Fuzz introspector: fuzz_simple_sigstore
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
41 154 sigstore.oidc.IdentityToken.__init__ call site: 00154 sigstore.oidc.Issuer.identity_token
26 83 sigstore._internal.tuf.TrustUpdater.get_signing_config_path call site: 00083 sigstore.models.ClientTrustConfig.from_tuf
23 58 sigstore._internal.tuf.TrustUpdater.__init__ call site: 00058 sigstore._internal.tuf.TrustUpdater.get_trusted_root_path
18 127 model_signing._signing.sign_sigstore_pb.pae call site: 00127 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material
15 1 ...model-transparency.tests.fuzzing.fuzz_simple_sigstore.TestOneInput call site: 00001 sigstore.models.TrustedRoot.from_file
6 46 sigstore._internal.tuf.TrustUpdater.__init__ call site: 00046 sigstore._internal.tuf._get_dirs
4 41 ...model-transparency.tests.fuzzing.fuzz_simple_sigstore.TestOneInput call site: 00041 sigstore.models.ClientTrustConfig.from_tuf
4 149 sigstore.dsse.Statement.__init__ call site: 00149 sigstore.oidc.IdentityToken.__init__
3 54 sigstore._internal.tuf.TrustUpdater.__init__ call site: 00054 urllib.parse.quote
3 122 model_signing.signing.Config.sign call site: 00122 model_signing._signing.sign_sigstore_pb.pae
2 18 ...model-transparency.tests.fuzzing.fuzz_simple_sigstore.TestOneInput call site: 00018 tempfile.TemporaryDirectory
2 22 ...model-transparency.tests.fuzzing.fuzz_simple_sigstore.TestOneInput call site: 00022 pathlib.Path

Fuzzer calltree

0 ...model-transparency.tests.fuzzing.fuzz_simple_sigstore.TestOneInput [function] [call site] 00000
1 atheris.FuzzedDataProvider [function] [call site] 00001
1 fdp.ConsumeIntInRange [function] [call site] 00002
1 fdp.ConsumeBytes [function] [call site] 00003
1 tempfile.NamedTemporaryFile [function] [call site] 00004
1 pathlib.Path [function] [call site] 00005
1 tmp_tr.write [function] [call site] 00006
1 <builtin>.str [function] [call site] 00007
1 sigstore.models.TrustedRoot.from_file [function] [call site] 00008
2 pathlib.Path [function] [call site] 00009
2 pathlib.Path.read_bytes [function] [call site] 00010
2 sigstore_models.trustroot.v1.TrustedRoot.from_json [function] [call site] 00011
2 sigstore.models.TrustedRoot.__init__ [function] [call site] 00012
3 sigstore.models.TrustedRoot._verify [function] [call site] 00013
4 enum.Enum.__init__ [function] [call site] 00014
1 os.unlink [function] [call site] 00015
1 tempfile.TemporaryDirectory [function] [call site] 00016
1 tempfile.TemporaryDirectory [function] [call site] 00017
1 tempfile.TemporaryDirectory [function] [call site] 00018
1 tempfile.TemporaryDirectory [function] [call site] 00019
1 pathlib.Path [function] [call site] 00020
1 utils.create_fuzz_files [function] [call site] 00021
1 utils.any_files [function] [call site] 00022
1 pathlib.Path [function] [call site] 00023
1 pathlib.Path [function] [call site] 00024
1 ...model-transparency.tests.fuzzing.fuzz_simple_sigstore._patch_sigstore_get_dirs [function] [call site] 00025
2 importlib.import_module [function] [call site] 00026
1 ...model-transparency.tests.fuzzing.fuzz_simple_sigstore._patch_trust_updater_offline_default_true [function] [call site] 00027
2 importlib.import_module [function] [call site] 00028
1 pathlib.Path.write_bytes [function] [call site] 00029
1 fdp.ConsumeIntInRange [function] [call site] 00030
1 fdp.ConsumeBytes [function] [call site] 00031
1 pathlib.Path.write_bytes [function] [call site] 00032
1 pathlib.Path [function] [call site] 00033
1 fdp.ConsumeBytes [function] [call site] 00034
1 fdp.ConsumeBytes [function] [call site] 00035
1 fdp.ConsumeBytes [function] [call site] 00036
1 utils._build_hashing_config_from_fdp [function] [call site] 00037
1 model_signing.signing.Config.__init__ [function] [call site] 00038
2 hashing.Config [function] [call site] 00039
1 model_signing.signing.Config.set_hashing_config [function] [call site] 00040
1 model_signing.signing.Config.use_sigstore_signer [function] [call site] 00041
2 model_signing._signing.sign_sigstore.Signer.__init__ [function] [call site] 00042
3 sigstore.models.ClientTrustConfig.staging [function] [call site] 00043
4 sigstore.models.ClientTrustConfig.from_tuf [function] [call site] 00044
5 sigstore._internal.tuf.TrustUpdater.__init__ [function] [call site] 00045
6 url.rstrip [function] [call site] 00046
6 sigstore._internal.tuf._get_dirs [function] [call site] 00047
7 urllib.parse.quote [function] [call site] 00048
7 platformdirs.user_data_dir [function] [call site] 00049
7 pathlib.Path [function] [call site] 00050
7 platformdirs.user_cache_dir [function] [call site] 00051
7 pathlib.Path [function] [call site] 00052
6 artifact_path.exists [function] [call site] 00053
6 sigstore._utils.read_embedded [function] [call site] 00054
7 urllib.parse.quote [function] [call site] 00055
7 importlib_resources.files [function] [call site] 00056
7 importlib.resources.files [function] [call site] 00057
6 artifact_path.write_bytes [function] [call site] 00058
6 _logger.debug [function] [call site] 00059
6 _logger.debug [function] [call site] 00060
6 _logger.warning [function] [call site] 00061
6 sigstore._utils.read_embedded [function] [call site] 00062
6 bootstrap_root.read_bytes [function] [call site] 00063
6 tuf.ngclient.Updater [function] [call site] 00064
6 <builtin>.str [function] [call site] 00065
6 urllib.parse.urljoin [function] [call site] 00066
6 <builtin>.str [function] [call site] 00067
6 tuf.ngclient.UpdaterConfig [function] [call site] 00068
6 tuf.ngclient.Updater.refresh [function] [call site] 00069
5 sigstore._internal.tuf.TrustUpdater.get_trusted_root_path [function] [call site] 00070
6 _logger.debug [function] [call site] 00071
6 <builtin>.str [function] [call site] 00072
6 tuf.ngclient.Updater.get_targetinfo [function] [call site] 00073
6 tuf.ngclient.Updater.find_cached_target [function] [call site] 00074
6 tuf.ngclient.Updater.download_target [function] [call site] 00075
6 _logger.debug [function] [call site] 00076
5 pathlib.Path [function] [call site] 00077
5 pathlib.Path.read_bytes [function] [call site] 00078
5 sigstore_models.trustroot.v1.TrustedRoot.from_json [function] [call site] 00079
5 sigstore._internal.tuf.TrustUpdater.get_signing_config_path [function] [call site] 00080
6 _logger.debug [function] [call site] 00081
6 <builtin>.str [function] [call site] 00082
6 tuf.ngclient.Updater.get_targetinfo [function] [call site] 00083
6 tuf.ngclient.Updater.find_cached_target [function] [call site] 00084
6 tuf.ngclient.Updater.download_target [function] [call site] 00085
6 _logger.debug [function] [call site] 00086
5 pathlib.Path [function] [call site] 00087
5 pathlib.Path.read_bytes [function] [call site] 00088
5 sigstore_models.trustroot.v1.SigningConfig.from_json [function] [call site] 00089
5 sigstore.models.ClientTrustConfig.__init__ [function] [call site] 00090
5 sigstore_models.trustroot.v1.ClientTrustConfig [function] [call site] 00091
3 sigstore.models.ClientTrustConfig.from_json [function] [call site] 00092
4 sigstore_models.trustroot.v1.ClientTrustConfig.from_json [function] [call site] 00093
4 sigstore.models.ClientTrustConfig.__init__ [function] [call site] 00094
3 trust_config.read_text [function] [call site] 00095
3 sigstore.models.ClientTrustConfig.production [function] [call site] 00096
4 sigstore.models.ClientTrustConfig.from_tuf [function] [call site] 00097
3 trust_config.signing_config.get_oidc_url [function] [call site] 00098
3 sigstore.oidc.Issuer.__init__ [function] [call site] 00099
4 requests.Session [function] [call site] 00100
4 urllib.parse.urljoin [function] [call site] 00101
4 resp.raise_for_status [function] [call site] 00102
4 resp.json [function] [call site] 00103
4 pydantic.BaseModel.model_validate [function] [call site] 00104
3 sigstore.sign.SigningContext.from_trust_config [function] [call site] 00105
4 sigstore.sign.SigningContext.__init__ [function] [call site] 00106
4 signing_config.get_fulcio [function] [call site] 00107
4 signing_config.get_tlogs [function] [call site] 00108
4 signing_config.get_tsas [function] [call site] 00109
1 model_signing.signing.Config.sign [function] [call site] 00110
2 model_signing.signing.Config.use_sigstore_signer [function] [call site] 00111
2 model_signing.signing.Config._hashing_config.hash [function] [call site] 00112
2 model_signing._signing.signing.Payload.__init__ [function] [call site] 00113
3 model_signing._hashing.memory.SHA256.__init__ [function] [call site] 00114
4 hashlib.sha256 [function] [call site] 00115
3 manifest.resource_descriptors [function] [call site] 00116
3 model_signing._hashing.memory.SHA256.update [function] [call site] 00117
3 resources.append [function] [call site] 00118
3 model_signing._hashing.memory.SHA256.compute [function] [call site] 00119
3 statement.ResourceDescriptor [function] [call site] 00120
3 statement.Statement [function] [call site] 00121
2 model_signing._signing.sign_pkcs11.Signer.sign [function] [call site] 00122
3 google.protobuf.json_format.MessageToJson [function] [call site] 00123
3 ec_key.get_ec_key_hash [function] [call site] 00124
3 model_signing._signing.sign_sigstore_pb.pae [function] [call site] 00125
4 <builtin>.len [function] [call site] 00126
4 <builtin>.len [function] [call site] 00127
3 hash.update [function] [call site] 00128
3 hash.finalize [function] [call site] 00129
3 PyKCS11.Mechanism [function] [call site] 00130
3 asn1crypto.algos.DSASignature.from_p1363 [function] [call site] 00131
3 base64.b64encode [function] [call site] 00132
3 sigstore_models.intoto.Signature [function] [call site] 00133
3 sigstore_models.intoto.Envelope [function] [call site] 00134
3 base64.b64encode [function] [call site] 00135
3 model_signing._signing.sign_sigstore_pb.Signature.__init__ [function] [call site] 00136
3 sigstore_models.bundle.v1.Bundle [function] [call site] 00137
3 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material [function] [call site] 00138
4 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material._to_protobuf_certificate [function] [call site] 00139
5 sigstore_models.common.v1.X509Certificate [function] [call site] 00140
5 certificate.public_bytes [function] [call site] 00141
4 chain.extend [function] [call site] 00142
4 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material._to_protobuf_certificate [function] [call site] 00143
4 sigstore_models.bundle.v1.VerificationMaterial [function] [call site] 00144
4 sigstore_models.common.v1.X509CertificateChain [function] [call site] 00145
2 model_signing._signing.sign_sigstore.Signer.sign [function] [call site] 00146
3 sigstore.dsse.Statement.__init__ [function] [call site] 00147
4 <builtin>.isinstance [function] [call site] 00148
4 pydantic.BaseModel.model_validate_json [function] [call site] 00149
4 pydantic.BaseModel.model_dump_json [function] [call site] 00150
3 google.protobuf.json_format.MessageToJson [function] [call site] 00151
3 model_signing._signing.sign_sigstore.Signer._get_identity_token [function] [call site] 00152
4 sigstore.oidc.IdentityToken.__init__ [function] [call site] 00153
5 jwt.decode [function] [call site] 00154
5 sigstore.oidc.IdentityToken.in_validity_period [function] [call site] 00155
6 datetime.datetime.now [function] [call site] 00156
5 _KNOWN_OIDC_ISSUERS.get [function] [call site] 00157
5 <builtin>.str [function] [call site] 00158
5 <builtin>.str [function] [call site] 00159
5 <builtin>.isinstance [function] [call site] 00160
5 federated_claims.get [function] [call site] 00161
5 <builtin>.isinstance [function] [call site] 00162
4 sigstore.oidc.detect_credential [function] [call site] 00163
5 id.detect_credential [function] [call site] 00164
5 typing.cast [function] [call site] 00165
5 sigstore.oidc.IdentityError.raise_from_id [function] [call site] 00166
4 sigstore.oidc.IdentityToken.__init__ [function] [call site] 00167
4 sigstore.oidc.Issuer.identity_token [function] [call site] 00168
5 sigstore._internal.oidc.oauth._OAuthFlow.__init__ [function] [call site] 00169
6 sigstore._internal.oidc.oauth._OAuthRedirectServer.__init__ [function] [call site] 00170
7 <builtin>.super [function] [call site] 00171
7 sigstore._internal.oidc.oauth._OAuthSession.__init__ [function] [call site] 00172
8 uuid.uuid4 [function] [call site] 00173
8 <builtin>.str [function] [call site] 00174
8 uuid.uuid4 [function] [call site] 00175
8 <builtin>.str [function] [call site] 00176
8 typing.NewType [function] [call site] 00177
8 os.urandom [function] [call site] 00178
8 base64.urlsafe_b64encode [function] [call site] 00179
6 threading.Thread [function] [call site] 00180
5 webbrowser.open [function] [call site] 00181
5 <builtin>.print [function] [call site] 00182
5 server.enable_oob [function] [call site] 00183
5 <builtin>.print [function] [call site] 00184
5 server.is_oob [function] [call site] 00185
5 time.sleep [function] [call site] 00186
5 server.auth_response.get [function] [call site] 00187
5 <builtin>.input [function] [call site] 00188
5 logging.debug [function] [call site] 00189
5 resp.raise_for_status [function] [call site] 00190
5 resp.json [function] [call site] 00191
5 token_json.get [function] [call site] 00192
5 sigstore.oidc.IdentityToken.__init__ [function] [call site] 00193
3 signer.sign_dsse [function] [call site] 00194
3 model_signing._signing.sign_sigstore.Signature.__init__ [function] [call site] 00195
2 pathlib.Path [function] [call site] 00196
2 model_signing._signing.sign_sigstore_pb.Signature.write [function] [call site] 00197
3 path.write_text [function] [call site] 00198
2 model_signing._signing.sign_sigstore.Signature.write [function] [call site] 00199
3 path.write_text [function] [call site] 00200
1 pathlib.Path.exists [function] [call site] 00201
1 verifying.Config [function] [call site] 00202
1 vc.set_hashing_config [function] [call site] 00203
1 vc.use_sigstore_verifier [function] [call site] 00204
1 vc.verify [function] [call site] 00205