Fuzz introspector: fuzz_sign_with_valid_key_verify_with_invalid_key
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
41 106 sigstore.oidc.IdentityToken.__init__ call site: 00106 sigstore.oidc.Issuer.identity_token
26 61 sigstore._internal.tuf.TrustUpdater.get_signing_config_path call site: 00061 sigstore.models.ClientTrustConfig.from_tuf
23 36 sigstore._internal.tuf.TrustUpdater.__init__ call site: 00036 sigstore._internal.tuf.TrustUpdater.get_trusted_root_path
18 153 model_signing._signing.sign_sigstore_pb.pae call site: 00153 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material
6 1 ...model-transparency.tests.fuzzing.fuzz_sign_with_valid_key_verify_with_invalid_key.TestOneInput call site: 00001 fdp.ConsumeIntInRange
6 24 sigstore._internal.tuf.TrustUpdater.__init__ call site: 00024 sigstore._internal.tuf._get_dirs
5 18 ...model-transparency.tests.fuzzing.fuzz_sign_with_valid_key_verify_with_invalid_key.TestOneInput call site: 00018 sigstore.models.ClientTrustConfig.from_tuf
4 101 sigstore.dsse.Statement.__init__ call site: 00101 sigstore.oidc.IdentityToken.__init__
3 32 sigstore._internal.tuf.TrustUpdater.__init__ call site: 00032 urllib.parse.quote
3 148 model_signing.signing.Config.sign call site: 00148 model_signing._signing.sign_sigstore_pb.pae
2 176 model_signing._signing.sign_sigstore_pb.Signature.write call site: 00176 os.path.join
1 98 model_signing.signing.Config.sign call site: 00098 sigstore.dsse.Statement.__init__

Fuzzer calltree

0 ...model-transparency.tests.fuzzing.fuzz_sign_with_valid_key_verify_with_invalid_key.TestOneInput [function] [call site] 00000
1 atheris.FuzzedDataProvider [function] [call site] 00001
1 fdp.ConsumeIntInRange [function] [call site] 00002
1 fdp.ConsumeBytes [function] [call site] 00003
1 tempfile.TemporaryDirectory [function] [call site] 00004
1 tempfile.TemporaryDirectory [function] [call site] 00005
1 pathlib.Path [function] [call site] 00006
1 utils.create_fuzz_files [function] [call site] 00007
1 utils.any_files [function] [call site] 00008
1 <builtin>.str [function] [call site] 00009
1 os.path.join [function] [call site] 00010
1 utils._build_hashing_config_from_fdp [function] [call site] 00011
1 model_signing.signing.Config.__init__ [function] [call site] 00012
2 hashing.Config [function] [call site] 00013
1 model_signing.signing.Config.set_hashing_config [function] [call site] 00014
1 model_signing.signing.Config.use_elliptic_key_signer [function] [call site] 00015
2 pathlib.Path [function] [call site] 00016
2 ec_key.Signer [function] [call site] 00017
1 model_signing.signing.Config.sign [function] [call site] 00018
2 model_signing.signing.Config.use_sigstore_signer [function] [call site] 00019
3 model_signing._signing.sign_sigstore.Signer.__init__ [function] [call site] 00020
4 sigstore.models.ClientTrustConfig.staging [function] [call site] 00021
5 sigstore.models.ClientTrustConfig.from_tuf [function] [call site] 00022
6 sigstore._internal.tuf.TrustUpdater.__init__ [function] [call site] 00023
7 url.rstrip [function] [call site] 00024
7 sigstore._internal.tuf._get_dirs [function] [call site] 00025
8 urllib.parse.quote [function] [call site] 00026
8 platformdirs.user_data_dir [function] [call site] 00027
8 pathlib.Path [function] [call site] 00028
8 platformdirs.user_cache_dir [function] [call site] 00029
8 pathlib.Path [function] [call site] 00030
7 artifact_path.exists [function] [call site] 00031
7 sigstore._utils.read_embedded [function] [call site] 00032
8 urllib.parse.quote [function] [call site] 00033
8 importlib_resources.files [function] [call site] 00034
8 importlib.resources.files [function] [call site] 00035
7 artifact_path.write_bytes [function] [call site] 00036
7 _logger.debug [function] [call site] 00037
7 _logger.debug [function] [call site] 00038
7 _logger.warning [function] [call site] 00039
7 sigstore._utils.read_embedded [function] [call site] 00040
7 bootstrap_root.read_bytes [function] [call site] 00041
7 tuf.ngclient.Updater [function] [call site] 00042
7 <builtin>.str [function] [call site] 00043
7 urllib.parse.urljoin [function] [call site] 00044
7 <builtin>.str [function] [call site] 00045
7 tuf.ngclient.UpdaterConfig [function] [call site] 00046
7 tuf.ngclient.Updater.refresh [function] [call site] 00047
6 sigstore._internal.tuf.TrustUpdater.get_trusted_root_path [function] [call site] 00048
7 _logger.debug [function] [call site] 00049
7 <builtin>.str [function] [call site] 00050
7 tuf.ngclient.Updater.get_targetinfo [function] [call site] 00051
7 tuf.ngclient.Updater.find_cached_target [function] [call site] 00052
7 tuf.ngclient.Updater.download_target [function] [call site] 00053
7 _logger.debug [function] [call site] 00054
6 pathlib.Path [function] [call site] 00055
6 pathlib.Path.read_bytes [function] [call site] 00056
6 sigstore_models.trustroot.v1.TrustedRoot.from_json [function] [call site] 00057
6 sigstore._internal.tuf.TrustUpdater.get_signing_config_path [function] [call site] 00058
7 _logger.debug [function] [call site] 00059
7 <builtin>.str [function] [call site] 00060
7 tuf.ngclient.Updater.get_targetinfo [function] [call site] 00061
7 tuf.ngclient.Updater.find_cached_target [function] [call site] 00062
7 tuf.ngclient.Updater.download_target [function] [call site] 00063
7 _logger.debug [function] [call site] 00064
6 pathlib.Path [function] [call site] 00065
6 pathlib.Path.read_bytes [function] [call site] 00066
6 sigstore_models.trustroot.v1.SigningConfig.from_json [function] [call site] 00067
6 sigstore.models.ClientTrustConfig.__init__ [function] [call site] 00068
6 sigstore_models.trustroot.v1.ClientTrustConfig [function] [call site] 00069
4 sigstore.models.ClientTrustConfig.from_json [function] [call site] 00070
5 sigstore_models.trustroot.v1.ClientTrustConfig.from_json [function] [call site] 00071
5 sigstore.models.ClientTrustConfig.__init__ [function] [call site] 00072
4 trust_config.read_text [function] [call site] 00073
4 sigstore.models.ClientTrustConfig.production [function] [call site] 00074
5 sigstore.models.ClientTrustConfig.from_tuf [function] [call site] 00075
4 trust_config.signing_config.get_oidc_url [function] [call site] 00076
4 sigstore.oidc.Issuer.__init__ [function] [call site] 00077
5 requests.Session [function] [call site] 00078
5 urllib.parse.urljoin [function] [call site] 00079
5 resp.raise_for_status [function] [call site] 00080
5 resp.json [function] [call site] 00081
5 pydantic.BaseModel.model_validate [function] [call site] 00082
4 sigstore.sign.SigningContext.from_trust_config [function] [call site] 00083
5 sigstore.sign.SigningContext.__init__ [function] [call site] 00084
5 signing_config.get_fulcio [function] [call site] 00085
5 signing_config.get_tlogs [function] [call site] 00086
5 signing_config.get_tsas [function] [call site] 00087
2 model_signing.signing.Config._hashing_config.hash [function] [call site] 00088
2 model_signing._signing.signing.Payload.__init__ [function] [call site] 00089
3 model_signing._hashing.memory.SHA256.__init__ [function] [call site] 00090
4 hashlib.sha256 [function] [call site] 00091
3 manifest.resource_descriptors [function] [call site] 00092
3 model_signing._hashing.memory.SHA256.update [function] [call site] 00093
3 resources.append [function] [call site] 00094
3 model_signing._hashing.memory.SHA256.compute [function] [call site] 00095
3 statement.ResourceDescriptor [function] [call site] 00096
3 statement.Statement [function] [call site] 00097
2 model_signing._signing.sign_sigstore.Signer.sign [function] [call site] 00098
3 sigstore.dsse.Statement.__init__ [function] [call site] 00099
4 <builtin>.isinstance [function] [call site] 00100
4 pydantic.BaseModel.model_validate_json [function] [call site] 00101
4 pydantic.BaseModel.model_dump_json [function] [call site] 00102
3 google.protobuf.json_format.MessageToJson [function] [call site] 00103
3 model_signing._signing.sign_sigstore.Signer._get_identity_token [function] [call site] 00104
4 sigstore.oidc.IdentityToken.__init__ [function] [call site] 00105
5 jwt.decode [function] [call site] 00106
5 sigstore.oidc.IdentityToken.in_validity_period [function] [call site] 00107
6 datetime.datetime.now [function] [call site] 00108
5 _KNOWN_OIDC_ISSUERS.get [function] [call site] 00109
5 <builtin>.str [function] [call site] 00110
5 <builtin>.str [function] [call site] 00111
5 <builtin>.isinstance [function] [call site] 00112
5 federated_claims.get [function] [call site] 00113
5 <builtin>.isinstance [function] [call site] 00114
4 sigstore.oidc.detect_credential [function] [call site] 00115
5 id.detect_credential [function] [call site] 00116
5 typing.cast [function] [call site] 00117
5 sigstore.oidc.IdentityError.raise_from_id [function] [call site] 00118
4 sigstore.oidc.IdentityToken.__init__ [function] [call site] 00119
4 sigstore.oidc.Issuer.identity_token [function] [call site] 00120
5 sigstore._internal.oidc.oauth._OAuthFlow.__init__ [function] [call site] 00121
6 sigstore._internal.oidc.oauth._OAuthRedirectServer.__init__ [function] [call site] 00122
7 <builtin>.super [function] [call site] 00123
7 sigstore._internal.oidc.oauth._OAuthSession.__init__ [function] [call site] 00124
8 uuid.uuid4 [function] [call site] 00125
8 <builtin>.str [function] [call site] 00126
8 uuid.uuid4 [function] [call site] 00127
8 <builtin>.str [function] [call site] 00128
8 typing.NewType [function] [call site] 00129
8 os.urandom [function] [call site] 00130
8 base64.urlsafe_b64encode [function] [call site] 00131
6 threading.Thread [function] [call site] 00132
5 webbrowser.open [function] [call site] 00133
5 <builtin>.print [function] [call site] 00134
5 server.enable_oob [function] [call site] 00135
5 <builtin>.print [function] [call site] 00136
5 server.is_oob [function] [call site] 00137
5 time.sleep [function] [call site] 00138
5 server.auth_response.get [function] [call site] 00139
5 <builtin>.input [function] [call site] 00140
5 logging.debug [function] [call site] 00141
5 resp.raise_for_status [function] [call site] 00142
5 resp.json [function] [call site] 00143
5 token_json.get [function] [call site] 00144
5 sigstore.oidc.IdentityToken.__init__ [function] [call site] 00145
3 signer.sign_dsse [function] [call site] 00146
3 model_signing._signing.sign_sigstore.Signature.__init__ [function] [call site] 00147
2 model_signing._signing.sign_pkcs11.Signer.sign [function] [call site] 00148
3 google.protobuf.json_format.MessageToJson [function] [call site] 00149
3 ec_key.get_ec_key_hash [function] [call site] 00150
3 model_signing._signing.sign_sigstore_pb.pae [function] [call site] 00151
4 <builtin>.len [function] [call site] 00152
4 <builtin>.len [function] [call site] 00153
3 hash.update [function] [call site] 00154
3 hash.finalize [function] [call site] 00155
3 PyKCS11.Mechanism [function] [call site] 00156
3 asn1crypto.algos.DSASignature.from_p1363 [function] [call site] 00157
3 base64.b64encode [function] [call site] 00158
3 sigstore_models.intoto.Signature [function] [call site] 00159
3 sigstore_models.intoto.Envelope [function] [call site] 00160
3 base64.b64encode [function] [call site] 00161
3 model_signing._signing.sign_sigstore_pb.Signature.__init__ [function] [call site] 00162
3 sigstore_models.bundle.v1.Bundle [function] [call site] 00163
3 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material [function] [call site] 00164
4 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material._to_protobuf_certificate [function] [call site] 00165
5 sigstore_models.common.v1.X509Certificate [function] [call site] 00166
5 certificate.public_bytes [function] [call site] 00167
4 chain.extend [function] [call site] 00168
4 model_signing._signing.sign_pkcs11.CertSigner._get_verification_material._to_protobuf_certificate [function] [call site] 00169
4 sigstore_models.bundle.v1.VerificationMaterial [function] [call site] 00170
4 sigstore_models.common.v1.X509CertificateChain [function] [call site] 00171
2 pathlib.Path [function] [call site] 00172
2 model_signing._signing.sign_sigstore.Signature.write [function] [call site] 00173
3 path.write_text [function] [call site] 00174
2 model_signing._signing.sign_sigstore_pb.Signature.write [function] [call site] 00175
3 path.write_text [function] [call site] 00176
1 os.path.join [function] [call site] 00177
1 <builtin>.open [function] [call site] 00178
1 f.write [function] [call site] 00179
1 model_signing.verifying.Config [function] [call site] 00180
1 vcfg.set_hashing_config [function] [call site] 00181
1 vcfg.use_elliptic_key_verifier [function] [call site] 00182
1 verifier.verify [function] [call site] 00183