Fuzz introspector: fuzz_sign_with_valid_key_verify_with_invalid_key
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
350 0 EP call site: 00000 model_signing.verifying.Config.verify

Fuzzer calltree

0 ...model-transparency.tests.fuzzing.fuzz_sign_with_valid_key_verify_with_invalid_key.TestOneInput [function] [call site] 00000
1 atheris.FuzzedDataProvider [function] [call site] 00001
1 fdp.ConsumeIntInRange [function] [call site] 00002
1 fdp.ConsumeBytes [function] [call site] 00003
1 tempfile.TemporaryDirectory [function] [call site] 00004
1 tempfile.TemporaryDirectory [function] [call site] 00005
1 pathlib.Path [function] [call site] 00006
1 utils.create_fuzz_files [function] [call site] 00007
1 utils.any_files [function] [call site] 00008
1 <builtin>.str [function] [call site] 00009
1 os.path.join [function] [call site] 00010
1 scfg.use_elliptic_key_signer [function] [call site] 00011
1 signer.sign [function] [call site] 00012
1 os.path.join [function] [call site] 00013
1 <builtin>.open [function] [call site] 00014
1 f.write [function] [call site] 00015
1 model_signing.verifying.Config.__init__ [function] [call site] 00016
1 model_signing.verifying.Config.use_elliptic_key_verifier [function] [call site] 00017
2 pathlib.Path [function] [call site] 00018
2 model_signing._signing.sign_ec_key.Verifier.__init__ [function] [call site] 00019
3 public_key_path.read_bytes [function] [call site] 00020
3 model_signing._signing.sign_ec_key._check_supported_ec_key [function] [call site] 00021
1 model_signing.verifying.Config.verify [function] [call site] 00022
2 pathlib.Path [function] [call site] 00023
2 model_signing._signing.sign_sigstore.Signature.read [function] [call site] 00024
3 path.read_text [function] [call site] 00025
3 sigstore.models.Bundle.from_json [function] [call site] 00026
4 sigstore_models.bundle.v1.Bundle.from_json [function] [call site] 00027
4 sigstore.models.Bundle.__init__ [function] [call site] 00028
5 sigstore.models.Bundle._verify [function] [call site] 00029
6 enum.Enum.__init__ [function] [call site] 00030
6 cryptography.hazmat.bindings._rust.x509.load_der_x509_certificate [function] [call site] 00031
6 cryptography.hazmat.bindings._rust.x509.load_der_x509_certificate [function] [call site] 00032
6 sigstore._utils.cert_is_leaf [function] [call site] 00033
7 sigstore._utils.cert_is_ca [function] [call site] 00034
8 cert.extensions.get_extension_for_oid [function] [call site] 00035
8 cert.extensions.get_extension_for_oid [function] [call site] 00036
7 cert.extensions.get_extension_for_oid [function] [call site] 00037
7 cert.extensions.get_extension_for_oid [function] [call site] 00038
6 sigstore._utils.cert_is_root_ca [function] [call site] 00039
7 sigstore._utils.cert_is_ca [function] [call site] 00040
7 cert.verify_directly_issued_by [function] [call site] 00041
6 _logger.warning [function] [call site] 00042
6 <builtin>.len [function] [call site] 00043
6 sigstore.models.TransparencyLogEntry.__init__ [function] [call site] 00044
7 sigstore.models.TransparencyLogEntry._validate [function] [call site] 00045
6 _logger.debug [function] [call site] 00046
3 model_signing._signing.sign_sigstore.Signature.__init__ [function] [call site] 00047
2 pathlib.Path [function] [call site] 00048
2 model_signing._signing.sign_sigstore_pb.Signature.read [function] [call site] 00049
3 path.read_text [function] [call site] 00050
3 json.loads [function] [call site] 00051
3 sigstore_models.bundle.v1.Bundle.from_dict [function] [call site] 00052
3 model_signing._signing.sign_sigstore_pb.Signature.__init__ [function] [call site] 00053
2 model_signing._signing.signing.Verifier.verify [function] [call site] 00054
3 model_signing._signing.sign_sigstore.Verifier._verify_signed_content [function] [call site] 00055
4 typing.cast [function] [call site] 00056
4 sigstore.verify.verifier.Verifier.verify_dsse [function] [call site] 00057
5 sigstore.verify.verifier.Verifier._verify_common_signing_cert [function] [call site] 00058
6 OpenSSL.crypto.X509Store [function] [call site] 00059
6 OpenSSL.crypto.X509Store.set_flags [function] [call site] 00060
6 OpenSSL.crypto.X509Store.add_cert [function] [call site] 00061
6 sigstore.verify.verifier.Verifier._establish_time [function] [call site] 00062
7 sigstore.verify.verifier.Verifier._verify_timestamp_authority [function] [call site] 00063
8 <builtin>.len [function] [call site] 00064
8 <builtin>.len [function] [call site] 00065
8 <builtin>.set [function] [call site] 00066
8 <builtin>.len [function] [call site] 00067
8 <builtin>.len [function] [call site] 00068
8 sigstore.verify.verifier.Verifier._verify_signed_timestamp [function] [call site] 00069
9 certificate_authority.certificates [function] [call site] 00070
9 <builtin>.len [function] [call site] 00071
9 _logger.debug [function] [call site] 00072
9 rfc3161_client.VerifierBuilder [function] [call site] 00073
9 rfc3161_client.VerifierBuilder.tsa_certificate [function] [call site] 00074
9 builder.add_intermediate_certificate [function] [call site] 00075
9 builder.build [function] [call site] 00076
9 verifier.verify_message [function] [call site] 00077
9 _logger.debug [function] [call site] 00078
9 _logger.debug [function] [call site] 00079
7 verified_timestamps.extend [function] [call site] 00080
7 verified_timestamps.append [function] [call site] 00081
7 datetime.datetime.fromtimestamp [function] [call site] 00082
6 <builtin>.len [function] [call site] 00083
6 OpenSSL.crypto.X509.from_cryptography [function] [call site] 00084
6 sigstore.verify.verifier.Verifier._verify_chain_at_time [function] [call site] 00085
7 OpenSSL.crypto.X509Store [function] [call site] 00086
7 OpenSSL.crypto.X509Store.set_flags [function] [call site] 00087
7 OpenSSL.crypto.X509Store.add_cert [function] [call site] 00088
7 OpenSSL.crypto.X509Store.set_time [function] [call site] 00089
7 OpenSSL.crypto.X509StoreContext [function] [call site] 00090
7 OpenSSL.crypto.X509StoreContext.get_verified_chain [function] [call site] 00091
6 sigstore._internal.sct.verify_sct [function] [call site] 00092
7 sigstore._internal.sct._get_signed_certificate_timestamp [function] [call site] 00093
8 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00094
8 <builtin>.len [function] [call site] 00095
7 sigstore._internal.sct._get_issuer_cert [function] [call site] 00096
8 sigstore._internal.sct._is_preissuer [function] [call site] 00097
9 issuer.extensions.get_extension_for_class [function] [call site] 00098
7 issuer_cert.public_key [function] [call site] 00099
7 sigstore._internal.sct._cert_is_ca [function] [call site] 00100
8 _logger.debug [function] [call site] 00101
8 sigstore._utils.cert_is_ca [function] [call site] 00102
8 _logger.debug [function] [call site] 00103
7 <builtin>.isinstance [function] [call site] 00104
7 sigstore._utils.key_id [function] [call site] 00105
8 key.public_bytes [function] [call site] 00106
8 hashlib.sha256 [function] [call site] 00107
8 typing.NewType [function] [call site] 00108
7 sigstore._internal.sct._pack_digitally_signed [function] [call site] 00109
8 <builtin>.len [function] [call site] 00110
8 sigstore._internal.sct._pack_signed_entry [function] [call site] 00111
9 typing.cast.bundle.signing_certificate.public_bytes [function] [call site] 00112
9 <builtin>.len [function] [call site] 00113
9 fields.append [function] [call site] 00114
9 struct.unpack [function] [call site] 00115
9 <builtin>.len [function] [call site] 00116
9 struct.pack [function] [call site] 00117
9 <builtin>.len [function] [call site] 00118
9 pack_format.format [function] [call site] 00119
9 fields.extend [function] [call site] 00120
9 struct.pack [function] [call site] 00121
8 <builtin>.len [function] [call site] 00122
8 sct.timestamp.replace [function] [call site] 00123
8 struct.pack [function] [call site] 00124
8 timestamp.timestamp [function] [call site] 00125
8 <builtin>.int [function] [call site] 00126
8 <builtin>.len [function] [call site] 00127
7 <builtin>.isinstance [function] [call site] 00128
7 sct.log_id.hex [function] [call site] 00129
7 _logger.debug [function] [call site] 00130
7 ct_keyring.verify [function] [call site] 00131
7 typing.NewType [function] [call site] 00132
6 parent_cert.to_cryptography [function] [call site] 00133
6 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00134
6 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00135
6 sigstore.verify.policy.Identity.verify [function] [call site] 00136
7 sigstore.verify.policy._SingleX509ExtPolicy.verify [function] [call site] 00137
8 typing.cast.bundle.signing_certificate.extensions.get_extension_for_oid [function] [call site] 00138
8 ext.value.decode [function] [call site] 00139
7 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00140
7 san_ext.get_values_for_type [function] [call site] 00141
7 <builtin>.set [function] [call site] 00142
7 san_ext.get_values_for_type [function] [call site] 00143
7 all_sans.update [function] [call site] 00144
7 all_sans.update [function] [call site] 00145
7 on.value.decode [function] [call site] 00146
7 san_ext.get_values_for_type [function] [call site] 00147
6 _logger.debug [function] [call site] 00148
6 typing.cast.bundle.log_entry._verify [function] [call site] 00149
5 typing.cast.bundle.signing_certificate.public_key [function] [call site] 00150
5 typing.cast [function] [call site] 00151
5 sigstore.dsse._verify [function] [call site] 00152
6 sigstore.dsse._pae [function] [call site] 00153
7 <builtin>.len [function] [call site] 00154
6 <builtin>.len [function] [call site] 00155
6 cryptography.hazmat.primitives.asymmetric.ec.ECDSA.__init__ [function] [call site] 00156
7 cryptography.hazmat.backends.openssl.backend.Backend.ecdsa_deterministic_supported [function] [call site] 00157
6 typing.cast.verify [function] [call site] 00158
5 sigstore.verify.verifier._validate_dsse_v002_entry_body [function] [call site] 00159
6 sigstore_models.rekor.v2.entry.Entry.from_json [function] [call site] 00160
6 sigstore._utils.sha256_digest [function] [call site] 00161
7 <builtin>.isinstance [function] [call site] 00162
7 <builtin>.isinstance [function] [call site] 00163
7 hashlib.sha256 [function] [call site] 00164
7 sigstore._utils._sha256_streaming [function] [call site] 00165
8 hashlib.sha256 [function] [call site] 00166
8 <builtin>.bytearray [function] [call site] 00167
8 <builtin>.memoryview [function] [call site] 00168
8 io.readinto [function] [call site] 00169
8 sha256.update [function] [call site] 00170
8 io.readinto [function] [call site] 00171
8 sha256.digest [function] [call site] 00172
6 sigstore_models.rekor.v2.verifier.Signature [function] [call site] 00173
6 base64.b64encode [function] [call site] 00174
6 sigstore.verify.verifier._v2_verifier_from_certificate [function] [call site] 00175
7 typing.cast.bundle.signing_certificate.public_key [function] [call site] 00176
7 <builtin>.isinstance [function] [call site] 00177
7 <builtin>.isinstance [function] [call site] 00178
7 <builtin>.isinstance [function] [call site] 00179
7 <builtin>.isinstance [function] [call site] 00180
7 sigstore_models.rekor.v2.verifier.Verifier [function] [call site] 00181
7 sigstore_models.common.v1.X509Certificate [function] [call site] 00182
7 base64.b64encode [function] [call site] 00183
7 typing.cast.bundle.signing_certificate.public_bytes [function] [call site] 00184
5 sigstore.verify.verifier._validate_dsse_v001_entry_body [function] [call site] 00185
6 rekor_types.Dsse.model_validate_json [function] [call site] 00186
6 sigstore._utils.sha256_digest [function] [call site] 00187
6 typing.cast.bundle._dsse_envelope._inner.payload.digest.hex [function] [call site] 00188
6 rekor_types.dsse.Signature [function] [call site] 00189
6 base64.b64encode [function] [call site] 00190
6 sigstore._utils.base64_encode_pem_cert [function] [call site] 00191
7 typing.NewType [function] [call site] 00192
7 typing.cast.bundle.signing_certificate.public_bytes [function] [call site] 00193
7 base64.b64encode [function] [call site] 00194
3 json.loads [function] [call site] 00195
3 model_signing._signing.signing.dsse_payload_to_manifest [function] [call site] 00196
4 model_signing._signing.signing.dsse_payload_to_manifest_compat [function] [call site] 00197
5 model_signing.manifest.SerializationType.from_args [function] [call site] 00198
6 subclass._from_args [function] [call site] 00199
5 bytes.fromhex [function] [call site] 00200
5 serialization.new_item [function] [call site] 00201
5 items.append [function] [call site] 00202
5 model_signing.manifest.Manifest.__init__ [function] [call site] 00203
4 <builtin>.len [function] [call site] 00204
4 model_signing.manifest.SerializationType.from_args [function] [call site] 00205
4 model_signing._hashing.memory.SHA256.__init__ [function] [call site] 00206
5 hashlib.sha256 [function] [call site] 00207
4 bytes.fromhex [function] [call site] 00208
4 model_signing._hashing.memory.SHA256.update [function] [call site] 00209
4 serialization.new_item [function] [call site] 00210
4 items.append [function] [call site] 00211
4 model_signing._hashing.memory.SHA256.compute [function] [call site] 00212
4 model_signing.manifest.Manifest.__init__ [function] [call site] 00213
2 model_signing.verifying.Config._guess_hashing_config [function] [call site] 00214
3 model_signing.hashing.Config.__init__ [function] [call site] 00215
4 <builtin>.frozenset [function] [call site] 00216
4 model_signing.hashing.Config.use_file_serialization [function] [call site] 00217
5 model_signing._serialization.file.Serializer.__init__ [function] [call site] 00218
6 pathlib.Path [function] [call site] 00219
6 model_signing.hashing.Config._build_file_hasher_factory._factory [function] [call site] 00220
7 model_signing._hashing.io.Blake3FileHasher.__init__ [function] [call site] 00221
8 blake3.blake3 [function] [call site] 00222
7 model_signing.hashing.Config._build_stream_hasher [function] [call site] 00223
8 model_signing._hashing.memory.SHA256.__init__ [function] [call site] 00224
8 model_signing._hashing.memory.BLAKE2.__init__ [function] [call site] 00225
9 hashlib.blake2b [function] [call site] 00226
8 model_signing._hashing.memory.BLAKE3.__init__ [function] [call site] 00227
9 blake3.blake3 [function] [call site] 00228
7 model_signing._hashing.io.SimpleFileHasher.__init__ [function] [call site] 00229
6 model_signing.manifest._FileSerialization.__init__ [function] [call site] 00230
7 <builtin>.str [function] [call site] 00231
5 model_signing.hashing.Config._build_file_hasher_factory [function] [call site] 00232
3 model_signing.hashing.Config.use_file_serialization [function] [call site] 00233
3 <builtin>.frozenset [function] [call site] 00234
3 model_signing.hashing.Config.__init__ [function] [call site] 00235
3 model_signing.hashing.Config.use_shard_serialization [function] [call site] 00236
4 model_signing.hashing.Config.use_file_serialization [function] [call site] 00237
4 model_signing._serialization.file_shard.Serializer.__init__ [function] [call site] 00238
5 pathlib.Path [function] [call site] 00239
5 model_signing.hashing.Config._build_sharded_file_hasher_factory._factory [function] [call site] 00240
6 model_signing.hashing.Config._build_stream_hasher [function] [call site] 00241
6 model_signing._hashing.io.ShardedFileHasher.__init__ [function] [call site] 00242
7 <builtin>.super [function] [call site] 00243
7 model_signing._hashing.io.ShardedFileHasher.set_shard [function] [call site] 00244
5 model_signing.manifest._ShardSerialization.__init__ [function] [call site] 00245
6 <builtin>.str [function] [call site] 00246
4 model_signing.hashing.Config._build_sharded_file_hasher_factory [function] [call site] 00247
3 <builtin>.frozenset [function] [call site] 00248
2 model_signing.hashing.Config.add_ignored_paths [function] [call site] 00249
3 <builtin>.set [function] [call site] 00250
3 pathlib.Path [function] [call site] 00251
3 pathlib.Path [function] [call site] 00252
3 full.relative_to [function] [call site] 00253
3 newset.add [function] [call site] 00254
2 model_signing.manifest.Manifest.resource_descriptors [function] [call site] 00255
3 <builtin>.sorted [function] [call site] 00256
3 <builtin>.str [function] [call site] 00257
2 model_signing.hashing.Config.hash [function] [call site] 00258
3 pathlib.Path [function] [call site] 00259
3 full.relative_to [function] [call site] 00260
3 ignored_paths.append [function] [call site] 00261
3 ignored_paths.extend [function] [call site] 00262
3 model_signing._serialization.file_shard.Serializer.set_allow_symlinks [function] [call site] 00263
4 pathlib.Path [function] [call site] 00264
4 model_signing.hashing.Config._build_sharded_file_hasher_factory._factory [function] [call site] 00265
4 model_signing.manifest._ShardSerialization.__init__ [function] [call site] 00266
3 model_signing._serialization.file.Serializer.set_allow_symlinks [function] [call site] 00267
4 pathlib.Path [function] [call site] 00268
4 model_signing.hashing.Config._build_file_hasher_factory._factory [function] [call site] 00269
4 model_signing.manifest._FileSerialization.__init__ [function] [call site] 00270
3 model_signing._serialization.file_shard.Serializer.serialize [function] [call site] 00271
4 itertools.chain [function] [call site] 00272
4 model_path.glob [function] [call site] 00273
4 model_signing._serialization.serialization.check_file_or_directory [function] [call site] 00274
5 path.is_symlink [function] [call site] 00275
5 path.is_file [function] [call site] 00276
5 path.is_dir [function] [call site] 00277
4 path.is_file [function] [call site] 00278
4 model_signing._serialization.serialization.should_ignore [function] [call site] 00279
5 path.is_relative_to [function] [call site] 00280
5 <builtin>.any [function] [call site] 00281
4 model_signing._serialization.file_shard.Serializer._get_shards [function] [call site] 00282
5 path.stat [function] [call site] 00283
5 model_signing._serialization.file_shard._endpoints [function] [call site] 00284
6 <builtin>.range [function] [call site] 00285
5 shards.append [function] [call site] 00286
4 shards.extend [function] [call site] 00287
4 concurrent.futures.ThreadPoolExecutor [function] [call site] 00288
4 tpe.submit [function] [call site] 00289
4 concurrent.futures.as_completed [function] [call site] 00290
4 future.result [function] [call site] 00291
4 manifest_items.append [function] [call site] 00292
4 os.path.relpath [function] [call site] 00293
4 rp.startswith [function] [call site] 00294
4 pathlib.Path [function] [call site] 00295
4 rel_ignore_paths.append [function] [call site] 00296
4 pathlib.Path [function] [call site] 00297
4 model_signing.hashing.Config._build_sharded_file_hasher_factory._factory [function] [call site] 00298
4 model_signing.manifest._ShardSerialization.__init__ [function] [call site] 00299
4 <builtin>.list [function] [call site] 00300
4 <builtin>.frozenset [function] [call site] 00301
4 model_path.resolve [function] [call site] 00302
4 os.path.basename [function] [call site] 00303
4 model_signing.manifest.Manifest.__init__ [function] [call site] 00304
3 model_signing._serialization.file.Serializer.serialize [function] [call site] 00305
4 itertools.chain [function] [call site] 00306
4 model_path.glob [function] [call site] 00307
4 model_signing._serialization.serialization.check_file_or_directory [function] [call site] 00308
4 path.is_file [function] [call site] 00309
4 model_signing._serialization.serialization.should_ignore [function] [call site] 00310
4 paths.append [function] [call site] 00311
4 concurrent.futures.ThreadPoolExecutor [function] [call site] 00312
4 tpe.submit [function] [call site] 00313
4 concurrent.futures.as_completed [function] [call site] 00314
4 future.result [function] [call site] 00315
4 manifest_items.append [function] [call site] 00316
4 os.path.relpath [function] [call site] 00317
4 rp.startswith [function] [call site] 00318
4 pathlib.Path [function] [call site] 00319
4 rel_ignore_paths.append [function] [call site] 00320
4 pathlib.Path [function] [call site] 00321
4 model_signing.hashing.Config._build_file_hasher_factory._factory [function] [call site] 00322
4 model_signing.manifest._FileSerialization.__init__ [function] [call site] 00323
4 <builtin>.list [function] [call site] 00324
4 <builtin>.frozenset [function] [call site] 00325
4 model_path.resolve [function] [call site] 00326
4 os.path.basename [function] [call site] 00327
4 model_signing.manifest.Manifest.__init__ [function] [call site] 00328
3 pathlib.Path [function] [call site] 00329
2 model_signing.verifying.Config._get_manifest_diff [function] [call site] 00330
3 model_signing.manifest.Manifest.resource_descriptors [function] [call site] 00331
3 model_signing.manifest.Manifest.resource_descriptors [function] [call site] 00332
3 actual_hashes.keys [function] [call site] 00333
3 <builtin>.set [function] [call site] 00334
3 <builtin>.set [function] [call site] 00335
3 expected_hashes.keys [function] [call site] 00336
3 diffs.append [function] [call site] 00337
3 <builtin>.sorted [function] [call site] 00338
3 expected_hashes.keys [function] [call site] 00339
3 <builtin>.set [function] [call site] 00340
3 <builtin>.set [function] [call site] 00341
3 actual_hashes.keys [function] [call site] 00342
3 diffs.append [function] [call site] 00343
3 <builtin>.sorted [function] [call site] 00344
3 actual_hashes.keys [function] [call site] 00345
3 <builtin>.set [function] [call site] 00346
3 expected_hashes.keys [function] [call site] 00347
3 <builtin>.set [function] [call site] 00348
3 <builtin>.sorted [function] [call site] 00349
3 diffs.append [function] [call site] 00350