Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
oss-fuzz/projects/urllib3
History
Sean Gilligan 78485cb8cc
Updating how urllib3 is called to improve reachability (#11161) 
Recent PR #11120 was successful in improving the runtime coverage, but
changed how we call urllib3 no longer creating a `PoolManager` object,
This removed a lot of code from the reachability analysis (introspector
seems to struggle with urllib3s package structure).

This change reads the `PoolManager` returning this reachability.

This change also changes how `parse_url` is called. There's an issue
with the introspector (PyCG more specifically) not mapping
`urllib3.util.parse_url` correctly, but does map
`urllib3.util.url.parse_url`. When I change to
`urllib3.util.url.parse_url` and run PyCG I get a full callgraph from
this method.

**Before**
```
Call tree
.........fuzz_urlparse.TestOneInput / -1
  atheris.FuzzedDataProvider .........fuzz_urlparse 22
  fdp.ConsumeUnicode .........fuzz_urlparse 23
  urllib3.util.parse_url .........fuzz_urlparse 28
```

**After**
```
..................projects.urllib3.fuzz_urlparse.TestOneInput / -1
  atheris.FuzzedDataProvider ..................projects.urllib3.fuzz_urlparse 22
  fdp.ConsumeUnicode ..................projects.urllib3.fuzz_urlparse 23
  urllib3.util.url.parse_url ..................projects.urllib3.fuzz_urlparse 28
    _SCHEME_RE.search urllib3.util.url 402
    _URI_RE.match urllib3.util.url 416
    scheme.lower urllib3.util.url 417
...
```
 		2023-10-30 21:16:05 +00:00
..
Dockerfile
build.sh
fuzz_requests.py
fuzz_urlparse.py
project.yaml