Fuzz introspector: fuzz_sign_with_valid_key_verify_with_invalid_key
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
41 135 sigstore.oidc.IdentityToken.__init__ call site: 00135 sigstore.oidc.Issuer.identity_token
26 61 sigstore._internal.tuf.TrustUpdater.get_signing_config_path call site: 00061 sigstore.models.ClientTrustConfig.from_tuf
23 36 sigstore._internal.tuf.TrustUpdater.__init__ call site: 00036 sigstore._internal.tuf.TrustUpdater.get_trusted_root_path
23 103 model_signing._signing.sign_sigstore_pb.pae call site: 00103 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material
6 1 ...model-transparency.tests.fuzzing.fuzz_sign_with_valid_key_verify_with_invalid_key.TestOneInput call site: 00001 fdp.ConsumeIntInRange
6 24 sigstore._internal.tuf.TrustUpdater.__init__ call site: 00024 sigstore._internal.tuf._get_dirs
5 18 ...model-transparency.tests.fuzzing.fuzz_sign_with_valid_key_verify_with_invalid_key.TestOneInput call site: 00018 sigstore.models.ClientTrustConfig.from_tuf
4 130 sigstore.dsse.Statement.__init__ call site: 00130 sigstore.oidc.IdentityToken.__init__
3 32 sigstore._internal.tuf.TrustUpdater.__init__ call site: 00032 urllib.parse.quote
3 98 model_signing.signing.Config.sign call site: 00098 model_signing._signing.sign_sigstore_pb.pae
2 181 model_signing._signing.sign_sigstore_pb.Signature.write call site: 00181 os.path.join
1 127 model_signing.signing.Config.sign call site: 00127 sigstore.dsse.Statement.__init__

Fuzzer calltree

0 ...model-transparency.tests.fuzzing.fuzz_sign_with_valid_key_verify_with_invalid_key.TestOneInput [function] [call site] 00000
1 atheris.FuzzedDataProvider [function] [call site] 00001
1 fdp.ConsumeIntInRange [function] [call site] 00002
1 fdp.ConsumeBytes [function] [call site] 00003
1 tempfile.TemporaryDirectory [function] [call site] 00004
1 tempfile.TemporaryDirectory [function] [call site] 00005
1 pathlib.Path [function] [call site] 00006
1 utils.create_fuzz_files [function] [call site] 00007
1 utils.any_files [function] [call site] 00008
1 <builtin>.str [function] [call site] 00009
1 os.path.join [function] [call site] 00010
1 utils._build_hashing_config_from_fdp [function] [call site] 00011
1 model_signing.signing.Config.__init__ [function] [call site] 00012
2 hashing.Config [function] [call site] 00013
1 model_signing.signing.Config.set_hashing_config [function] [call site] 00014
1 model_signing.signing.Config.use_elliptic_key_signer [function] [call site] 00015
2 pathlib.Path [function] [call site] 00016
2 ec_key.Signer [function] [call site] 00017
1 model_signing.signing.Config.sign [function] [call site] 00018
2 model_signing.signing.Config.use_sigstore_signer [function] [call site] 00019
3 model_signing._signing.sign_sigstore.Signer.__init__ [function] [call site] 00020
4 sigstore.models.ClientTrustConfig.staging [function] [call site] 00021
5 sigstore.models.ClientTrustConfig.from_tuf [function] [call site] 00022
6 sigstore._internal.tuf.TrustUpdater.__init__ [function] [call site] 00023
7 url.rstrip [function] [call site] 00024
7 sigstore._internal.tuf._get_dirs [function] [call site] 00025
8 urllib.parse.quote [function] [call site] 00026
8 platformdirs.user_data_dir [function] [call site] 00027
8 pathlib.Path [function] [call site] 00028
8 platformdirs.user_cache_dir [function] [call site] 00029
8 pathlib.Path [function] [call site] 00030
7 artifact_path.exists [function] [call site] 00031
7 sigstore._utils.read_embedded [function] [call site] 00032
8 urllib.parse.quote [function] [call site] 00033
8 importlib.resources.files [function] [call site] 00034
8 importlib_resources.files [function] [call site] 00035
7 artifact_path.write_bytes [function] [call site] 00036
7 _logger.debug [function] [call site] 00037
7 _logger.debug [function] [call site] 00038
7 _logger.warning [function] [call site] 00039
7 sigstore._utils.read_embedded [function] [call site] 00040
7 bootstrap_root.read_bytes [function] [call site] 00041
7 tuf.ngclient.Updater [function] [call site] 00042
7 <builtin>.str [function] [call site] 00043
7 urllib.parse.urljoin [function] [call site] 00044
7 <builtin>.str [function] [call site] 00045
7 tuf.ngclient.UpdaterConfig [function] [call site] 00046
7 tuf.ngclient.Updater.refresh [function] [call site] 00047
6 sigstore._internal.tuf.TrustUpdater.get_trusted_root_path [function] [call site] 00048
7 _logger.debug [function] [call site] 00049
7 <builtin>.str [function] [call site] 00050
7 tuf.ngclient.Updater.get_targetinfo [function] [call site] 00051
7 tuf.ngclient.Updater.find_cached_target [function] [call site] 00052
7 tuf.ngclient.Updater.download_target [function] [call site] 00053
7 _logger.debug [function] [call site] 00054
6 pathlib.Path [function] [call site] 00055
6 pathlib.Path.read_bytes [function] [call site] 00056
6 sigstore_models.trustroot.v1.TrustedRoot.from_json [function] [call site] 00057
6 sigstore._internal.tuf.TrustUpdater.get_signing_config_path [function] [call site] 00058
7 _logger.debug [function] [call site] 00059
7 <builtin>.str [function] [call site] 00060
7 tuf.ngclient.Updater.get_targetinfo [function] [call site] 00061
7 tuf.ngclient.Updater.find_cached_target [function] [call site] 00062
7 tuf.ngclient.Updater.download_target [function] [call site] 00063
7 _logger.debug [function] [call site] 00064
6 pathlib.Path [function] [call site] 00065
6 pathlib.Path.read_bytes [function] [call site] 00066
6 sigstore_models.trustroot.v1.SigningConfig.from_json [function] [call site] 00067
6 sigstore.models.ClientTrustConfig.__init__ [function] [call site] 00068
6 sigstore_models.trustroot.v1.ClientTrustConfig [function] [call site] 00069
4 sigstore.models.ClientTrustConfig.from_json [function] [call site] 00070
5 sigstore_models.trustroot.v1.ClientTrustConfig.from_json [function] [call site] 00071
5 sigstore.models.ClientTrustConfig.__init__ [function] [call site] 00072
4 trust_config.read_text [function] [call site] 00073
4 sigstore.models.ClientTrustConfig.production [function] [call site] 00074
5 sigstore.models.ClientTrustConfig.from_tuf [function] [call site] 00075
4 trust_config.signing_config.get_oidc_url [function] [call site] 00076
4 sigstore.oidc.Issuer.__init__ [function] [call site] 00077
5 requests.Session [function] [call site] 00078
5 urllib.parse.urljoin [function] [call site] 00079
5 resp.raise_for_status [function] [call site] 00080
5 resp.json [function] [call site] 00081
5 pydantic.BaseModel.model_validate [function] [call site] 00082
4 sigstore.sign.SigningContext.from_trust_config [function] [call site] 00083
5 sigstore.sign.SigningContext.__init__ [function] [call site] 00084
5 signing_config.get_fulcio [function] [call site] 00085
5 signing_config.get_tlogs [function] [call site] 00086
5 signing_config.get_tsas [function] [call site] 00087
2 model_signing.signing.Config._hashing_config.hash [function] [call site] 00088
2 model_signing._signing.signing.Payload.__init__ [function] [call site] 00089
3 model_signing._hashing.memory.SHA256.__init__ [function] [call site] 00090
4 hashlib.sha256 [function] [call site] 00091
3 manifest.resource_descriptors [function] [call site] 00092
3 model_signing._hashing.memory.SHA256.update [function] [call site] 00093
3 resources.append [function] [call site] 00094
3 model_signing._hashing.memory.SHA256.compute [function] [call site] 00095
3 statement.ResourceDescriptor [function] [call site] 00096
3 statement.Statement [function] [call site] 00097
2 model_signing._signing.sign_pkcs11.Signer.sign [function] [call site] 00098
3 google.protobuf.json_format.MessageToJson [function] [call site] 00099
3 ec_key.get_ec_key_hash [function] [call site] 00100
3 model_signing._signing.sign_sigstore_pb.pae [function] [call site] 00101
4 <builtin>.len [function] [call site] 00102
4 <builtin>.len [function] [call site] 00103
3 hash.update [function] [call site] 00104
3 hash.finalize [function] [call site] 00105
3 PyKCS11.Mechanism [function] [call site] 00106
3 asn1crypto.algos.DSASignature.from_p1363 [function] [call site] 00107
3 base64.b64encode [function] [call site] 00108
3 sigstore_models.intoto.Signature [function] [call site] 00109
3 sigstore_models.intoto.Envelope [function] [call site] 00110
3 base64.b64encode [function] [call site] 00111
3 model_signing._signing.sign_sigstore_pb.Signature.__init__ [function] [call site] 00112
3 sigstore_models.bundle.v1.Bundle [function] [call site] 00113
3 model_signing._signing.sign_pkcs11.Signer._get_verification_material [function] [call site] 00114
4 public_key.public_bytes [function] [call site] 00115
4 hashlib.sha256 [function] [call site] 00116
4 sigstore_models.bundle.v1.VerificationMaterial [function] [call site] 00117
4 sigstore_models.common.v1.PublicKeyIdentifier [function] [call site] 00118
3 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material [function] [call site] 00119
4 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material._to_protobuf_certificate [function] [call site] 00120
5 sigstore_models.common.v1.X509Certificate [function] [call site] 00121
5 certificate.public_bytes [function] [call site] 00122
4 chain.extend [function] [call site] 00123
4 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material._to_protobuf_certificate [function] [call site] 00124
4 sigstore_models.bundle.v1.VerificationMaterial [function] [call site] 00125
4 sigstore_models.common.v1.X509CertificateChain [function] [call site] 00126
2 model_signing._signing.sign_sigstore.Signer.sign [function] [call site] 00127
3 sigstore.dsse.Statement.__init__ [function] [call site] 00128
4 <builtin>.isinstance [function] [call site] 00129
4 pydantic.BaseModel.model_validate_json [function] [call site] 00130
4 pydantic.BaseModel.model_dump_json [function] [call site] 00131
3 google.protobuf.json_format.MessageToJson [function] [call site] 00132
3 model_signing._signing.sign_sigstore.Signer._get_identity_token [function] [call site] 00133
4 sigstore.oidc.IdentityToken.__init__ [function] [call site] 00134
5 jwt.decode [function] [call site] 00135
5 sigstore.oidc.IdentityToken.in_validity_period [function] [call site] 00136
6 datetime.datetime.now [function] [call site] 00137
5 _KNOWN_OIDC_ISSUERS.get [function] [call site] 00138
5 <builtin>.str [function] [call site] 00139
5 <builtin>.str [function] [call site] 00140
5 <builtin>.isinstance [function] [call site] 00141
5 federated_claims.get [function] [call site] 00142
5 <builtin>.isinstance [function] [call site] 00143
4 sigstore.oidc.detect_credential [function] [call site] 00144
5 id.detect_credential [function] [call site] 00145
5 typing.cast [function] [call site] 00146
5 sigstore.oidc.IdentityError.raise_from_id [function] [call site] 00147
4 sigstore.oidc.IdentityToken.__init__ [function] [call site] 00148
4 sigstore.oidc.Issuer.identity_token [function] [call site] 00149
5 sigstore._internal.oidc.oauth._OAuthFlow.__init__ [function] [call site] 00150
6 sigstore._internal.oidc.oauth._OAuthRedirectServer.__init__ [function] [call site] 00151
7 <builtin>.super [function] [call site] 00152
7 sigstore._internal.oidc.oauth._OAuthSession.__init__ [function] [call site] 00153
8 uuid.uuid4 [function] [call site] 00154
8 <builtin>.str [function] [call site] 00155
8 uuid.uuid4 [function] [call site] 00156
8 <builtin>.str [function] [call site] 00157
8 typing.NewType [function] [call site] 00158
8 os.urandom [function] [call site] 00159
8 base64.urlsafe_b64encode [function] [call site] 00160
6 threading.Thread [function] [call site] 00161
5 webbrowser.open [function] [call site] 00162
5 <builtin>.print [function] [call site] 00163
5 server.enable_oob [function] [call site] 00164
5 <builtin>.print [function] [call site] 00165
5 server.is_oob [function] [call site] 00166
5 time.sleep [function] [call site] 00167
5 server.auth_response.get [function] [call site] 00168
5 <builtin>.input [function] [call site] 00169
5 logging.debug [function] [call site] 00170
5 resp.raise_for_status [function] [call site] 00171
5 resp.json [function] [call site] 00172
5 token_json.get [function] [call site] 00173
5 sigstore.oidc.IdentityToken.__init__ [function] [call site] 00174
3 signer.sign_dsse [function] [call site] 00175
3 model_signing._signing.sign_sigstore.Signature.__init__ [function] [call site] 00176
2 pathlib.Path [function] [call site] 00177
2 model_signing._signing.sign_sigstore.Signature.write [function] [call site] 00178
3 path.write_text [function] [call site] 00179
2 model_signing._signing.sign_sigstore_pb.Signature.write [function] [call site] 00180
3 path.write_text [function] [call site] 00181
1 os.path.join [function] [call site] 00182
1 <builtin>.open [function] [call site] 00183
1 f.write [function] [call site] 00184
1 model_signing.verifying.Config [function] [call site] 00185
1 vcfg.set_hashing_config [function] [call site] 00186
1 vcfg.use_elliptic_key_verifier [function] [call site] 00187
1 verifier.verify [function] [call site] 00188