Fuzz introspector: fuzz_sign_verify_with_valid_key
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
38 57 model_signing._signing.signing.Verifier.verify call site: 00057 sigstore.verify.verifier.Verifier.verify_dsse
30 166 sigstore._utils.sha256_digest call site: 00166 sigstore.verify.verifier._validate_dsse_v001_entry_body
25 23 ...model-transparency.tests.fuzzing.fuzz_sign_verify_with_valid_key.TestOneInput call site: 00023 sigstore.models.Bundle.__init__
25 140 sigstore.verify.policy._SingleX509ExtPolicy.verify call site: 00140 sigstore.verify.verifier._validate_dsse_v002_entry_body
19 96 sigstore._internal.sct._get_signed_certificate_timestamp call site: 00096 sigstore._internal.sct._pack_digitally_signed
16 123 sigstore._internal.sct._pack_signed_entry call site: 00123 sigstore.verify.policy.Identity.verify
4 201 model_signing.manifest.SerializationType.from_args call site: 00201 bytes.fromhex
3 215 model_signing._signing.signing.dsse_payload_to_manifest call site: 00215 model_signing.verifying.Config._guess_hashing_config
2 1 ...model-transparency.tests.fuzzing.fuzz_sign_verify_with_valid_key.TestOneInput call site: 00001 tempfile.TemporaryDirectory
2 117 sigstore._internal.sct._pack_signed_entry call site: 00117 .len
2 198 model_signing._signing.signing.Verifier.verify call site: 00198 model_signing._signing.signing.dsse_payload_to_manifest_compat
2 224 model_signing.verifying.Config.verify call site: 00224 model_signing.manifest.Manifest.resource_descriptors

Fuzzer calltree

0 ...model-transparency.tests.fuzzing.fuzz_sign_verify_with_valid_key.TestOneInput [function] [call site] 00000
1 atheris.FuzzedDataProvider [function] [call site] 00001
1 tempfile.TemporaryDirectory [function] [call site] 00002
1 tempfile.TemporaryDirectory [function] [call site] 00003
1 pathlib.Path [function] [call site] 00004
1 utils.create_fuzz_files [function] [call site] 00005
1 utils.any_files [function] [call site] 00006
1 <builtin>.str [function] [call site] 00007
1 os.path.join [function] [call site] 00008
1 ...model-transparency.tests.fuzzing.fuzz_sign_verify_with_valid_key._pick_key_spec [function] [call site] 00009
2 <builtin>.len [function] [call site] 00010
2 fdp.ConsumeIntInRange [function] [call site] 00011
1 utils._build_hashing_config_from_fdp [function] [call site] 00012
1 scfg.set_hashing_config [function] [call site] 00013
1 scfg.use_elliptic_key_signer [function] [call site] 00014
1 signer.sign [function] [call site] 00015
1 model_signing.verifying.Config.__init__ [function] [call site] 00016
1 model_signing.verifying.Config.set_hashing_config [function] [call site] 00017
1 model_signing.verifying.Config.use_elliptic_key_verifier [function] [call site] 00018
2 pathlib.Path [function] [call site] 00019
2 model_signing._signing.sign_ec_key.Verifier.__init__ [function] [call site] 00020
3 public_key_path.read_bytes [function] [call site] 00021
3 model_signing._signing.sign_ec_key._check_supported_ec_key [function] [call site] 00022
1 model_signing.verifying.Config.verify [function] [call site] 00023
2 pathlib.Path [function] [call site] 00024
2 model_signing._signing.sign_sigstore.Signature.read [function] [call site] 00025
3 path.read_text [function] [call site] 00026
3 sigstore.models.Bundle.from_json [function] [call site] 00027
4 sigstore_models.bundle.v1.Bundle.from_json [function] [call site] 00028
4 sigstore.models.Bundle.__init__ [function] [call site] 00029
5 sigstore.models.Bundle._verify [function] [call site] 00030
6 enum.Enum.__init__ [function] [call site] 00031
6 cryptography.hazmat.bindings._rust.x509.load_der_x509_certificate [function] [call site] 00032
6 cryptography.hazmat.bindings._rust.x509.load_der_x509_certificate [function] [call site] 00033
6 sigstore._utils.cert_is_leaf [function] [call site] 00034
7 sigstore._utils.cert_is_ca [function] [call site] 00035
8 cert.extensions.get_extension_for_oid [function] [call site] 00036
8 cert.extensions.get_extension_for_oid [function] [call site] 00037
7 cert.extensions.get_extension_for_oid [function] [call site] 00038
7 cert.extensions.get_extension_for_oid [function] [call site] 00039
6 sigstore._utils.cert_is_root_ca [function] [call site] 00040
7 sigstore._utils.cert_is_ca [function] [call site] 00041
7 cert.verify_directly_issued_by [function] [call site] 00042
6 _logger.warning [function] [call site] 00043
6 <builtin>.len [function] [call site] 00044
6 sigstore.models.TransparencyLogEntry.__init__ [function] [call site] 00045
7 sigstore.models.TransparencyLogEntry._validate [function] [call site] 00046
6 _logger.debug [function] [call site] 00047
3 model_signing._signing.sign_sigstore.Signature.__init__ [function] [call site] 00048
2 pathlib.Path [function] [call site] 00049
2 model_signing._signing.sign_sigstore_pb.Signature.read [function] [call site] 00050
3 path.read_text [function] [call site] 00051
3 json.loads [function] [call site] 00052
3 sigstore_models.bundle.v1.Bundle.from_dict [function] [call site] 00053
3 model_signing._signing.sign_sigstore_pb.Signature.__init__ [function] [call site] 00054
2 model_signing._signing.signing.Verifier.verify [function] [call site] 00055
3 model_signing._signing.signing.Verifier._verify_signed_content [function] [call site] 00056
3 model_signing._signing.sign_sigstore.Verifier._verify_signed_content [function] [call site] 00057
4 typing.cast [function] [call site] 00058
4 sigstore.verify.verifier.Verifier.verify_dsse [function] [call site] 00059
5 sigstore.verify.verifier.Verifier._verify_common_signing_cert [function] [call site] 00060
6 OpenSSL.crypto.X509Store [function] [call site] 00061
6 OpenSSL.crypto.X509Store.set_flags [function] [call site] 00062
6 OpenSSL.crypto.X509Store.add_cert [function] [call site] 00063
6 sigstore.verify.verifier.Verifier._establish_time [function] [call site] 00064
7 sigstore.verify.verifier.Verifier._verify_timestamp_authority [function] [call site] 00065
8 <builtin>.len [function] [call site] 00066
8 <builtin>.len [function] [call site] 00067
8 <builtin>.set [function] [call site] 00068
8 <builtin>.len [function] [call site] 00069
8 <builtin>.len [function] [call site] 00070
8 sigstore.verify.verifier.Verifier._verify_signed_timestamp [function] [call site] 00071
9 certificate_authority.certificates [function] [call site] 00072
9 <builtin>.len [function] [call site] 00073
9 _logger.debug [function] [call site] 00074
9 rfc3161_client.VerifierBuilder [function] [call site] 00075
9 rfc3161_client.VerifierBuilder.tsa_certificate [function] [call site] 00076
9 builder.add_intermediate_certificate [function] [call site] 00077
9 builder.build [function] [call site] 00078
9 verifier.verify_message [function] [call site] 00079
9 _logger.debug [function] [call site] 00080
9 _logger.debug [function] [call site] 00081
7 verified_timestamps.extend [function] [call site] 00082
7 verified_timestamps.append [function] [call site] 00083
7 datetime.datetime.fromtimestamp [function] [call site] 00084
6 <builtin>.len [function] [call site] 00085
6 OpenSSL.crypto.X509.from_cryptography [function] [call site] 00086
6 sigstore.verify.verifier.Verifier._verify_chain_at_time [function] [call site] 00087
7 OpenSSL.crypto.X509Store [function] [call site] 00088
7 OpenSSL.crypto.X509Store.set_flags [function] [call site] 00089
7 OpenSSL.crypto.X509Store.add_cert [function] [call site] 00090
7 OpenSSL.crypto.X509Store.set_time [function] [call site] 00091
7 OpenSSL.crypto.X509StoreContext [function] [call site] 00092
7 OpenSSL.crypto.X509StoreContext.get_verified_chain [function] [call site] 00093
6 sigstore._internal.sct.verify_sct [function] [call site] 00094
7 sigstore._internal.sct._get_signed_certificate_timestamp [function] [call site] 00095
8 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00096
8 <builtin>.len [function] [call site] 00097
7 sigstore._internal.sct._get_issuer_cert [function] [call site] 00098
8 sigstore._internal.sct._is_preissuer [function] [call site] 00099
9 issuer.extensions.get_extension_for_class [function] [call site] 00100
7 issuer_cert.public_key [function] [call site] 00101
7 sigstore._internal.sct._cert_is_ca [function] [call site] 00102
8 _logger.debug [function] [call site] 00103
8 sigstore._utils.cert_is_ca [function] [call site] 00104
8 _logger.debug [function] [call site] 00105
7 <builtin>.isinstance [function] [call site] 00106
7 sigstore._utils.key_id [function] [call site] 00107
8 key.public_bytes [function] [call site] 00108
8 hashlib.sha256 [function] [call site] 00109
8 typing.NewType [function] [call site] 00110
7 sigstore._internal.sct._pack_digitally_signed [function] [call site] 00111
8 <builtin>.len [function] [call site] 00112
8 sigstore._internal.sct._pack_signed_entry [function] [call site] 00113
9 typing.cast.bundle.signing_certificate.public_bytes [function] [call site] 00114
9 <builtin>.len [function] [call site] 00115
9 fields.append [function] [call site] 00116
9 struct.unpack [function] [call site] 00117
9 <builtin>.len [function] [call site] 00118
9 struct.pack [function] [call site] 00119
9 <builtin>.len [function] [call site] 00120
9 pack_format.format [function] [call site] 00121
9 fields.extend [function] [call site] 00122
9 struct.pack [function] [call site] 00123
8 <builtin>.len [function] [call site] 00124
8 sct.timestamp.replace [function] [call site] 00125
8 struct.pack [function] [call site] 00126
8 timestamp.timestamp [function] [call site] 00127
8 <builtin>.int [function] [call site] 00128
8 <builtin>.len [function] [call site] 00129
7 <builtin>.isinstance [function] [call site] 00130
7 sct.log_id.hex [function] [call site] 00131
7 _logger.debug [function] [call site] 00132
7 ct_keyring.verify [function] [call site] 00133
7 typing.NewType [function] [call site] 00134
6 parent_cert.to_cryptography [function] [call site] 00135
6 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00136
6 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00137
6 sigstore.verify.policy.Identity.verify [function] [call site] 00138
7 sigstore.verify.policy._SingleX509ExtPolicy.verify [function] [call site] 00139
8 typing.cast.bundle.signing_certificate.extensions.get_extension_for_oid [function] [call site] 00140
8 ext.value.decode [function] [call site] 00141
7 typing.cast.bundle.signing_certificate.extensions.get_extension_for_class [function] [call site] 00142
7 san_ext.get_values_for_type [function] [call site] 00143
7 <builtin>.set [function] [call site] 00144
7 san_ext.get_values_for_type [function] [call site] 00145
7 all_sans.update [function] [call site] 00146
7 all_sans.update [function] [call site] 00147
7 on.value.decode [function] [call site] 00148
7 san_ext.get_values_for_type [function] [call site] 00149
6 _logger.debug [function] [call site] 00150
6 typing.cast.bundle.log_entry._verify [function] [call site] 00151
5 typing.cast.bundle.signing_certificate.public_key [function] [call site] 00152
5 typing.cast [function] [call site] 00153
5 sigstore.dsse._verify [function] [call site] 00154
6 sigstore.dsse._pae [function] [call site] 00155
7 <builtin>.len [function] [call site] 00156
6 <builtin>.len [function] [call site] 00157
6 cryptography.hazmat.primitives.asymmetric.ec.ECDSA.__init__ [function] [call site] 00158
7 cryptography.hazmat.backends.openssl.backend.Backend.ecdsa_deterministic_supported [function] [call site] 00159
6 typing.cast.verify [function] [call site] 00160
5 sigstore.verify.verifier._validate_dsse_v002_entry_body [function] [call site] 00161
6 sigstore_models.rekor.v2.entry.Entry.from_json [function] [call site] 00162
6 sigstore._utils.sha256_digest [function] [call site] 00163
7 <builtin>.isinstance [function] [call site] 00164
7 <builtin>.isinstance [function] [call site] 00165
7 hashlib.sha256 [function] [call site] 00166
7 sigstore._utils._sha256_streaming [function] [call site] 00167
8 hashlib.sha256 [function] [call site] 00168
8 <builtin>.bytearray [function] [call site] 00169
8 <builtin>.memoryview [function] [call site] 00170
8 io.readinto [function] [call site] 00171
8 sha256.update [function] [call site] 00172
8 io.readinto [function] [call site] 00173
8 sha256.digest [function] [call site] 00174
6 sigstore_models.rekor.v2.verifier.Signature [function] [call site] 00175
6 base64.b64encode [function] [call site] 00176
6 sigstore.verify.verifier._v2_verifier_from_certificate [function] [call site] 00177
7 typing.cast.bundle.signing_certificate.public_key [function] [call site] 00178
7 <builtin>.isinstance [function] [call site] 00179
7 <builtin>.isinstance [function] [call site] 00180
7 <builtin>.isinstance [function] [call site] 00181
7 <builtin>.isinstance [function] [call site] 00182
7 sigstore_models.rekor.v2.verifier.Verifier [function] [call site] 00183
7 sigstore_models.common.v1.X509Certificate [function] [call site] 00184
7 base64.b64encode [function] [call site] 00185
7 typing.cast.bundle.signing_certificate.public_bytes [function] [call site] 00186
5 sigstore.verify.verifier._validate_dsse_v001_entry_body [function] [call site] 00187
6 rekor_types.Dsse.model_validate_json [function] [call site] 00188
6 sigstore._utils.sha256_digest [function] [call site] 00189
6 typing.cast.bundle._dsse_envelope._inner.payload.digest.hex [function] [call site] 00190
6 rekor_types.dsse.Signature [function] [call site] 00191
6 base64.b64encode [function] [call site] 00192
6 sigstore._utils.base64_encode_pem_cert [function] [call site] 00193
7 typing.NewType [function] [call site] 00194
7 typing.cast.bundle.signing_certificate.public_bytes [function] [call site] 00195
7 base64.b64encode [function] [call site] 00196
3 json.loads [function] [call site] 00197
3 model_signing._signing.signing.dsse_payload_to_manifest [function] [call site] 00198
4 model_signing._signing.signing.dsse_payload_to_manifest_compat [function] [call site] 00199
5 model_signing.manifest.SerializationType.from_args [function] [call site] 00200
6 subclass._from_args [function] [call site] 00201
5 bytes.fromhex [function] [call site] 00202
5 serialization.new_item [function] [call site] 00203
5 items.append [function] [call site] 00204
5 model_signing.manifest.Manifest.__init__ [function] [call site] 00205
4 <builtin>.len [function] [call site] 00206
4 model_signing.manifest.SerializationType.from_args [function] [call site] 00207
4 model_signing._hashing.memory.SHA256.__init__ [function] [call site] 00208
5 hashlib.sha256 [function] [call site] 00209
4 bytes.fromhex [function] [call site] 00210
4 model_signing._hashing.memory.SHA256.update [function] [call site] 00211
4 serialization.new_item [function] [call site] 00212
4 items.append [function] [call site] 00213
4 model_signing._hashing.memory.SHA256.compute [function] [call site] 00214
4 model_signing.manifest.Manifest.__init__ [function] [call site] 00215
2 model_signing.verifying.Config._guess_hashing_config [function] [call site] 00216
3 <builtin>.frozenset [function] [call site] 00217
3 <builtin>.frozenset [function] [call site] 00218
2 utils._build_hashing_config_from_fdp.add_ignored_paths [function] [call site] 00219
2 model_signing.manifest.Manifest.resource_descriptors [function] [call site] 00220
3 <builtin>.sorted [function] [call site] 00221
3 <builtin>.str [function] [call site] 00222
2 model_signing.verifying.Config._hashing_config.hash [function] [call site] 00223
2 model_signing.verifying.Config._get_manifest_diff [function] [call site] 00224
3 actual.resource_descriptors [function] [call site] 00225
3 model_signing.manifest.Manifest.resource_descriptors [function] [call site] 00226
3 actual_hashes.keys [function] [call site] 00227
3 <builtin>.set [function] [call site] 00228
3 <builtin>.set [function] [call site] 00229
3 expected_hashes.keys [function] [call site] 00230
3 diffs.append [function] [call site] 00231
3 <builtin>.sorted [function] [call site] 00232
3 expected_hashes.keys [function] [call site] 00233
3 <builtin>.set [function] [call site] 00234
3 <builtin>.set [function] [call site] 00235
3 actual_hashes.keys [function] [call site] 00236
3 diffs.append [function] [call site] 00237
3 <builtin>.sorted [function] [call site] 00238
3 actual_hashes.keys [function] [call site] 00239
3 <builtin>.set [function] [call site] 00240
3 expected_hashes.keys [function] [call site] 00241
3 <builtin>.set [function] [call site] 00242
3 <builtin>.sorted [function] [call site] 00243
3 diffs.append [function] [call site] 00244