Fuzz introspector: fuzz_sign_with_valid_key_verify_with_invalid_key
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
29 87 model_signing.hashing.Config.hash call site: 00087 model_signing.hashing.Config._build_sharded_file_hasher_factory._factory
21 132 model_signing._signing.sign_sigstore_pb.pae call site: 00132 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material
21 248 model_signing.verifying.Config.verify call site: 00248 model_signing.verifying.Config._get_manifest_diff
10 0 EP call site: 00000 atheris.FuzzedDataProvider
9 176 model_signing._signing.sign_ec_key.Signer._get_verification_material call site: 00176 model_signing._signing.sign_certificate.Signer._get_verification_material
9 231 model_signing.verifying.Config._guess_hashing_config call site: 00231 model_signing.hashing.Config.use_shard_serialization
8 49 model_signing.hashing.Config.hash call site: 00049 model_signing.hashing.Config._build_sharded_file_hasher_factory._factory
8 154 model_signing.signing.Config.sign call site: 00154 model_signing._signing.sign_sigstore.Signer._get_identity_token
7 32 ...model-transparency.tests.fuzzing.fuzz_sign_with_valid_key_verify_with_invalid_key.TestOneInput call site: 00032 model_signing.signing.Config.use_sigstore_signer
5 200 ...model-transparency.tests.fuzzing.fuzz_sign_with_valid_key_verify_with_invalid_key.TestOneInput call site: 00200 model_signing._signing.sign_sigstore.Signature.read
4 81 model_signing._serialization.file.Serializer.serialize call site: 00081 .list
4 165 model_signing._signing.sign_ec_key.Signer.sign call site: 00165 model_signing._signing.sign_sigstore_pb.pae

Fuzzer calltree

0 ...model-transparency.tests.fuzzing.fuzz_sign_with_valid_key_verify_with_invalid_key.TestOneInput [function] [call site] 00000
1 atheris.FuzzedDataProvider [function] [call site] 00001
1 fdp.ConsumeIntInRange [function] [call site] 00002
1 fdp.ConsumeBytes [function] [call site] 00003
1 tempfile.TemporaryDirectory [function] [call site] 00004
1 os.path.join [function] [call site] 00005
1 fdp.ConsumeIntInRange [function] [call site] 00006
1 <builtin>.open [function] [call site] 00007
1 fdp.ConsumeBytes [function] [call site] 00008
1 os.path.join [function] [call site] 00010
1 model_signing.signing.Config.__init__ [function] [call site] 00011
2 model_signing.hashing.Config.__init__ [function] [call site] 00012
3 <builtin>.frozenset [function] [call site] 00013
3 model_signing.hashing.Config.use_file_serialization [function] [call site] 00014
4 model_signing._serialization.file.Serializer.__init__ [function] [call site] 00015
5 pathlib.Path [function] [call site] 00016
5 model_signing.hashing.Config._build_file_hasher_factory._factory [function] [call site] 00017
6 model_signing.hashing.Config._build_stream_hasher [function] [call site] 00018
7 model_signing._hashing.memory.SHA256.__init__ [function] [call site] 00019
8 hashlib.sha256 [function] [call site] 00020
7 model_signing._hashing.memory.BLAKE2.__init__ [function] [call site] 00021
8 hashlib.blake2b [function] [call site] 00022
6 model_signing._hashing.io.SimpleFileHasher.__init__ [function] [call site] 00023
5 model_signing.manifest._FileSerialization.__init__ [function] [call site] 00024
6 <builtin>.str [function] [call site] 00025
4 model_signing.hashing.Config._build_file_hasher_factory [function] [call site] 00026
1 model_signing.signing.Config.use_elliptic_key_signer [function] [call site] 00027
2 pathlib.Path [function] [call site] 00028
2 model_signing._signing.sign_ec_key.Signer.__init__ [function] [call site] 00029
3 private_key_path.read_bytes [function] [call site] 00030
3 model_signing._signing.sign_ec_key._check_supported_ec_key [function] [call site] 00031
1 model_signing.signing.Config.sign [function] [call site] 00032
2 model_signing.signing.Config.use_sigstore_signer [function] [call site] 00033
3 model_signing._signing.sign_sigstore.Signer.__init__ [function] [call site] 00034
4 sigstore.sign.SigningContext.staging [function] [call site] 00035
4 sigstore.oidc.Issuer.staging [function] [call site] 00036
4 sigstore.sign.SigningContext.production [function] [call site] 00037
4 sigstore.oidc.Issuer [function] [call site] 00038
4 sigstore.oidc.Issuer.production [function] [call site] 00039
2 model_signing.hashing.Config.hash [function] [call site] 00040
3 pathlib.Path [function] [call site] 00041
3 full.relative_to [function] [call site] 00042
3 ignored_paths.append [function] [call site] 00043
3 ignored_paths.extend [function] [call site] 00044
3 model_signing._serialization.file.Serializer.set_allow_symlinks [function] [call site] 00045
4 pathlib.Path [function] [call site] 00046
4 model_signing.hashing.Config._build_file_hasher_factory._factory [function] [call site] 00047
4 model_signing.manifest._FileSerialization.__init__ [function] [call site] 00048
3 model_signing._serialization.file_shard.Serializer.set_allow_symlinks [function] [call site] 00049
4 pathlib.Path [function] [call site] 00050
4 model_signing.hashing.Config._build_sharded_file_hasher_factory._factory [function] [call site] 00051
5 model_signing.hashing.Config._build_stream_hasher [function] [call site] 00052
5 model_signing._hashing.io.ShardedFileHasher.__init__ [function] [call site] 00053
6 <builtin>.super [function] [call site] 00054
6 model_signing._hashing.io.ShardedFileHasher.set_shard [function] [call site] 00055
4 model_signing.manifest._ShardSerialization.__init__ [function] [call site] 00056
5 <builtin>.str [function] [call site] 00057
3 model_signing._serialization.file.Serializer.serialize [function] [call site] 00058
4 itertools.chain [function] [call site] 00059
4 model_path.glob [function] [call site] 00060
4 model_signing._serialization.serialization.check_file_or_directory [function] [call site] 00061
5 path.is_symlink [function] [call site] 00062
5 path.is_file [function] [call site] 00063
5 path.is_dir [function] [call site] 00064
4 path.is_file [function] [call site] 00065
4 model_signing._serialization.serialization.should_ignore [function] [call site] 00066
5 path.is_relative_to [function] [call site] 00067
5 <builtin>.any [function] [call site] 00068
4 paths.append [function] [call site] 00069
4 concurrent.futures.ThreadPoolExecutor [function] [call site] 00070
4 tpe.submit [function] [call site] 00071
4 concurrent.futures.as_completed [function] [call site] 00072
4 future.result [function] [call site] 00073
4 manifest_items.append [function] [call site] 00074
4 os.path.relpath [function] [call site] 00075
4 rp.startswith [function] [call site] 00076
4 pathlib.Path [function] [call site] 00077
4 rel_ignore_paths.append [function] [call site] 00078
4 pathlib.Path [function] [call site] 00079
4 model_signing.hashing.Config._build_file_hasher_factory._factory [function] [call site] 00080
4 model_signing.manifest._FileSerialization.__init__ [function] [call site] 00081
4 <builtin>.list [function] [call site] 00082
4 <builtin>.frozenset [function] [call site] 00083
4 model_path.resolve [function] [call site] 00084
4 os.path.basename [function] [call site] 00085
4 model_signing.manifest.Manifest.__init__ [function] [call site] 00086
3 model_signing._serialization.file_shard.Serializer.serialize [function] [call site] 00087
4 itertools.chain [function] [call site] 00088
4 model_path.glob [function] [call site] 00089
4 model_signing._serialization.serialization.check_file_or_directory [function] [call site] 00090
4 path.is_file [function] [call site] 00091
4 model_signing._serialization.serialization.should_ignore [function] [call site] 00092
4 model_signing._serialization.file_shard.Serializer._get_shards [function] [call site] 00093
5 path.stat [function] [call site] 00094
5 model_signing._serialization.file_shard._endpoints [function] [call site] 00095
6 <builtin>.range [function] [call site] 00096
5 shards.append [function] [call site] 00097
4 shards.extend [function] [call site] 00098
4 concurrent.futures.ThreadPoolExecutor [function] [call site] 00099
4 tpe.submit [function] [call site] 00100
4 concurrent.futures.as_completed [function] [call site] 00101
4 future.result [function] [call site] 00102
4 manifest_items.append [function] [call site] 00103
4 os.path.relpath [function] [call site] 00104
4 rp.startswith [function] [call site] 00105
4 pathlib.Path [function] [call site] 00106
4 rel_ignore_paths.append [function] [call site] 00107
4 pathlib.Path [function] [call site] 00108
4 model_signing.hashing.Config._build_sharded_file_hasher_factory._factory [function] [call site] 00109
4 model_signing.manifest._ShardSerialization.__init__ [function] [call site] 00110
4 <builtin>.list [function] [call site] 00111
4 <builtin>.frozenset [function] [call site] 00112
4 model_path.resolve [function] [call site] 00113
4 os.path.basename [function] [call site] 00114
4 model_signing.manifest.Manifest.__init__ [function] [call site] 00115
3 pathlib.Path [function] [call site] 00116
2 model_signing._signing.signing.Payload.__init__ [function] [call site] 00117
3 model_signing._hashing.memory.SHA256.__init__ [function] [call site] 00118
3 model_signing.manifest.Manifest.resource_descriptors [function] [call site] 00119
4 <builtin>.sorted [function] [call site] 00120
4 <builtin>.str [function] [call site] 00121
3 model_signing._hashing.memory.SHA256.update [function] [call site] 00122
3 resources.append [function] [call site] 00123
3 model_signing._hashing.memory.SHA256.compute [function] [call site] 00124
3 statement.ResourceDescriptor [function] [call site] 00125
3 statement.Statement [function] [call site] 00126
2 model_signing._signing.sign_pkcs11.Signer.sign [function] [call site] 00127
3 google.protobuf.json_format.MessageToJson [function] [call site] 00128
3 model_signing._signing.sign_ec_key.get_ec_key_hash [function] [call site] 00129
3 model_signing._signing.sign_sigstore_pb.pae [function] [call site] 00130
4 <builtin>.len [function] [call site] 00131
4 <builtin>.len [function] [call site] 00132
3 hash.update [function] [call site] 00133
3 hash.finalize [function] [call site] 00134
3 PyKCS11.Mechanism [function] [call site] 00135
3 asn1crypto.algos.DSASignature.from_p1363 [function] [call site] 00136
3 sigstore_protobuf_specs.io.intoto.Signature [function] [call site] 00137
3 sigstore_protobuf_specs.io.intoto.Envelope [function] [call site] 00138
3 model_signing._signing.sign_sigstore_pb.Signature.__init__ [function] [call site] 00139
3 sigstore_protobuf_specs.dev.sigstore.bundle.v1.Bundle [function] [call site] 00140
3 model_signing._signing.sign_pkcs11.Signer._get_verification_material [function] [call site] 00141
4 public_key.public_bytes [function] [call site] 00142
4 hashlib.sha256 [function] [call site] 00143
4 sigstore_protobuf_specs.dev.sigstore.bundle.v1.VerificationMaterial [function] [call site] 00144
4 sigstore_protobuf_specs.dev.sigstore.common.v1.PublicKeyIdentifier [function] [call site] 00145
3 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material [function] [call site] 00146
4 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material._to_protobuf_certificate [function] [call site] 00147
5 sigstore_protobuf_specs.dev.sigstore.common.v1.X509Certificate [function] [call site] 00148
5 certificate.public_bytes [function] [call site] 00149
4 chain.extend [function] [call site] 00150
4 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material._to_protobuf_certificate [function] [call site] 00151
4 sigstore_protobuf_specs.dev.sigstore.bundle.v1.VerificationMaterial [function] [call site] 00152
4 sigstore_protobuf_specs.dev.sigstore.common.v1.X509CertificateChain [function] [call site] 00153
2 model_signing._signing.sign_sigstore.Signer.sign [function] [call site] 00154
3 sigstore.dsse.Statement [function] [call site] 00155
3 google.protobuf.json_format.MessageToJson [function] [call site] 00156
3 model_signing._signing.sign_sigstore.Signer._get_identity_token [function] [call site] 00157
4 sigstore.oidc.IdentityToken [function] [call site] 00158
4 sigstore.oidc.detect_credential [function] [call site] 00159
4 sigstore.oidc.IdentityToken [function] [call site] 00160
3 signer.sign_dsse [function] [call site] 00161
3 model_signing._signing.sign_sigstore.Signature.__init__ [function] [call site] 00162
2 model_signing._signing.sign_ec_key.Signer.sign [function] [call site] 00163
3 google.protobuf.json_format.MessageToJson [function] [call site] 00164
3 sigstore_protobuf_specs.io.intoto.Signature [function] [call site] 00165
3 model_signing._signing.sign_sigstore_pb.pae [function] [call site] 00166
3 model_signing._signing.sign_ec_key.get_ec_key_hash [function] [call site] 00167
3 cryptography.hazmat.primitives.asymmetric.ec.ECDSA.__init__ [function] [call site] 00168
4 cryptography.hazmat.backends.openssl.backend.Backend.ecdsa_deterministic_supported [function] [call site] 00169
3 sigstore_protobuf_specs.io.intoto.Envelope [function] [call site] 00170
3 model_signing._signing.sign_sigstore_pb.Signature.__init__ [function] [call site] 00171
3 sigstore_protobuf_specs.dev.sigstore.bundle.v1.Bundle [function] [call site] 00172
3 model_signing._signing.sign_ec_key.Signer._get_verification_material [function] [call site] 00173
4 public_key.public_bytes [function] [call site] 00174
4 hashlib.sha256 [function] [call site] 00175
4 sigstore_protobuf_specs.dev.sigstore.bundle.v1.VerificationMaterial [function] [call site] 00176
4 sigstore_protobuf_specs.dev.sigstore.common.v1.PublicKeyIdentifier [function] [call site] 00177
3 model_signing._signing.sign_certificate.Signer._get_verification_material [function] [call site] 00178
4 model_signing._signing.sign_certificate.Signer._get_verification_material._to_protobuf_certificate [function] [call site] 00179
5 sigstore_protobuf_specs.dev.sigstore.common.v1.X509Certificate [function] [call site] 00180
5 certificate.public_bytes [function] [call site] 00181
4 chain.extend [function] [call site] 00182
4 model_signing._signing.sign_certificate.Signer._get_verification_material._to_protobuf_certificate [function] [call site] 00183
4 sigstore_protobuf_specs.dev.sigstore.bundle.v1.VerificationMaterial [function] [call site] 00184
4 sigstore_protobuf_specs.dev.sigstore.common.v1.X509CertificateChain [function] [call site] 00185
2 model_signing.signing.Config.sign [function] [call site] 00186
2 pathlib.Path [function] [call site] 00187
2 model_signing._signing.sign_sigstore.Signature.write [function] [call site] 00188
3 cryptography.hazmat.bindings._rust.ObjectIdentifier.to_json [function] [call site] 00189
3 path.write_text [function] [call site] 00190
1 os.path.join [function] [call site] 00191
1 <builtin>.open [function] [call site] 00192
1 model_signing.verifying.Config.__init__ [function] [call site] 00194
1 model_signing.verifying.Config.use_elliptic_key_verifier [function] [call site] 00195
2 pathlib.Path [function] [call site] 00196
2 model_signing._signing.sign_ec_key.Verifier.__init__ [function] [call site] 00197
3 public_key_path.read_bytes [function] [call site] 00198
3 model_signing._signing.sign_ec_key._check_supported_ec_key [function] [call site] 00199
1 model_signing.verifying.Config.verify [function] [call site] 00200
2 pathlib.Path [function] [call site] 00201
2 model_signing._signing.sign_sigstore.Signature.read [function] [call site] 00202
3 path.read_text [function] [call site] 00203
3 sigstore.models.Bundle.from_json [function] [call site] 00204
3 model_signing._signing.sign_sigstore.Signature.__init__ [function] [call site] 00205
2 pathlib.Path [function] [call site] 00206
2 model_signing._signing.sign_sigstore.Signature.read [function] [call site] 00207
2 model_signing._signing.signing.Verifier.verify [function] [call site] 00208
3 model_signing._signing.sign_sigstore.Verifier._verify_signed_content [function] [call site] 00209
4 typing.cast [function] [call site] 00210
3 json.loads [function] [call site] 00211
3 model_signing._signing.signing.dsse_payload_to_manifest [function] [call site] 00212
4 model_signing._signing.signing.dsse_payload_to_manifest_compat [function] [call site] 00213
5 model_signing.manifest.SerializationType.from_args [function] [call site] 00214
6 subclass._from_args [function] [call site] 00215
5 bytes.fromhex [function] [call site] 00216
5 serialization.new_item [function] [call site] 00217
5 items.append [function] [call site] 00218
5 model_signing.manifest.Manifest.__init__ [function] [call site] 00219
4 <builtin>.len [function] [call site] 00220
4 model_signing.manifest.SerializationType.from_args [function] [call site] 00221
4 model_signing._hashing.memory.SHA256.__init__ [function] [call site] 00222
4 bytes.fromhex [function] [call site] 00223
4 model_signing._hashing.memory.SHA256.update [function] [call site] 00224
4 serialization.new_item [function] [call site] 00225
4 items.append [function] [call site] 00226
4 model_signing._hashing.memory.SHA256.compute [function] [call site] 00227
4 model_signing.manifest.Manifest.__init__ [function] [call site] 00228
2 model_signing.verifying.Config._guess_hashing_config [function] [call site] 00229
3 model_signing.hashing.Config.__init__ [function] [call site] 00230
3 model_signing.hashing.Config.use_file_serialization [function] [call site] 00231
3 <builtin>.frozenset [function] [call site] 00232
3 model_signing.hashing.Config.__init__ [function] [call site] 00233
3 model_signing.hashing.Config.use_shard_serialization [function] [call site] 00234
4 model_signing._serialization.file_shard.Serializer.__init__ [function] [call site] 00235
5 pathlib.Path [function] [call site] 00236
5 model_signing.hashing.Config._build_sharded_file_hasher_factory._factory [function] [call site] 00237
5 model_signing.manifest._ShardSerialization.__init__ [function] [call site] 00238
4 model_signing.hashing.Config._build_sharded_file_hasher_factory [function] [call site] 00239
3 <builtin>.frozenset [function] [call site] 00240
2 model_signing.hashing.Config.add_ignored_paths [function] [call site] 00241
3 <builtin>.set [function] [call site] 00242
3 pathlib.Path [function] [call site] 00243
3 pathlib.Path [function] [call site] 00244
3 full.relative_to [function] [call site] 00245
3 newset.add [function] [call site] 00246
2 model_signing.manifest.Manifest.resource_descriptors [function] [call site] 00247
2 model_signing.hashing.Config.hash [function] [call site] 00248
2 model_signing.verifying.Config._get_manifest_diff [function] [call site] 00249
3 model_signing.manifest.Manifest.resource_descriptors [function] [call site] 00250
3 model_signing.manifest.Manifest.resource_descriptors [function] [call site] 00251
3 actual_hashes.keys [function] [call site] 00252
3 <builtin>.set [function] [call site] 00253
3 <builtin>.set [function] [call site] 00254
3 expected_hashes.keys [function] [call site] 00255
3 diffs.append [function] [call site] 00256
3 <builtin>.sorted [function] [call site] 00257
3 expected_hashes.keys [function] [call site] 00258
3 <builtin>.set [function] [call site] 00259
3 <builtin>.set [function] [call site] 00260
3 actual_hashes.keys [function] [call site] 00261
3 diffs.append [function] [call site] 00262
3 <builtin>.sorted [function] [call site] 00263
3 actual_hashes.keys [function] [call site] 00264
3 <builtin>.set [function] [call site] 00265
3 expected_hashes.keys [function] [call site] 00266
3 <builtin>.set [function] [call site] 00267
3 <builtin>.sorted [function] [call site] 00268
3 diffs.append [function] [call site] 00269