Fuzz introspector: fuzz_sign_then_mutate_verify_with_valid_key
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
74 128 sigstore._internal.sct._pack_signed_entry call site: 00128 sigstore.verify.verifier._validate_dsse_v002_entry_body
39 63 model_signing._signing.signing.Verifier.verify call site: 00063 sigstore.verify.verifier.Verifier.verify_dsse
29 308 model_signing.hashing.Config.hash call site: 00308 model_signing.hashing.Config._build_sharded_file_hasher_factory._factory
22 29 ...model-transparency.tests.fuzzing.fuzz_sign_then_mutate_verify_with_valid_key.TestOneInput call site: 00029 sigstore.models.Bundle.__init__
15 241 model_signing.verifying.Config._guess_hashing_config call site: 00241 model_signing.hashing.Config.use_shard_serialization
11 103 sigstore._internal.sct._get_signed_certificate_timestamp call site: 00103 sigstore._internal.sct._cert_is_ca
6 116 sigstore._utils.key_id call site: 00116 sigstore._internal.sct._pack_digitally_signed
4 207 model_signing.manifest.SerializationType.from_args call site: 00207 bytes.fromhex
4 232 model_signing.hashing.Config._build_stream_hasher call site: 00232 model_signing._hashing.memory.BLAKE2.__init__
4 302 model_signing._serialization.file.Serializer.serialize call site: 00302 .list
3 271 model_signing.hashing.Config.hash call site: 00271 model_signing.hashing.Config._build_sharded_file_hasher_factory._factory
3 343 model_signing.verifying.Config._get_manifest_diff call site: 00343 expected_hashes.keys

Fuzzer calltree

0 ...model-transparency.tests.fuzzing.fuzz_sign_then_mutate_verify_with_valid_key.TestOneInput [function] [call site] 00000
1 atheris.FuzzedDataProvider [function] [call site] 00001
1 tempfile.TemporaryDirectory [function] [call site] 00002
1 tempfile.TemporaryDirectory [function] [call site] 00003
1 pathlib.Path [function] [call site] 00004
1 utils.create_fuzz_files [function] [call site] 00005
1 utils.any_files [function] [call site] 00006
1 <builtin>.str [function] [call site] 00007
1 os.path.join [function] [call site] 00008
1 ...model-transparency.tests.fuzzing.fuzz_sign_then_mutate_verify_with_valid_key._pick_key_spec [function] [call site] 00009
2 <builtin>.len [function] [call site] 00010
2 fdp.ConsumeIntInRange [function] [call site] 00011
1 scfg.use_elliptic_key_signer [function] [call site] 00012
1 signer.sign [function] [call site] 00013
1 pathlib.Path.rglob [function] [call site] 00014
1 p.is_file [function] [call site] 00015
1 <builtin>.len [function] [call site] 00016
1 fdp.ConsumeIntInRange [function] [call site] 00017
1 target.read_bytes [function] [call site] 00018
1 fdp.ConsumeIntInRange [function] [call site] 00019
1 fdp.ConsumeBytes [function] [call site] 00020
1 target.relative_to [function] [call site] 00021
1 utils.safe_write [function] [call site] 00022
1 model_signing.verifying.Config.__init__ [function] [call site] 00023
1 model_signing.verifying.Config.use_elliptic_key_verifier [function] [call site] 00024
2 pathlib.Path [function] [call site] 00025
2 model_signing._signing.sign_ec_key.Verifier.__init__ [function] [call site] 00026
3 public_key_path.read_bytes [function] [call site] 00027
3 model_signing._signing.sign_ec_key._check_supported_ec_key [function] [call site] 00028
1 model_signing.verifying.Config.verify [function] [call site] 00029
2 pathlib.Path [function] [call site] 00030
2 model_signing._signing.sign_sigstore.Signature.read [function] [call site] 00031
3 path.read_text [function] [call site] 00032
3 sigstore.models.Bundle.from_json [function] [call site] 00033
4 sigstore_models.bundle.v1.Bundle.from_json [function] [call site] 00034
4 sigstore.models.Bundle.__init__ [function] [call site] 00035
5 sigstore.models.Bundle._verify [function] [call site] 00036
6 enum.Enum.__init__ [function] [call site] 00037
6 cryptography.hazmat.bindings._rust.x509.load_der_x509_certificate [function] [call site] 00038
6 cryptography.hazmat.bindings._rust.x509.load_der_x509_certificate [function] [call site] 00039
6 sigstore._utils.cert_is_leaf [function] [call site] 00040
7 sigstore._utils.cert_is_ca [function] [call site] 00041
8 cert.extensions.get_extension_for_oid [function] [call site] 00042
8 cert.extensions.get_extension_for_oid [function] [call site] 00043
7 cert.extensions.get_extension_for_oid [function] [call site] 00044
7 cert.extensions.get_extension_for_oid [function] [call site] 00045
6 sigstore._utils.cert_is_root_ca [function] [call site] 00046
7 sigstore._utils.cert_is_ca [function] [call site] 00047
7 cert.verify_directly_issued_by [function] [call site] 00048
6 _logger.warning [function] [call site] 00049
6 <builtin>.len [function] [call site] 00050
6 sigstore.models.TransparencyLogEntry.__init__ [function] [call site] 00051
7 sigstore.models.TransparencyLogEntry._validate [function] [call site] 00052
6 _logger.debug [function] [call site] 00053
3 model_signing._signing.sign_sigstore.Signature.__init__ [function] [call site] 00054
2 pathlib.Path [function] [call site] 00055
2 model_signing._signing.sign_sigstore_pb.Signature.read [function] [call site] 00056
3 path.read_text [function] [call site] 00057
3 json.loads [function] [call site] 00058
3 sigstore_models.bundle.v1.Bundle.from_dict [function] [call site] 00059
3 model_signing._signing.sign_sigstore_pb.Signature.__init__ [function] [call site] 00060
2 model_signing._signing.signing.Verifier.verify [function] [call site] 00061
3 model_signing._signing.signing.Verifier._verify_signed_content [function] [call site] 00062
3 model_signing._signing.sign_sigstore.Verifier._verify_signed_content [function] [call site] 00063
4 typing.cast [function] [call site] 00064
4 sigstore.verify.verifier.Verifier.verify_dsse [function] [call site] 00065
5 sigstore.verify.verifier.Verifier._verify_common_signing_cert [function] [call site] 00066
6 OpenSSL.crypto.X509Store [function] [call site] 00067
6 OpenSSL.crypto.X509Store.set_flags [function] [call site] 00068
6 OpenSSL.crypto.X509Store.add_cert [function] [call site] 00069
6 sigstore.verify.verifier.Verifier._establish_time [function] [call site] 00070
7 sigstore.verify.verifier.Verifier._verify_timestamp_authority [function] [call site] 00071
8 <builtin>.len [function] [call site] 00072
8 <builtin>.len [function] [call site] 00073
8 <builtin>.set [function] [call site] 00074
8 <builtin>.len [function] [call site] 00075
8 <builtin>.len [function] [call site] 00076
8 sigstore.verify.verifier.Verifier._verify_signed_timestamp [function] [call site] 00077
9 certificate_authority.certificates [function] [call site] 00078
9 <builtin>.len [function] [call site] 00079
9 _logger.debug [function] [call site] 00080
9 rfc3161_client.VerifierBuilder [function] [call site] 00081
9 rfc3161_client.VerifierBuilder.tsa_certificate [function] [call site] 00082
9 builder.add_intermediate_certificate [function] [call site] 00083
9 builder.build [function] [call site] 00084
9 verifier.verify_message [function] [call site] 00085
9 _logger.debug [function] [call site] 00086
9 _logger.debug [function] [call site] 00087
7 verified_timestamps.extend [function] [call site] 00088
7 verified_timestamps.append [function] [call site] 00089
7 datetime.datetime.fromtimestamp [function] [call site] 00090
6 <builtin>.len [function] [call site] 00091
6 OpenSSL.crypto.X509.from_cryptography [function] [call site] 00092
6 sigstore.verify.verifier.Verifier._verify_chain_at_time [function] [call site] 00093
7 OpenSSL.crypto.X509Store [function] [call site] 00094
7 OpenSSL.crypto.X509Store.set_flags [function] [call site] 00095
7 OpenSSL.crypto.X509Store.add_cert [function] [call site] 00096
7 OpenSSL.crypto.X509Store.set_time [function] [call site] 00097
7 OpenSSL.crypto.X509StoreContext [function] [call site] 00098
7 OpenSSL.crypto.X509StoreContext.get_verified_chain [function] [call site] 00099
6 sigstore._internal.sct.verify_sct [function] [call site] 00100
7 sigstore._internal.sct._get_signed_certificate_timestamp [function] [call site] 00101
8 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00102
8 <builtin>.len [function] [call site] 00103
7 sigstore._internal.sct._get_issuer_cert [function] [call site] 00104
8 sigstore._internal.sct._is_preissuer [function] [call site] 00105
9 issuer.extensions.get_extension_for_class [function] [call site] 00106
7 issuer_cert.public_key [function] [call site] 00107
7 sigstore._internal.sct._cert_is_ca [function] [call site] 00108
8 _logger.debug [function] [call site] 00109
8 sigstore._utils.cert_is_ca [function] [call site] 00110
8 _logger.debug [function] [call site] 00111
7 <builtin>.isinstance [function] [call site] 00112
7 sigstore._utils.key_id [function] [call site] 00113
8 key.public_bytes [function] [call site] 00114
8 hashlib.sha256 [function] [call site] 00115
8 typing.NewType [function] [call site] 00116
7 sigstore._internal.sct._pack_digitally_signed [function] [call site] 00117
8 <builtin>.len [function] [call site] 00118
8 sigstore._internal.sct._pack_signed_entry [function] [call site] 00119
9 typing.cast.bundle.signing_certificate.public_bytes [function] [call site] 00120
9 <builtin>.len [function] [call site] 00121
9 fields.append [function] [call site] 00122
9 struct.unpack [function] [call site] 00123
9 <builtin>.len [function] [call site] 00124
9 struct.pack [function] [call site] 00125
9 <builtin>.len [function] [call site] 00126
9 pack_format.format [function] [call site] 00127
9 fields.extend [function] [call site] 00128
9 struct.pack [function] [call site] 00129
8 <builtin>.len [function] [call site] 00130
8 sct.timestamp.replace [function] [call site] 00131
8 struct.pack [function] [call site] 00132
8 timestamp.timestamp [function] [call site] 00133
8 <builtin>.int [function] [call site] 00134
8 <builtin>.len [function] [call site] 00135
7 <builtin>.isinstance [function] [call site] 00136
7 sct.log_id.hex [function] [call site] 00137
7 _logger.debug [function] [call site] 00138
7 ct_keyring.verify [function] [call site] 00139
7 typing.NewType [function] [call site] 00140
6 parent_cert.to_cryptography [function] [call site] 00141
6 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00142
6 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00143
6 sigstore.verify.policy.Identity.verify [function] [call site] 00144
7 sigstore.verify.policy._SingleX509ExtPolicy.verify [function] [call site] 00145
8 typing.cast.bundle.signing_certificate.extensions.get_extension_for_oid [function] [call site] 00146
8 ext.value.decode [function] [call site] 00147
7 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00148
7 san_ext.get_values_for_type [function] [call site] 00149
7 <builtin>.set [function] [call site] 00150
7 san_ext.get_values_for_type [function] [call site] 00151
7 all_sans.update [function] [call site] 00152
7 all_sans.update [function] [call site] 00153
7 on.value.decode [function] [call site] 00154
7 san_ext.get_values_for_type [function] [call site] 00155
6 _logger.debug [function] [call site] 00156
6 typing.cast.bundle.log_entry._verify [function] [call site] 00157
5 typing.cast.bundle.signing_certificate.public_key [function] [call site] 00158
5 typing.cast [function] [call site] 00159
5 sigstore.dsse._verify [function] [call site] 00160
6 sigstore.dsse._pae [function] [call site] 00161
7 <builtin>.len [function] [call site] 00162
6 <builtin>.len [function] [call site] 00163
6 cryptography.hazmat.primitives.asymmetric.ec.ECDSA.__init__ [function] [call site] 00164
7 cryptography.hazmat.backends.openssl.backend.Backend.ecdsa_deterministic_supported [function] [call site] 00165
6 typing.cast.verify [function] [call site] 00166
5 sigstore.verify.verifier._validate_dsse_v002_entry_body [function] [call site] 00167
6 sigstore_models.rekor.v2.entry.Entry.from_json [function] [call site] 00168
6 sigstore._utils.sha256_digest [function] [call site] 00169
7 <builtin>.isinstance [function] [call site] 00170
7 <builtin>.isinstance [function] [call site] 00171
7 hashlib.sha256 [function] [call site] 00172
7 sigstore._utils._sha256_streaming [function] [call site] 00173
8 hashlib.sha256 [function] [call site] 00174
8 <builtin>.bytearray [function] [call site] 00175
8 <builtin>.memoryview [function] [call site] 00176
8 io.readinto [function] [call site] 00177
8 sha256.update [function] [call site] 00178
8 io.readinto [function] [call site] 00179
8 sha256.digest [function] [call site] 00180
6 sigstore_models.rekor.v2.verifier.Signature [function] [call site] 00181
6 base64.b64encode [function] [call site] 00182
6 sigstore.verify.verifier._v2_verifier_from_certificate [function] [call site] 00183
7 typing.cast.bundle.signing_certificate.public_key [function] [call site] 00184
7 <builtin>.isinstance [function] [call site] 00185
7 <builtin>.isinstance [function] [call site] 00186
7 <builtin>.isinstance [function] [call site] 00187
7 <builtin>.isinstance [function] [call site] 00188
7 sigstore_models.rekor.v2.verifier.Verifier [function] [call site] 00189
7 sigstore_models.common.v1.X509Certificate [function] [call site] 00190
7 base64.b64encode [function] [call site] 00191
7 typing.cast.bundle.signing_certificate.public_bytes [function] [call site] 00192
5 sigstore.verify.verifier._validate_dsse_v001_entry_body [function] [call site] 00193
6 rekor_types.Dsse.model_validate_json [function] [call site] 00194
6 sigstore._utils.sha256_digest [function] [call site] 00195
6 typing.cast.bundle._dsse_envelope._inner.payload.digest.hex [function] [call site] 00196
6 rekor_types.dsse.Signature [function] [call site] 00197
6 base64.b64encode [function] [call site] 00198
6 sigstore._utils.base64_encode_pem_cert [function] [call site] 00199
7 typing.NewType [function] [call site] 00200
7 typing.cast.bundle.signing_certificate.public_bytes [function] [call site] 00201
7 base64.b64encode [function] [call site] 00202
3 json.loads [function] [call site] 00203
3 model_signing._signing.signing.dsse_payload_to_manifest [function] [call site] 00204
4 model_signing._signing.signing.dsse_payload_to_manifest_compat [function] [call site] 00205
5 model_signing.manifest.SerializationType.from_args [function] [call site] 00206
6 subclass._from_args [function] [call site] 00207
5 bytes.fromhex [function] [call site] 00208
5 serialization.new_item [function] [call site] 00209
5 items.append [function] [call site] 00210
5 model_signing.manifest.Manifest.__init__ [function] [call site] 00211
4 <builtin>.len [function] [call site] 00212
4 model_signing.manifest.SerializationType.from_args [function] [call site] 00213
4 model_signing._hashing.memory.SHA256.__init__ [function] [call site] 00214
5 hashlib.sha256 [function] [call site] 00215
4 bytes.fromhex [function] [call site] 00216
4 model_signing._hashing.memory.SHA256.update [function] [call site] 00217
4 serialization.new_item [function] [call site] 00218
4 items.append [function] [call site] 00219
4 model_signing._hashing.memory.SHA256.compute [function] [call site] 00220
4 model_signing.manifest.Manifest.__init__ [function] [call site] 00221
2 model_signing.verifying.Config._guess_hashing_config [function] [call site] 00222
3 model_signing.hashing.Config.__init__ [function] [call site] 00223
4 <builtin>.frozenset [function] [call site] 00224
4 model_signing.hashing.Config.use_file_serialization [function] [call site] 00225
5 model_signing._serialization.file.Serializer.__init__ [function] [call site] 00226
6 pathlib.Path [function] [call site] 00227
6 model_signing.hashing.Config._build_file_hasher_factory._factory [function] [call site] 00228
7 model_signing._hashing.io.Blake3FileHasher.__init__ [function] [call site] 00229
8 blake3.blake3 [function] [call site] 00230
7 model_signing.hashing.Config._build_stream_hasher [function] [call site] 00231
8 model_signing._hashing.memory.SHA256.__init__ [function] [call site] 00232
8 model_signing._hashing.memory.BLAKE2.__init__ [function] [call site] 00233
9 hashlib.blake2b [function] [call site] 00234
8 model_signing._hashing.memory.BLAKE3.__init__ [function] [call site] 00235
9 blake3.blake3 [function] [call site] 00236
7 model_signing._hashing.io.SimpleFileHasher.__init__ [function] [call site] 00237
6 model_signing.manifest._FileSerialization.__init__ [function] [call site] 00238
7 <builtin>.str [function] [call site] 00239
5 model_signing.hashing.Config._build_file_hasher_factory [function] [call site] 00240
3 model_signing.hashing.Config.use_file_serialization [function] [call site] 00241
3 <builtin>.frozenset [function] [call site] 00242
3 model_signing.hashing.Config.__init__ [function] [call site] 00243
3 model_signing.hashing.Config.use_shard_serialization [function] [call site] 00244
4 model_signing.hashing.Config.use_file_serialization [function] [call site] 00245
4 model_signing._serialization.file_shard.Serializer.__init__ [function] [call site] 00246
5 pathlib.Path [function] [call site] 00247
5 model_signing.hashing.Config._build_sharded_file_hasher_factory._factory [function] [call site] 00248
6 model_signing.hashing.Config._build_stream_hasher [function] [call site] 00249
6 model_signing._hashing.io.ShardedFileHasher.__init__ [function] [call site] 00250
7 <builtin>.super [function] [call site] 00251
7 model_signing._hashing.io.ShardedFileHasher.set_shard [function] [call site] 00252
5 model_signing.manifest._ShardSerialization.__init__ [function] [call site] 00253
6 <builtin>.str [function] [call site] 00254
4 model_signing.hashing.Config._build_sharded_file_hasher_factory [function] [call site] 00255
3 <builtin>.frozenset [function] [call site] 00256
2 model_signing.hashing.Config.add_ignored_paths [function] [call site] 00257
3 <builtin>.set [function] [call site] 00258
3 pathlib.Path [function] [call site] 00259
3 pathlib.Path [function] [call site] 00260
3 full.relative_to [function] [call site] 00261
3 newset.add [function] [call site] 00262
2 model_signing.manifest.Manifest.resource_descriptors [function] [call site] 00263
3 <builtin>.sorted [function] [call site] 00264
3 <builtin>.str [function] [call site] 00265
2 model_signing.hashing.Config.hash [function] [call site] 00266
3 pathlib.Path [function] [call site] 00267
3 full.relative_to [function] [call site] 00268
3 ignored_paths.append [function] [call site] 00269
3 ignored_paths.extend [function] [call site] 00270
3 model_signing._serialization.file_shard.Serializer.set_allow_symlinks [function] [call site] 00271
4 pathlib.Path [function] [call site] 00272
4 model_signing.hashing.Config._build_sharded_file_hasher_factory._factory [function] [call site] 00273
4 model_signing.manifest._ShardSerialization.__init__ [function] [call site] 00274
3 model_signing._serialization.file.Serializer.set_allow_symlinks [function] [call site] 00275
4 pathlib.Path [function] [call site] 00276
4 model_signing.hashing.Config._build_file_hasher_factory._factory [function] [call site] 00277
4 model_signing.manifest._FileSerialization.__init__ [function] [call site] 00278
3 model_signing._serialization.file.Serializer.serialize [function] [call site] 00279
4 itertools.chain [function] [call site] 00280
4 model_path.glob [function] [call site] 00281
4 model_signing._serialization.serialization.check_file_or_directory [function] [call site] 00282
5 path.is_symlink [function] [call site] 00283
5 path.is_file [function] [call site] 00284
5 path.is_dir [function] [call site] 00285
4 path.is_file [function] [call site] 00286
4 model_signing._serialization.serialization.should_ignore [function] [call site] 00287
5 path.is_relative_to [function] [call site] 00288
5 <builtin>.any [function] [call site] 00289
4 paths.append [function] [call site] 00290
4 concurrent.futures.ThreadPoolExecutor [function] [call site] 00291
4 tpe.submit [function] [call site] 00292
4 concurrent.futures.as_completed [function] [call site] 00293
4 future.result [function] [call site] 00294
4 manifest_items.append [function] [call site] 00295
4 os.path.relpath [function] [call site] 00296
4 rp.startswith [function] [call site] 00297
4 pathlib.Path [function] [call site] 00298
4 rel_ignore_paths.append [function] [call site] 00299
4 pathlib.Path [function] [call site] 00300
4 model_signing.hashing.Config._build_file_hasher_factory._factory [function] [call site] 00301
4 model_signing.manifest._FileSerialization.__init__ [function] [call site] 00302
4 <builtin>.list [function] [call site] 00303
4 <builtin>.frozenset [function] [call site] 00304
4 model_path.resolve [function] [call site] 00305
4 os.path.basename [function] [call site] 00306
4 model_signing.manifest.Manifest.__init__ [function] [call site] 00307
3 model_signing._serialization.file_shard.Serializer.serialize [function] [call site] 00308
4 itertools.chain [function] [call site] 00309
4 model_path.glob [function] [call site] 00310
4 model_signing._serialization.serialization.check_file_or_directory [function] [call site] 00311
4 path.is_file [function] [call site] 00312
4 model_signing._serialization.serialization.should_ignore [function] [call site] 00313
4 model_signing._serialization.file_shard.Serializer._get_shards [function] [call site] 00314
5 path.stat [function] [call site] 00315
5 model_signing._serialization.file_shard._endpoints [function] [call site] 00316
6 <builtin>.range [function] [call site] 00317
5 shards.append [function] [call site] 00318
4 shards.extend [function] [call site] 00319
4 concurrent.futures.ThreadPoolExecutor [function] [call site] 00320
4 tpe.submit [function] [call site] 00321
4 concurrent.futures.as_completed [function] [call site] 00322
4 future.result [function] [call site] 00323
4 manifest_items.append [function] [call site] 00324
4 os.path.relpath [function] [call site] 00325
4 rp.startswith [function] [call site] 00326
4 pathlib.Path [function] [call site] 00327
4 rel_ignore_paths.append [function] [call site] 00328
4 pathlib.Path [function] [call site] 00329
4 model_signing.hashing.Config._build_sharded_file_hasher_factory._factory [function] [call site] 00330
4 model_signing.manifest._ShardSerialization.__init__ [function] [call site] 00331
4 <builtin>.list [function] [call site] 00332
4 <builtin>.frozenset [function] [call site] 00333
4 model_path.resolve [function] [call site] 00334
4 os.path.basename [function] [call site] 00335
4 model_signing.manifest.Manifest.__init__ [function] [call site] 00336
3 pathlib.Path [function] [call site] 00337
2 model_signing.verifying.Config._get_manifest_diff [function] [call site] 00338
3 model_signing.manifest.Manifest.resource_descriptors [function] [call site] 00339
3 model_signing.manifest.Manifest.resource_descriptors [function] [call site] 00340
3 actual_hashes.keys [function] [call site] 00341
3 <builtin>.set [function] [call site] 00342
3 <builtin>.set [function] [call site] 00343
3 expected_hashes.keys [function] [call site] 00344
3 diffs.append [function] [call site] 00345
3 <builtin>.sorted [function] [call site] 00346
3 expected_hashes.keys [function] [call site] 00347
3 <builtin>.set [function] [call site] 00348
3 <builtin>.set [function] [call site] 00349
3 actual_hashes.keys [function] [call site] 00350
3 diffs.append [function] [call site] 00351
3 <builtin>.sorted [function] [call site] 00352
3 actual_hashes.keys [function] [call site] 00353
3 <builtin>.set [function] [call site] 00354
3 expected_hashes.keys [function] [call site] 00355
3 <builtin>.set [function] [call site] 00356
3 <builtin>.sorted [function] [call site] 00357
3 diffs.append [function] [call site] 00358