oss-fuzz/projects/pyodbc/fuzz_curs_exec.py

#!/usr/bin/python3
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Fuzzer that targets native code of pyodbc with a fake odbc driver"""
import os
import sys
import atheris
import pyodbc

@atheris.instrument_func
def fuzz_exec(data):
    fdp = atheris.FuzzedDataProvider(data)
    connstr = "DRIVER=FUZZ;"
    s1 = fdp.ConsumeUnicodeNoSurrogates(50)
    if "DRIVER" in s1:
        return
    cstr = connstr + s1
    connection_obj = pyodbc.connect(cstr)
    csr = connection_obj.cursor()
    try:
        csr.execute(fdp.ConsumeUnicodeNoSurrogates(20))
    except Exception as e:
        if "Invalid string or buffer length" in str(e):
            pass
        else:
            raise e
    return 0

@atheris.instrument_func
def TestOneInput(data):
    try:
        return fuzz_exec(data)
    except SystemError:
        return 0


def main():
    # Write the odbcinst.ini file
    dir_path = os.path.dirname(os.path.realpath(__file__))
    with open("/tmp/odbcinst.ini", "w") as f:
        f.write("[FUZZ]\n")
        f.write("Driver=%s/fuzzodbc.so\n"%(dir_path))
    os.environ['ODBCSYSINI'] = '/tmp/'
    
    atheris.instrument_all()
    atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True)
    atheris.Fuzz()


if __name__ == "__main__":
    main()
pyodbc: initial integration (#8347) * pyodbc: initial integration * set up correct types in odbc driver 2022-08-30 09:35:05 +00:00			`#!/usr/bin/python3`
			`# Copyright 2022 Google LLC`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
			`"""Fuzzer that targets native code of pyodbc with a fake odbc driver"""`
			`import os`
			`import sys`
			`import atheris`
			`import pyodbc`

			`@atheris.instrument_func`
			`def fuzz_exec(data):`
			`fdp = atheris.FuzzedDataProvider(data)`
			`connstr = "DRIVER=FUZZ;"`
			`s1 = fdp.ConsumeUnicodeNoSurrogates(50)`
			`if "DRIVER" in s1:`
			`return`
			`cstr = connstr + s1`
			`connection_obj = pyodbc.connect(cstr)`
			`csr = connection_obj.cursor()`
			`try:`
			`csr.execute(fdp.ConsumeUnicodeNoSurrogates(20))`
			`except Exception as e:`
			`if "Invalid string or buffer length" in str(e):`
			`pass`
			`else:`
			`raise e`
			`return 0`

			`@atheris.instrument_func`
			`def TestOneInput(data):`
			`try:`
			`return fuzz_exec(data)`
			`except SystemError:`
			`return 0`


			`def main():`
			`# Write the odbcinst.ini file`
			`dir_path = os.path.dirname(os.path.realpath(__file__))`
pyodbc: write .odbcinst.init file in /tmp/ (#9034) This is in contrast to writing it in /etc/, which the fuzzer does not have permission to in the bots. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51308 Signed-off-by: David Korczynski <david@adalogics.com> Signed-off-by: David Korczynski <david@adalogics.com> 2022-11-22 12:17:05 +00:00			`with open("/tmp/odbcinst.ini", "w") as f:`
pyodbc: initial integration (#8347) * pyodbc: initial integration * set up correct types in odbc driver 2022-08-30 09:35:05 +00:00			`f.write("[FUZZ]\n")`
			`f.write("Driver=%s/fuzzodbc.so\n"%(dir_path))`
pyodbc: write .odbcinst.init file in /tmp/ (#9034) This is in contrast to writing it in /etc/, which the fuzzer does not have permission to in the bots. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51308 Signed-off-by: David Korczynski <david@adalogics.com> Signed-off-by: David Korczynski <david@adalogics.com> 2022-11-22 12:17:05 +00:00			`os.environ['ODBCSYSINI'] = '/tmp/'`
pyodbc: initial integration (#8347) * pyodbc: initial integration * set up correct types in odbc driver 2022-08-30 09:35:05 +00:00
			`atheris.instrument_all()`
			`atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True)`
			`atheris.Fuzz()`


			`if __name__ == "__main__":`
			`main()`