Commit7de1556

committed

Filter out non-bug exceptions using a pre-defined exception list.

This reduces false positive test failures by identifying andgracefully handling exceptions that are explicitly raised by GitPython,thus reducing the false-positive fuzzing test failure rate.

1 parentaf0cd93 commit7de1556Copy full SHA for 7de1556

File tree

3 files changed

+56

-13

lines changed

fuzzing
- fuzz-targets
  - fuzz_submodule.py
- oss-fuzz-scripts
  - build.sh
  - container-environment-bootstrap.sh

3 files changed

+56

-13

lines changed

`‎fuzzing/fuzz-targets/fuzz_submodule.py`

Lines changed: 44 additions & 12 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,16 +1,51 @@`
	`1`	`+# ruff: noqa: E402`
`1`	`2`	`importatheris`
`2`	`3`	`importsys`
`3`	`4`	`importos`
	`5`	`+importtraceback`
`4`	`6`	`importtempfile`
`5`	`7`	`fromconfigparserimportParsingError`
`6`		`-fromutilsimportis_expected_exception_message,get_max_filename_length`
	`8`	`+fromutilsimportget_max_filename_length`
	`9`	`+importre`
	`10`	`+`
	`11`	`+bundle_dir=os.path.dirname(os.path.abspath(__file__))`
`7`	`12`
`8`	`13`	`ifgetattr(sys,"frozen",False)andhasattr(sys,"_MEIPASS"):# pragma: no cover`
`9`		`-path_to_bundled_git_binary=os.path.abspath(os.path.join(os.path.dirname(__file__),"git"))`
`10`		`-os.environ["GIT_PYTHON_GIT_EXECUTABLE"]=path_to_bundled_git_binary`
	`14`	`+bundled_git_binary_path=os.path.join(bundle_dir,"git")`
	`15`	`+os.environ["GIT_PYTHON_GIT_EXECUTABLE"]=bundled_git_binary_path`
`11`	`16`
`12`	`17`	`fromgitimportRepo,GitCommandError,InvalidGitRepositoryError`
`13`	`18`
	`19`	`+`
	`20`	`+defload_exception_list(file_path):`
	`21`	`+"""Load and parse the exception list from a file."""`
	`22`	`+try:`
	`23`	`+withopen(file_path,"r")asfile:`
	`24`	`+lines=file.readlines()`
	`25`	`+exception_list=set()`
	`26`	`+forlineinlines:`
	`27`	`+match=re.match(r"(.+):(\d+):",line)`
	`28`	`+ifmatch:`
	`29`	`+file_path=match.group(1).strip()`
	`30`	`+line_number=int(match.group(2).strip())`
	`31`	`+exception_list.add((file_path,line_number))`
	`32`	`+returnexception_list`
	`33`	`+exceptFileNotFoundError:`
	`34`	`+print("File not found: %s",file_path)`
	`35`	`+returnset()`
	`36`	`+exceptExceptionase:`
	`37`	`+print("Error loading exception list: %s",e)`
	`38`	`+returnset()`
	`39`	`+`
	`40`	`+`
	`41`	`+defcheck_exception_against_list(exception_list,exc_traceback):`
	`42`	`+"""Check if the exception traceback matches any entry in the exception list."""`
	`43`	`+forfilename,lineno,_,_intraceback.extract_tb(exc_traceback):`
	`44`	`+if (filename,lineno)inexception_list:`
	`45`	`+returnTrue`
	`46`	`+returnFalse`
	`47`	`+`
	`48`	`+`
`14`	`49`	`ifnotsys.warnoptions:# pragma: no cover`
`15`	`50`	`# The warnings filter below can be overridden by passing the -W option`
`16`	`51`	# to the Python interpreter command line or setting the `PYTHONWARNINGS` environment variable.
`@@ -89,17 +124,14 @@ def TestOneInput(data):`
`89`	`124`	`BrokenPipeError,`
`90`	`125`	`):`
`91`	`126`	`return-1`
`92`		`-exceptValueErrorase:`
`93`		`-expected_messages= [`
`94`		`-"SHA is empty",`
`95`		`-"Reference at",`
`96`		`-"embedded null byte",`
`97`		`-"This submodule instance does not exist anymore",`
`98`		`-"cmd stdin was empty",`
`99`		`- ]`
`100`		`-ifis_expected_exception_message(e,expected_messages):`
	`127`	`+exceptExceptionase:`
	`128`	`+exc_traceback=e.__traceback__`
	`129`	`+exception_list=load_exception_list(os.path.join(bundle_dir,"explicit-exceptions-list.txt"))`
	`130`	`+ifcheck_exception_against_list(exception_list,exc_traceback):`
	`131`	`+print("Exception matches an entry in the exception list.")`
`101`	`132`	`return-1`
`102`	`133`	`else:`
	`134`	`+print("Exception does not match any entry in the exception list.")`
`103`	`135`	`raisee`
`104`	`136`
`105`	`137`

`‎fuzzing/oss-fuzz-scripts/build.sh`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -15,5 +15,5 @@ find "$SRC" -maxdepth 1 \`
`15`	`15`
`16`	`16`	`# Build fuzzers in $OUT.`
`17`	`17`	`find"$SRC/gitpython/fuzzing" -name'fuzz_*.py' -print0\|while IFS=read -r -d'' fuzz_harness;do`
`18`		`- compile_python_fuzzer"$fuzz_harness" --add-binary="$(command -v git):."`
	`18`	`+ compile_python_fuzzer"$fuzz_harness" --add-binary="$(command -v git):." --add-data="$SRC/explicit-exceptions-list.txt:."`
`19`	`19`	`done`

`‎fuzzing/oss-fuzz-scripts/container-environment-bootstrap.sh`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -91,6 +91,17 @@ create_seed_corpora_zips "$WORK/qa-assets/gitpython/corpora"`
`91`	`91`
`92`	`92`	`prepare_dictionaries_for_fuzz_targets"$WORK/qa-assets/gitpython/dictionaries""$SRC/gitpython/fuzzing"`
`93`	`93`
	`94`	`+pushd"$SRC/gitpython/"`
	`95`	`+# Search for 'raise' and 'assert' statements in Python files within GitPython's 'git/' directory and its submodules,`
	`96`	`+# remove trailing colons, and save to 'explicit-exceptions-list.txt'. This file can then be used by fuzz harnesses to`
	`97`	`+# check exception tracebacks:`
	`98`	`+# If an exception found by the fuzzer originated in a file + line number in explicit-exceptions-list.txt, then it is not a bug.`
	`99`	`+`
	`100`	`+git grep -n --recurse-submodules -e'\braise\b' -e'\bassert\b' --"git/*/.py">"$SRC/explicit-exceptions-list.txt"`
	`101`	`+`
	`102`	`+popd`
	`103`	`+`
	`104`	`+`
`94`	`105`	`# The OSS-Fuzz base image has outdated dependencies by default so we upgrade them below.`
`95`	`106`	`python3 -m pip install --upgrade pip`
`96`	`107`	`# Upgrade to the latest versions known to work at the time the below changes were introduced:`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit7de1556

File tree

3 files changed

3 files changed

`‎fuzzing/fuzz-targets/fuzz_submodule.py`

`‎fuzzing/oss-fuzz-scripts/build.sh`

`‎fuzzing/oss-fuzz-scripts/container-environment-bootstrap.sh`

0 commit comments