unless required by applicable law or agreed to in writing, software 

22# distributed under the License is distributed on an "AS IS" BASIS, 

23# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 

24# See the License for the specific language governing permissions and 

25# limitations under the License. 

26 

27import os 

28import sys 

29import atheris 

30from botocore.exceptions import ClientError, ProfileNotFound 

31 

32with atheris.instrument_imports(): 

33 from c7n import policy as c7n_policy 

34 from c7n import exceptions, data, query, manager 

35 

36 from c7n.filters import FilterRegistry 

37 from c7n.actions import ActionRegistry 

38 from c7n.resources.aws import AWS 

39 

40 from c7n.resources import ml, sar, s3control, ec2, ebs 

41 from c7n.resources import batch, mq, route53, securityhub 

42 from c7n.resources import vpc, shield, iam, sfn, cloudtrail 

43 from c7n.resources import code, appflow, awslambda, emr, ami 

44 from c7n.resources import secretsmanager, airflow, account 

45 from c7n.resources import cloudfront, elasticsearch 

46 

47def TestOneInput(data): 

48 """Fuzz validate functions in resources package""" 

49 registry_type = [ 

50 'c7n.data', 'rds-param-group', 'elasticache', 'ec2', 'emr', 

51 'aws.account', 'rest-account', 'elb', 's3', 'iac', 'rds', 

52 'glue-catalog', 'app-elb-target-group' 

53 ] 

54 provider = 'aws' 

55 object = None 

56 event = None 

57 resources_object = None 

58 

59 fdp = atheris.FuzzedDataProvider(data) 

60 choice = fdp.ConsumeIntInRange(1, 58) 

61 

62 option = FuzzOption(fdp) 

63 data = _generate_random_dict(fdp) 

64 manager_data = _generate_random_dict(fdp) 

65 

66 type = fdp.PickValueInList(registry_type) 

67 action_registry = ActionRegistry("%s.actions" % type) 

68 filter_registry = FilterRegistry("%s.filters" % type) 

69 

70 context = FuzzContext(provider, option) 

71 resource_manager = query.QueryResourceManager(context, manager_data) 

72 resource_manager.action_registry = action_registry 

73 resource_manager.filter_registry = filter_registry 

74 resource_manager.type = type 

75 resource_manager.config = FuzzConfig(fdp) 

76 resources = manager.resources 

77 

78 initializeResources(context, manager_data) 

79 

80 try: 

81 if choice == 1: 

82 object = ml.DeleteMLModel(data = data, manager = resource_manager) 

83 elif choice == 2: 

84 object = sar.Delete(data = data, manager = resource_manager) 

85 elif choice == 3: 

86 object = sar.CrossAccount(data = data, manager = resource_manager) 

87 elif choice == 4: 

88 object = s3control.AccessPointCrossAccount(data = data, manager = resource_manager) 

89 elif choice == 5: 

90 object = s3control.Delete(data = data, manager = resource_manager) 

91 elif choice == 6: 

92 object = ec2.MonitorInstances(data = data, manager = resource_manager) 

93 elif choice == 7: 

94 resources_object = batch.UpdateComputeEnvironment(data = data, manager = resource_manager) 

95 elif choice == 8: 

96 resources_object = batch.DeleteComputeEnvironment(data = data, manager = resource_manager) 

97 elif choice == 9: 

98 resources_object = batch.DefinitionDeregister(data = data, manager = resource_manager) 

99 elif choice == 10: 

100 resources_object = mq.Delete(data = data, manager = resource_manager) 

101 elif choice == 11: 

102 resources_object = route53.SetQueryLogging(data = data, manager = resource_manager) 

103 resources_object.validate() 

104 elif choice == 12: 

105 resources_object = route53.IsQueryLoggingEnabled(data = data, manager = resource_manager) 

106 event = _generate_random_dict(fdp) 

107 elif choice == 13: 

108 resources_object = route53.ResolverQueryLogConfigAssociate(data = data, manager = resource_manager) 

109 elif choice == 14: 

110 resources_object = route53.ReadinessCheckCrossAccount(data = data, manager = resource_manager) 

111 event = _generate_random_dict(fdp) 

112 elif choice == 15: 

113 resources_object = securityhub.SecurityHubFindingFilter(data = data, manager = resource_manager) 

114 event = _generate_random_dict(fdp) 

115 resources_object.validate() 

116 elif choice == 16: 

117 resources_object = securityhub.PostFinding(data = data, manager = resource_manager) 

118 event = _generate_random_dict(fdp) 

119 resources_object.validate() 

120 elif choice == 17: 

121 resources_object = cloudfront.IsWafEnabled(data = data, manager = resource_manager) 

122 event = _generate_random_dict(fdp) 

123 elif choice == 18: 

124 resources_object = vpc.ModifyVpc(data = data, manager = resource_manager) 

125 elif choice == 19: 

126 resources_object = vpc.DeleteVpc(data = data, manager = resource_manager) 

127 elif choice == 20: 

128 resources_object = shield.SetShieldProtection(data = data, manager = resource_manager) 

129 elif choice == 21: 

130 resources_object = iam.SetBoundary(data = data, manager = resource_manager) 

131 resources_object.validate() 

132 elif choice == 22: 

133 resources_object = iam.CertificateDelete(data = data, manager = resource_manager) 

134 elif choice == 23: 

135 resources_object = iam.SetPolicy(data = data, manager = resource_manager) 

136 resources_object.validate() 

137 elif choice == 24: 

138 resources_object = iam.RoleDelete(data = data, manager = resource_manager) 

139 elif choice == 25: 

140 resources_object = sfn.InvokeStepFunction(data = data, manager = resource_manager) 

141 elif choice == 26: 

142 resources_object = cloudtrail.Status(data = data, manager = resource_manager) 

143 event = _generate_random_dict(fdp) 

144 elif choice == 27: 

145 resources_object = cloudtrail.EventSelectors(data = data, manager = resource_manager) 

146 event = _generate_random_dict(fdp) 

147 elif choice == 28: 

148 resources_object = cloudtrail.UpdateTrail(data = data, manager = resource_manager) 

149 resources_object.validate() 

150 elif choice == 29: 

151 resources_object = cloudtrail.DeleteTrail(data = data, manager = resource_manager) 

152 elif choice == 30: 

153 resources_object = code.DeleteApplication(data = data, manager = resource_manager) 

154 elif choice == 31: 

155 resources_object = code.DeleteDeploymentGroup(data = data, manager = resource_manager) 

156 elif choice == 32: 

157 resources_object = appflow.DeleteAppFlowResource(data = data, manager = resource_manager) 

158 elif choice == 33: 

159 resources_object = awslambda.LambdaEnableXrayTracing(data = data, manager = resource_manager) 

160 elif choice == 34: 

161 resources_object = awslambda.LambdaEventSource(data = data, manager = resource_manager) 

162 event = _generate_random_dict(fdp) 

163 elif choice == 35: 

164 resources_object = awslambda.LambdaCrossAccountAccessFilter(data = data, manager = resource_manager) 

165 event = _generate_random_dict(fdp) 

166 elif choice == 36: 

167 resources_object = awslambda.VersionTrim(data = data, manager = resource_manager) 

168 elif choice == 37: 

169 resources_object = awslambda.RemovePolicyStatement(data = data, manager = resource_manager) 

170 elif choice == 38: 

171 resources_object = awslambda.LayerCrossAccount(data = data, manager = resource_manager) 

172 event = _generate_random_dict(fdp) 

173 elif choice == 39: 

174 resources_object = awslambda.LayerRemovePermissions(data = data, manager = resource_manager) 

175 elif choice == 40: 

176 resources_object = awslambda.DeleteLayerVersion(data = data, manager = resource_manager) 

177 elif choice == 41: 

178 resources_object = emr.EMRSecurityConfigurationFilter(data = data, manager = resource_manager) 

179 event = _generate_random_dict(fdp) 

180 elif choice == 42: 

181 resources_object = emr.DeleteEMRSecurityConfiguration(data = data, manager = resource_manager) 

182 elif choice == 43: 

183 resources_object = emr.EMRServerlessDelete(data = data, manager = resource_manager) 

184 elif choice == 44: 

185 resources_object = ami.AmiCrossAccountFilter(data = data, manager = resource_manager) 

186 event = _generate_random_dict(fdp) 

187 elif choice == 45: 

188 resources_object = secretsmanager.CrossAccountAccessFilter(data = data, manager = resource_manager) 

189 event = _generate_random_dict(fdp) 

190 elif choice == 46: 

191 resources_object = secretsmanager.HasStatementFilter(data = data, manager = resource_manager) 

192 event = _generate_random_dict(fdp) 

193 elif choice == 47: 

194 resources_object = airflow.UpdateApacheAirflowEnvironment(data = data, manager = resource_manager) 

195 elif choice == 48: 

196 resources_object = airflow.DeleteApacheAirflowEnvironment(data = data, manager = resource_manager) 

197 elif choice == 49: 

198 resources_object = account.AccountCredentialReport(data = data, manager = resource_manager) 

199 event = _generate_random_dict(fdp) 

200 elif choice == 50: 

201 resources_object = account.AccountOrganization(data = data, manager = resource_manager) 

202 event = _generate_random_dict(fdp) 

203 elif choice == 51: 

204 resources_object = account.MacieEnabled(data = data, manager = resource_manager) 

205 event = _generate_random_dict(fdp) 

206 elif choice == 52: 

207 resources_object = account.CloudTrailEnabled(data = data, manager = resource_manager) 

208 event = _generate_random_dict(fdp) 

209 elif choice == 53: 

210 resources_object = account.ConfigEnabled(data = data, manager = resource_manager) 

211 event = _generate_random_dict(fdp) 

212 elif choice == 54: 

213 resources_object = account.IAMSummary(data = data, manager = resource_manager) 

214 event = _generate_random_dict(fdp) 

215 elif choice == 55: 

216 resources_object = account.AccessAnalyzer(data = data, manager = resource_manager) 

217 event = _generate_random_dict(fdp) 

218 elif choice == 56: 

219 resources_object = account.AccountPasswordPolicy(data = data, manager = resource_manager) 

220 event = _generate_random_dict(fdp) 

221 elif choice == 57: 

222 resources_object = elasticsearch.ElasticSearchCrossAccountAccessFilter(data = data, manager = resource_manager) 

223 event = _generate_random_dict(fdp) 

224 elif choice == 58: 

225 resources_object = elasticsearch.ElasticSearchCrossClusterFilter(data = data, manager = resource_manager) 

226 event = _generate_random_dict(fdp) 

227 

228 if object: 

229 object.process(data) 

230 if resources_object: 

231 if event: 

232 resources_object.process(resources, event) 

233 else: 

234 resources_object.process(resources) 

235 except ( 

236 ValueError, ClientError, ProfileNotFound, 

237 KeyError, TypeError, 

238 exceptions.PolicyValidationError): 

239 pass 

240 except AttributeError as e: 

241 if "object has no attribute" not in str(e): 

242 raise e 

243 

244 

245def _generate_random_dict(fdp): 

246 map = dict() 

247 

248 for count in range(fdp.ConsumeIntInRange(1, 100)): 

249 map[fdp.ConsumeUnicodeNoSurrogates(1024)] = fdp.ConsumeUnicodeNoSurrogates(1024) 

250 

251 map["name"] = fdp.ConsumeUnicodeNoSurrogates(1024) 

252 

253 return map 

254 

255 

256def initializeProviders(): 

257 AWS() 

258 

259 

260def initializeResources(ctx, data): 

261 ebs.EBS(ctx, data) 

262 ebs.Snapshot(ctx, data) 

263 ami.AMI(ctx, data) 

264 route53.ResolverQueryLogConfig(ctx, data) 

265 emr.EMRSecurityConfiguration(ctx, data) 

266 

267 

268def main(): 

269 initializeProviders() 

270 

271 atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True) 

272 atheris.Fuzz() 

273 

274 

275class FuzzContext: 

276 def __init__(self, name, option): 

277 self.options = None 

278 self.session_factory = c7n_policy.get_session_factory(name, option) 

279 self.policy = FuzzPolicy(name) 

280 self.tracer = FuzzTracer() 

281 self.execution_id = "id" 

282 self.start_time = "1234567890" 

283 

284 

285class FuzzPolicy: 

286 def __init__(self, provider_name): 

287 self.provider_name = provider_name 

288 self.name = "FuzzName" 

289 

290 

291class FuzzTracer: 

292 def subsegment(type): 

293 return True 

294 

295 

296class FuzzOption: 

297 def __init__(self, fdp): 

298 self.region = fdp.ConsumeUnicodeNoSurrogates(1024) 

299 self.profile = fdp.ConsumeUnicodeNoSurrogates(1024) 

300 self.assume_role = fdp.ConsumeUnicodeNoSurrogates(1024) 

301 self.external_id = fdp.ConsumeUnicodeNoSurrogates(1024) 

302 

303 

304class FuzzConfig: 

305 def __init__(self, fdp): 

306 self.account_id = fdp.ConsumeUnicodeNoSurrogates(1024) 

307 self.region = fdp.ConsumeUnicodeNoSurrogates(1024) 

308 

309 

310if __name__ == "__main__": 

311 main() 

312