Fuzz introspector: fuzz_sign_then_mutate_verify_with_valid_key
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
41 107 sigstore.oidc.IdentityToken.__init__ call site: 00107 sigstore.oidc.Issuer.identity_token
26 62 sigstore._internal.tuf.TrustUpdater.get_signing_config_path call site: 00062 sigstore.models.ClientTrustConfig.from_tuf
23 37 sigstore._internal.tuf.TrustUpdater.__init__ call site: 00037 sigstore._internal.tuf.TrustUpdater.get_trusted_root_path
18 154 model_signing._signing.sign_sigstore_pb.pae call site: 00154 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material
6 25 sigstore._internal.tuf.TrustUpdater.__init__ call site: 00025 sigstore._internal.tuf._get_dirs
5 19 ...model-transparency.tests.fuzzing.fuzz_sign_then_mutate_verify_with_valid_key.TestOneInput call site: 00019 sigstore.models.ClientTrustConfig.from_tuf
4 102 sigstore.dsse.Statement.__init__ call site: 00102 sigstore.oidc.IdentityToken.__init__
3 33 sigstore._internal.tuf.TrustUpdater.__init__ call site: 00033 urllib.parse.quote
3 149 model_signing.signing.Config.sign call site: 00149 model_signing._signing.sign_sigstore_pb.pae
2 1 ...model-transparency.tests.fuzzing.fuzz_sign_then_mutate_verify_with_valid_key.TestOneInput call site: 00001 tempfile.TemporaryDirectory
1 99 model_signing.signing.Config.sign call site: 00099 sigstore.dsse.Statement.__init__
1 174 model_signing.signing.Config.sign call site: 00174 path.write_text

Fuzzer calltree

0 ...model-transparency.tests.fuzzing.fuzz_sign_then_mutate_verify_with_valid_key.TestOneInput [function] [call site] 00000
1 atheris.FuzzedDataProvider [function] [call site] 00001
1 tempfile.TemporaryDirectory [function] [call site] 00002
1 tempfile.TemporaryDirectory [function] [call site] 00003
1 pathlib.Path [function] [call site] 00004
1 utils.create_fuzz_files [function] [call site] 00005
1 utils.any_files [function] [call site] 00006
1 <builtin>.str [function] [call site] 00007
1 os.path.join [function] [call site] 00008
1 ...model-transparency.tests.fuzzing.fuzz_sign_then_mutate_verify_with_valid_key._pick_key_spec [function] [call site] 00009
2 <builtin>.len [function] [call site] 00010
2 fdp.ConsumeIntInRange [function] [call site] 00011
1 utils._build_hashing_config_from_fdp [function] [call site] 00012
1 model_signing.signing.Config.__init__ [function] [call site] 00013
2 hashing.Config [function] [call site] 00014
1 model_signing.signing.Config.set_hashing_config [function] [call site] 00015
1 model_signing.signing.Config.use_elliptic_key_signer [function] [call site] 00016
2 pathlib.Path [function] [call site] 00017
2 ec_key.Signer [function] [call site] 00018
1 model_signing.signing.Config.sign [function] [call site] 00019
2 model_signing.signing.Config.use_sigstore_signer [function] [call site] 00020
3 model_signing._signing.sign_sigstore.Signer.__init__ [function] [call site] 00021
4 sigstore.models.ClientTrustConfig.staging [function] [call site] 00022
5 sigstore.models.ClientTrustConfig.from_tuf [function] [call site] 00023
6 sigstore._internal.tuf.TrustUpdater.__init__ [function] [call site] 00024
7 url.rstrip [function] [call site] 00025
7 sigstore._internal.tuf._get_dirs [function] [call site] 00026
8 urllib.parse.quote [function] [call site] 00027
8 platformdirs.user_data_dir [function] [call site] 00028
8 pathlib.Path [function] [call site] 00029
8 platformdirs.user_cache_dir [function] [call site] 00030
8 pathlib.Path [function] [call site] 00031
7 artifact_path.exists [function] [call site] 00032
7 sigstore._utils.read_embedded [function] [call site] 00033
8 urllib.parse.quote [function] [call site] 00034
8 importlib_resources.files [function] [call site] 00035
8 importlib.resources.files [function] [call site] 00036
7 artifact_path.write_bytes [function] [call site] 00037
7 _logger.debug [function] [call site] 00038
7 _logger.debug [function] [call site] 00039
7 _logger.warning [function] [call site] 00040
7 sigstore._utils.read_embedded [function] [call site] 00041
7 bootstrap_root.read_bytes [function] [call site] 00042
7 tuf.ngclient.Updater [function] [call site] 00043
7 <builtin>.str [function] [call site] 00044
7 urllib.parse.urljoin [function] [call site] 00045
7 <builtin>.str [function] [call site] 00046
7 tuf.ngclient.UpdaterConfig [function] [call site] 00047
7 tuf.ngclient.Updater.refresh [function] [call site] 00048
6 sigstore._internal.tuf.TrustUpdater.get_trusted_root_path [function] [call site] 00049
7 _logger.debug [function] [call site] 00050
7 <builtin>.str [function] [call site] 00051
7 tuf.ngclient.Updater.get_targetinfo [function] [call site] 00052
7 tuf.ngclient.Updater.find_cached_target [function] [call site] 00053
7 tuf.ngclient.Updater.download_target [function] [call site] 00054
7 _logger.debug [function] [call site] 00055
6 pathlib.Path [function] [call site] 00056
6 pathlib.Path.read_bytes [function] [call site] 00057
6 sigstore_models.trustroot.v1.TrustedRoot.from_json [function] [call site] 00058
6 sigstore._internal.tuf.TrustUpdater.get_signing_config_path [function] [call site] 00059
7 _logger.debug [function] [call site] 00060
7 <builtin>.str [function] [call site] 00061
7 tuf.ngclient.Updater.get_targetinfo [function] [call site] 00062
7 tuf.ngclient.Updater.find_cached_target [function] [call site] 00063
7 tuf.ngclient.Updater.download_target [function] [call site] 00064
7 _logger.debug [function] [call site] 00065
6 pathlib.Path [function] [call site] 00066
6 pathlib.Path.read_bytes [function] [call site] 00067
6 sigstore_models.trustroot.v1.SigningConfig.from_json [function] [call site] 00068
6 sigstore.models.ClientTrustConfig.__init__ [function] [call site] 00069
6 sigstore_models.trustroot.v1.ClientTrustConfig [function] [call site] 00070
4 sigstore.models.ClientTrustConfig.from_json [function] [call site] 00071
5 sigstore_models.trustroot.v1.ClientTrustConfig.from_json [function] [call site] 00072
5 sigstore.models.ClientTrustConfig.__init__ [function] [call site] 00073
4 trust_config.read_text [function] [call site] 00074
4 sigstore.models.ClientTrustConfig.production [function] [call site] 00075
5 sigstore.models.ClientTrustConfig.from_tuf [function] [call site] 00076
4 trust_config.signing_config.get_oidc_url [function] [call site] 00077
4 sigstore.oidc.Issuer.__init__ [function] [call site] 00078
5 requests.Session [function] [call site] 00079
5 urllib.parse.urljoin [function] [call site] 00080
5 resp.raise_for_status [function] [call site] 00081
5 resp.json [function] [call site] 00082
5 pydantic.BaseModel.model_validate [function] [call site] 00083
4 sigstore.sign.SigningContext.from_trust_config [function] [call site] 00084
5 sigstore.sign.SigningContext.__init__ [function] [call site] 00085
5 signing_config.get_fulcio [function] [call site] 00086
5 signing_config.get_tlogs [function] [call site] 00087
5 signing_config.get_tsas [function] [call site] 00088
2 model_signing.signing.Config._hashing_config.hash [function] [call site] 00089
2 model_signing._signing.signing.Payload.__init__ [function] [call site] 00090
3 model_signing._hashing.memory.SHA256.__init__ [function] [call site] 00091
4 hashlib.sha256 [function] [call site] 00092
3 manifest.resource_descriptors [function] [call site] 00093
3 model_signing._hashing.memory.SHA256.update [function] [call site] 00094
3 resources.append [function] [call site] 00095
3 model_signing._hashing.memory.SHA256.compute [function] [call site] 00096
3 statement.ResourceDescriptor [function] [call site] 00097
3 statement.Statement [function] [call site] 00098
2 model_signing._signing.sign_sigstore.Signer.sign [function] [call site] 00099
3 sigstore.dsse.Statement.__init__ [function] [call site] 00100
4 <builtin>.isinstance [function] [call site] 00101
4 pydantic.BaseModel.model_validate_json [function] [call site] 00102
4 pydantic.BaseModel.model_dump_json [function] [call site] 00103
3 google.protobuf.json_format.MessageToJson [function] [call site] 00104
3 model_signing._signing.sign_sigstore.Signer._get_identity_token [function] [call site] 00105
4 sigstore.oidc.IdentityToken.__init__ [function] [call site] 00106
5 jwt.decode [function] [call site] 00107
5 sigstore.oidc.IdentityToken.in_validity_period [function] [call site] 00108
6 datetime.datetime.now [function] [call site] 00109
5 _KNOWN_OIDC_ISSUERS.get [function] [call site] 00110
5 <builtin>.str [function] [call site] 00111
5 <builtin>.str [function] [call site] 00112
5 <builtin>.isinstance [function] [call site] 00113
5 federated_claims.get [function] [call site] 00114
5 <builtin>.isinstance [function] [call site] 00115
4 sigstore.oidc.detect_credential [function] [call site] 00116
5 id.detect_credential [function] [call site] 00117
5 typing.cast [function] [call site] 00118
5 sigstore.oidc.IdentityError.raise_from_id [function] [call site] 00119
4 sigstore.oidc.IdentityToken.__init__ [function] [call site] 00120
4 sigstore.oidc.Issuer.identity_token [function] [call site] 00121
5 sigstore._internal.oidc.oauth._OAuthFlow.__init__ [function] [call site] 00122
6 sigstore._internal.oidc.oauth._OAuthRedirectServer.__init__ [function] [call site] 00123
7 <builtin>.super [function] [call site] 00124
7 sigstore._internal.oidc.oauth._OAuthSession.__init__ [function] [call site] 00125
8 uuid.uuid4 [function] [call site] 00126
8 <builtin>.str [function] [call site] 00127
8 uuid.uuid4 [function] [call site] 00128
8 <builtin>.str [function] [call site] 00129
8 typing.NewType [function] [call site] 00130
8 os.urandom [function] [call site] 00131
8 base64.urlsafe_b64encode [function] [call site] 00132
6 threading.Thread [function] [call site] 00133
5 webbrowser.open [function] [call site] 00134
5 <builtin>.print [function] [call site] 00135
5 server.enable_oob [function] [call site] 00136
5 <builtin>.print [function] [call site] 00137
5 server.is_oob [function] [call site] 00138
5 time.sleep [function] [call site] 00139
5 server.auth_response.get [function] [call site] 00140
5 <builtin>.input [function] [call site] 00141
5 logging.debug [function] [call site] 00142
5 resp.raise_for_status [function] [call site] 00143
5 resp.json [function] [call site] 00144
5 token_json.get [function] [call site] 00145
5 sigstore.oidc.IdentityToken.__init__ [function] [call site] 00146
3 signer.sign_dsse [function] [call site] 00147
3 model_signing._signing.sign_sigstore.Signature.__init__ [function] [call site] 00148
2 model_signing._signing.sign_pkcs11.Signer.sign [function] [call site] 00149
3 google.protobuf.json_format.MessageToJson [function] [call site] 00150
3 ec_key.get_ec_key_hash [function] [call site] 00151
3 model_signing._signing.sign_sigstore_pb.pae [function] [call site] 00152
4 <builtin>.len [function] [call site] 00153
4 <builtin>.len [function] [call site] 00154
3 hash.update [function] [call site] 00155
3 hash.finalize [function] [call site] 00156
3 PyKCS11.Mechanism [function] [call site] 00157
3 asn1crypto.algos.DSASignature.from_p1363 [function] [call site] 00158
3 base64.b64encode [function] [call site] 00159
3 sigstore_models.intoto.Signature [function] [call site] 00160
3 sigstore_models.intoto.Envelope [function] [call site] 00161
3 base64.b64encode [function] [call site] 00162
3 model_signing._signing.sign_sigstore_pb.Signature.__init__ [function] [call site] 00163
3 sigstore_models.bundle.v1.Bundle [function] [call site] 00164
3 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material [function] [call site] 00165
4 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material._to_protobuf_certificate [function] [call site] 00166
5 sigstore_models.common.v1.X509Certificate [function] [call site] 00167
5 certificate.public_bytes [function] [call site] 00168
4 chain.extend [function] [call site] 00169
4 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material._to_protobuf_certificate [function] [call site] 00170
4 sigstore_models.bundle.v1.VerificationMaterial [function] [call site] 00171
4 sigstore_models.common.v1.X509CertificateChain [function] [call site] 00172
2 pathlib.Path [function] [call site] 00173
2 model_signing._signing.sign_sigstore.Signature.write [function] [call site] 00174
3 path.write_text [function] [call site] 00175
2 model_signing._signing.sign_sigstore_pb.Signature.write [function] [call site] 00176
3 path.write_text [function] [call site] 00177
1 pathlib.Path.rglob [function] [call site] 00178
1 p.is_file [function] [call site] 00179
1 <builtin>.len [function] [call site] 00180
1 fdp.ConsumeIntInRange [function] [call site] 00181
1 target.read_bytes [function] [call site] 00182
1 fdp.ConsumeIntInRange [function] [call site] 00183
1 fdp.ConsumeBytes [function] [call site] 00184
1 target.relative_to [function] [call site] 00185
1 utils.safe_write [function] [call site] 00186
1 model_signing.verifying.Config [function] [call site] 00187
1 vcfg.set_hashing_config [function] [call site] 00188
1 vcfg.use_elliptic_key_verifier [function] [call site] 00189
1 verifier.verify [function] [call site] 00190