Adding spyder-kernels files to OSS-Fuzz

projects/spyder-kernels/Dockerfile

@@ -0,0 +1,55 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Use the base image for OSS-Fuzz with Python
+FROM gcr.io/oss-fuzz-base/base-builder-python
+
+# Install necessary system dependencies
+RUN apt-get update && apt-get install -y \
+ python3.8 \
+ python3.8-venv \
+ python3.8-dev \
+ libgl1-mesa-glx \
+ libxcb-xinerama0 \
+ libxkbcommon-x11-0 \
+ libx11-xcb1 \
+ libxcb1 \
+ libx11-dev \
+ libglib2.0-0 \
+ libsm6 \
+ libxrender1 \
+ libfontconfig1 \
+ && rm -rf /var/lib/apt/lists/*
+
+# Set up a virtual environment
+RUN python3.8 -m venv /spyder-kernels-env
+
+# Activate the virtual environment and install dependencies
+RUN /spyder-kernels-env/bin/pip install --upgrade pip && \
+ /spyder-kernels-env/bin/pip install spyder-kernels atheris
+
+# Set the environment variables to use the virtual environment
+ENV PATH="/spyder-kernels-env/bin:$PATH"
+
+# Add the current directory to the Docker image and set it as the working directory
+ADD . /workspace
+WORKDIR /workspace
+
+# Copy the fuzzing target script to the container
+COPY model_fuzzer.py /workspace/model_fuzzer.py
+
+# Set the default command to run the fuzzer in the virtual environment
+CMD ["python", "model_fuzzer.py"]

projects/spyder-kernels/build.sh

@@ -0,0 +1,40 @@
+#!/bin/bash -eu
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Activate the virtual environment
+source /spyder-env/bin/activate
+
+# Install the project dependencies
+pip install spyder-kernels atheris
+
+# Build fuzzers into $OUT
+for fuzzer in $(find $SRC -name '*_fuzzer.py'); do
+ fuzzer_basename=$(basename -s .py $fuzzer)
+ fuzzer_package=${fuzzer_basename}.pkg
+
+ # Create a standalone package using pyinstaller
+ pyinstaller --distpath $OUT --onefile --name $fuzzer_package $fuzzer
+
+ # Create execution wrapper
+ echo "#!/bin/sh
+# LLVMFuzzerTestOneInput for fuzzer detection.
+this_dir=\$(dirname \"\$0\")
+LD_PRELOAD=\$this_dir/sanitizer_with_fuzzer.so \
+ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm-symbolizer:detect_leaks=0 \
+\$this_dir/$fuzzer_package \$@" > $OUT/$fuzzer_basename
+ chmod +x $OUT/$fuzzer_basename
+done

projects/spyder-kernels/model_fuzzer.py

@@ -0,0 +1,44 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+import sys
+import atheris
+import json
+from spyder_kernels.console.kernel import SpyderKernel
+
+def fuzzed_spyder_kernel(fuzzer_input):
+ try:
+ # Convert fuzzed input to a string
+ input_str = fuzzer_input.decode('utf-8', errors='ignore')
+
+ # Try to parse it as JSON (simulate an API request or configuration)
+ config = json.loads(input_str)
+
+ # Start Spyder kernel with fuzzed config (this is a simplified example)
+ kernel = SpyderKernel(config=config)
+ kernel.do_start() # Start the kernel
+ kernel.do_shutdown(restart=False) # Shutdown the kernel
+
+ except Exception as e:
+ # Handle exceptions for any issues
+ pass
+
+def main():
+ atheris.Setup(sys.argv, fuzzed_spyder_kernel)
+ atheris.Fuzz()
+
+if __name__ == "__main__":
+ main()

projects/spyder-kernels/project.yaml

@@ -0,0 +1,10 @@
+homepage: 'https://docs.spyder-ide.org/current/index.html'
+language: python
+primary_contact: "[email protected]"
+auto_ccs:
+sanitizers:
+ - address
+ - memory:
+ experimental: True
+ - undefined
+main_repo: 'https://github.com/spyder-ide/spyder-kernels'