Fuzz introspector: fuzz_sign_verify_with_valid_key
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
74 119 sigstore._internal.sct._pack_signed_entry call site: 00119 sigstore.verify.verifier._validate_dsse_v002_entry_body
39 54 model_signing._signing.signing.Verifier.verify call site: 00054 sigstore.verify.verifier.Verifier.verify_dsse
22 20 ...model-transparency.tests.fuzzing.fuzz_sign_verify_with_valid_key.TestOneInput call site: 00020 sigstore.models.Bundle.__init__
11 94 sigstore._internal.sct._get_signed_certificate_timestamp call site: 00094 sigstore._internal.sct._cert_is_ca
6 107 sigstore._utils.key_id call site: 00107 sigstore._internal.sct._pack_digitally_signed
4 198 model_signing.manifest.SerializationType.from_args call site: 00198 bytes.fromhex
3 213 model_signing.verifying.Config.verify call site: 00213 model_signing.manifest.Manifest.resource_descriptors
3 224 model_signing.verifying.Config._get_manifest_diff call site: 00224 expected_hashes.keys
3 230 model_signing.verifying.Config._get_manifest_diff call site: 00230 actual_hashes.keys
2 1 ...model-transparency.tests.fuzzing.fuzz_sign_verify_with_valid_key.TestOneInput call site: 00001 tempfile.TemporaryDirectory
2 43 sigstore.models.TransparencyLogEntry.__init__ call site: 00043 _logger.debug
2 116 sigstore._internal.sct._pack_signed_entry call site: 00116 .len

Fuzzer calltree

0 ...model-transparency.tests.fuzzing.fuzz_sign_verify_with_valid_key.TestOneInput [function] [call site] 00000
1 atheris.FuzzedDataProvider [function] [call site] 00001
1 tempfile.TemporaryDirectory [function] [call site] 00002
1 tempfile.TemporaryDirectory [function] [call site] 00003
1 pathlib.Path [function] [call site] 00004
1 utils.create_fuzz_files [function] [call site] 00005
1 utils.any_files [function] [call site] 00006
1 <builtin>.str [function] [call site] 00007
1 os.path.join [function] [call site] 00008
1 ...model-transparency.tests.fuzzing.fuzz_sign_verify_with_valid_key._pick_key_spec [function] [call site] 00009
2 <builtin>.len [function] [call site] 00010
2 fdp.ConsumeIntInRange [function] [call site] 00011
1 scfg.use_elliptic_key_signer [function] [call site] 00012
1 signer.sign [function] [call site] 00013
1 model_signing.verifying.Config.__init__ [function] [call site] 00014
1 model_signing.verifying.Config.use_elliptic_key_verifier [function] [call site] 00015
2 pathlib.Path [function] [call site] 00016
2 model_signing._signing.sign_ec_key.Verifier.__init__ [function] [call site] 00017
3 public_key_path.read_bytes [function] [call site] 00018
3 model_signing._signing.sign_ec_key._check_supported_ec_key [function] [call site] 00019
1 model_signing.verifying.Config.verify [function] [call site] 00020
2 pathlib.Path [function] [call site] 00021
2 model_signing._signing.sign_sigstore.Signature.read [function] [call site] 00022
3 path.read_text [function] [call site] 00023
3 sigstore.models.Bundle.from_json [function] [call site] 00024
4 sigstore_models.bundle.v1.Bundle.from_json [function] [call site] 00025
4 sigstore.models.Bundle.__init__ [function] [call site] 00026
5 sigstore.models.Bundle._verify [function] [call site] 00027
6 enum.Enum.__init__ [function] [call site] 00028
6 cryptography.hazmat.bindings._rust.x509.load_der_x509_certificate [function] [call site] 00029
6 cryptography.hazmat.bindings._rust.x509.load_der_x509_certificate [function] [call site] 00030
6 sigstore._utils.cert_is_leaf [function] [call site] 00031
7 sigstore._utils.cert_is_ca [function] [call site] 00032
8 cert.extensions.get_extension_for_oid [function] [call site] 00033
8 cert.extensions.get_extension_for_oid [function] [call site] 00034
7 cert.extensions.get_extension_for_oid [function] [call site] 00035
7 cert.extensions.get_extension_for_oid [function] [call site] 00036
6 sigstore._utils.cert_is_root_ca [function] [call site] 00037
7 sigstore._utils.cert_is_ca [function] [call site] 00038
7 cert.verify_directly_issued_by [function] [call site] 00039
6 _logger.warning [function] [call site] 00040
6 <builtin>.len [function] [call site] 00041
6 sigstore.models.TransparencyLogEntry.__init__ [function] [call site] 00042
7 sigstore.models.TransparencyLogEntry._validate [function] [call site] 00043
6 _logger.debug [function] [call site] 00044
3 model_signing._signing.sign_sigstore.Signature.__init__ [function] [call site] 00045
2 pathlib.Path [function] [call site] 00046
2 model_signing._signing.sign_sigstore_pb.Signature.read [function] [call site] 00047
3 path.read_text [function] [call site] 00048
3 json.loads [function] [call site] 00049
3 sigstore_models.bundle.v1.Bundle.from_dict [function] [call site] 00050
3 model_signing._signing.sign_sigstore_pb.Signature.__init__ [function] [call site] 00051
2 model_signing._signing.signing.Verifier.verify [function] [call site] 00052
3 model_signing._signing.signing.Verifier._verify_signed_content [function] [call site] 00053
3 model_signing._signing.sign_sigstore.Verifier._verify_signed_content [function] [call site] 00054
4 typing.cast [function] [call site] 00055
4 sigstore.verify.verifier.Verifier.verify_dsse [function] [call site] 00056
5 sigstore.verify.verifier.Verifier._verify_common_signing_cert [function] [call site] 00057
6 OpenSSL.crypto.X509Store [function] [call site] 00058
6 OpenSSL.crypto.X509Store.set_flags [function] [call site] 00059
6 OpenSSL.crypto.X509Store.add_cert [function] [call site] 00060
6 sigstore.verify.verifier.Verifier._establish_time [function] [call site] 00061
7 sigstore.verify.verifier.Verifier._verify_timestamp_authority [function] [call site] 00062
8 <builtin>.len [function] [call site] 00063
8 <builtin>.len [function] [call site] 00064
8 <builtin>.set [function] [call site] 00065
8 <builtin>.len [function] [call site] 00066
8 <builtin>.len [function] [call site] 00067
8 sigstore.verify.verifier.Verifier._verify_signed_timestamp [function] [call site] 00068
9 certificate_authority.certificates [function] [call site] 00069
9 <builtin>.len [function] [call site] 00070
9 _logger.debug [function] [call site] 00071
9 rfc3161_client.VerifierBuilder [function] [call site] 00072
9 rfc3161_client.VerifierBuilder.tsa_certificate [function] [call site] 00073
9 builder.add_intermediate_certificate [function] [call site] 00074
9 builder.build [function] [call site] 00075
9 verifier.verify_message [function] [call site] 00076
9 _logger.debug [function] [call site] 00077
9 _logger.debug [function] [call site] 00078
7 verified_timestamps.extend [function] [call site] 00079
7 verified_timestamps.append [function] [call site] 00080
7 datetime.datetime.fromtimestamp [function] [call site] 00081
6 <builtin>.len [function] [call site] 00082
6 OpenSSL.crypto.X509.from_cryptography [function] [call site] 00083
6 sigstore.verify.verifier.Verifier._verify_chain_at_time [function] [call site] 00084
7 OpenSSL.crypto.X509Store [function] [call site] 00085
7 OpenSSL.crypto.X509Store.set_flags [function] [call site] 00086
7 OpenSSL.crypto.X509Store.add_cert [function] [call site] 00087
7 OpenSSL.crypto.X509Store.set_time [function] [call site] 00088
7 OpenSSL.crypto.X509StoreContext [function] [call site] 00089
7 OpenSSL.crypto.X509StoreContext.get_verified_chain [function] [call site] 00090
6 sigstore._internal.sct.verify_sct [function] [call site] 00091
7 sigstore._internal.sct._get_signed_certificate_timestamp [function] [call site] 00092
8 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00093
8 <builtin>.len [function] [call site] 00094
7 sigstore._internal.sct._get_issuer_cert [function] [call site] 00095
8 sigstore._internal.sct._is_preissuer [function] [call site] 00096
9 issuer.extensions.get_extension_for_class [function] [call site] 00097
7 issuer_cert.public_key [function] [call site] 00098
7 sigstore._internal.sct._cert_is_ca [function] [call site] 00099
8 _logger.debug [function] [call site] 00100
8 sigstore._utils.cert_is_ca [function] [call site] 00101
8 _logger.debug [function] [call site] 00102
7 <builtin>.isinstance [function] [call site] 00103
7 sigstore._utils.key_id [function] [call site] 00104
8 key.public_bytes [function] [call site] 00105
8 hashlib.sha256 [function] [call site] 00106
8 typing.NewType [function] [call site] 00107
7 sigstore._internal.sct._pack_digitally_signed [function] [call site] 00108
8 <builtin>.len [function] [call site] 00109
8 sigstore._internal.sct._pack_signed_entry [function] [call site] 00110
9 typing.cast.bundle.signing_certificate.public_bytes [function] [call site] 00111
9 <builtin>.len [function] [call site] 00112
9 fields.append [function] [call site] 00113
9 struct.unpack [function] [call site] 00114
9 <builtin>.len [function] [call site] 00115
9 struct.pack [function] [call site] 00116
9 <builtin>.len [function] [call site] 00117
9 pack_format.format [function] [call site] 00118
9 fields.extend [function] [call site] 00119
9 struct.pack [function] [call site] 00120
8 <builtin>.len [function] [call site] 00121
8 sct.timestamp.replace [function] [call site] 00122
8 struct.pack [function] [call site] 00123
8 timestamp.timestamp [function] [call site] 00124
8 <builtin>.int [function] [call site] 00125
8 <builtin>.len [function] [call site] 00126
7 <builtin>.isinstance [function] [call site] 00127
7 sct.log_id.hex [function] [call site] 00128
7 _logger.debug [function] [call site] 00129
7 ct_keyring.verify [function] [call site] 00130
7 typing.NewType [function] [call site] 00131
6 parent_cert.to_cryptography [function] [call site] 00132
6 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00133
6 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00134
6 sigstore.verify.policy.Identity.verify [function] [call site] 00135
7 sigstore.verify.policy._SingleX509ExtPolicy.verify [function] [call site] 00136
8 typing.cast.bundle.signing_certificate.extensions.get_extension_for_oid [function] [call site] 00137
8 ext.value.decode [function] [call site] 00138
7 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00139
7 san_ext.get_values_for_type [function] [call site] 00140
7 <builtin>.set [function] [call site] 00141
7 san_ext.get_values_for_type [function] [call site] 00142
7 all_sans.update [function] [call site] 00143
7 all_sans.update [function] [call site] 00144
7 on.value.decode [function] [call site] 00145
7 san_ext.get_values_for_type [function] [call site] 00146
6 _logger.debug [function] [call site] 00147
6 typing.cast.bundle.log_entry._verify [function] [call site] 00148
5 typing.cast.bundle.signing_certificate.public_key [function] [call site] 00149
5 typing.cast [function] [call site] 00150
5 sigstore.dsse._verify [function] [call site] 00151
6 sigstore.dsse._pae [function] [call site] 00152
7 <builtin>.len [function] [call site] 00153
6 <builtin>.len [function] [call site] 00154
6 cryptography.hazmat.primitives.asymmetric.ec.ECDSA.__init__ [function] [call site] 00155
7 cryptography.hazmat.backends.openssl.backend.Backend.ecdsa_deterministic_supported [function] [call site] 00156
6 typing.cast.verify [function] [call site] 00157
5 sigstore.verify.verifier._validate_dsse_v002_entry_body [function] [call site] 00158
6 sigstore_models.rekor.v2.entry.Entry.from_json [function] [call site] 00159
6 sigstore._utils.sha256_digest [function] [call site] 00160
7 <builtin>.isinstance [function] [call site] 00161
7 <builtin>.isinstance [function] [call site] 00162
7 hashlib.sha256 [function] [call site] 00163
7 sigstore._utils._sha256_streaming [function] [call site] 00164
8 hashlib.sha256 [function] [call site] 00165
8 <builtin>.bytearray [function] [call site] 00166
8 <builtin>.memoryview [function] [call site] 00167
8 io.readinto [function] [call site] 00168
8 sha256.update [function] [call site] 00169
8 io.readinto [function] [call site] 00170
8 sha256.digest [function] [call site] 00171
6 sigstore_models.rekor.v2.verifier.Signature [function] [call site] 00172
6 base64.b64encode [function] [call site] 00173
6 sigstore.verify.verifier._v2_verifier_from_certificate [function] [call site] 00174
7 typing.cast.bundle.signing_certificate.public_key [function] [call site] 00175
7 <builtin>.isinstance [function] [call site] 00176
7 <builtin>.isinstance [function] [call site] 00177
7 <builtin>.isinstance [function] [call site] 00178
7 <builtin>.isinstance [function] [call site] 00179
7 sigstore_models.rekor.v2.verifier.Verifier [function] [call site] 00180
7 sigstore_models.common.v1.X509Certificate [function] [call site] 00181
7 base64.b64encode [function] [call site] 00182
7 typing.cast.bundle.signing_certificate.public_bytes [function] [call site] 00183
5 sigstore.verify.verifier._validate_dsse_v001_entry_body [function] [call site] 00184
6 rekor_types.Dsse.model_validate_json [function] [call site] 00185
6 sigstore._utils.sha256_digest [function] [call site] 00186
6 typing.cast.bundle._dsse_envelope._inner.payload.digest.hex [function] [call site] 00187
6 rekor_types.dsse.Signature [function] [call site] 00188
6 base64.b64encode [function] [call site] 00189
6 sigstore._utils.base64_encode_pem_cert [function] [call site] 00190
7 typing.NewType [function] [call site] 00191
7 typing.cast.bundle.signing_certificate.public_bytes [function] [call site] 00192
7 base64.b64encode [function] [call site] 00193
3 json.loads [function] [call site] 00194
3 model_signing._signing.signing.dsse_payload_to_manifest [function] [call site] 00195
4 model_signing._signing.signing.dsse_payload_to_manifest_compat [function] [call site] 00196
5 model_signing.manifest.SerializationType.from_args [function] [call site] 00197
6 subclass._from_args [function] [call site] 00198
5 bytes.fromhex [function] [call site] 00199
5 serialization.new_item [function] [call site] 00200
5 items.append [function] [call site] 00201
5 model_signing.manifest.Manifest.__init__ [function] [call site] 00202
4 <builtin>.len [function] [call site] 00203
4 model_signing.manifest.SerializationType.from_args [function] [call site] 00204
4 model_signing._hashing.memory.SHA256.__init__ [function] [call site] 00205
5 hashlib.sha256 [function] [call site] 00206
4 bytes.fromhex [function] [call site] 00207
4 model_signing._hashing.memory.SHA256.update [function] [call site] 00208
4 serialization.new_item [function] [call site] 00209
4 items.append [function] [call site] 00210
4 model_signing._hashing.memory.SHA256.compute [function] [call site] 00211
4 model_signing.manifest.Manifest.__init__ [function] [call site] 00212
2 model_signing.verifying.Config._guess_hashing_config [function] [call site] 00213
3 <builtin>.frozenset [function] [call site] 00214
3 <builtin>.frozenset [function] [call site] 00215
2 model_signing.manifest.Manifest.resource_descriptors [function] [call site] 00216
3 <builtin>.sorted [function] [call site] 00217
3 <builtin>.str [function] [call site] 00218
2 model_signing.verifying.Config._get_manifest_diff [function] [call site] 00219
3 actual.resource_descriptors [function] [call site] 00220
3 model_signing.manifest.Manifest.resource_descriptors [function] [call site] 00221
3 actual_hashes.keys [function] [call site] 00222
3 <builtin>.set [function] [call site] 00223
3 <builtin>.set [function] [call site] 00224
3 expected_hashes.keys [function] [call site] 00225
3 diffs.append [function] [call site] 00226
3 <builtin>.sorted [function] [call site] 00227
3 expected_hashes.keys [function] [call site] 00228
3 <builtin>.set [function] [call site] 00229
3 <builtin>.set [function] [call site] 00230
3 actual_hashes.keys [function] [call site] 00231
3 diffs.append [function] [call site] 00232
3 <builtin>.sorted [function] [call site] 00233
3 actual_hashes.keys [function] [call site] 00234
3 <builtin>.set [function] [call site] 00235
3 expected_hashes.keys [function] [call site] 00236
3 <builtin>.set [function] [call site] 00237
3 <builtin>.sorted [function] [call site] 00238
3 diffs.append [function] [call site] 00239