Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

urllib3: Fuzzer missing from code coverage #9863

Closed
sg3-141-592 opened this issue Mar 5, 2023 · 3 comments
Closed

urllib3: Fuzzer missing from code coverage #9863

sg3-141-592 opened this issue Mar 5, 2023 · 3 comments

Comments

@sg3-141-592
Copy link
Contributor

When reviewing the code coverage for urllib3 the coverage for fuzz_requests.py is missing from the report.

https://storage.googleapis.com/oss-fuzz-introspector/urllib3/inspector-report/20230305/fuzz_report.html

We can see fuzz_requests in the introspector report

image

but fuzz_requests.py isn't in the coverage report, and also the coverage from this fuzzer is missing in the report.
@sg3-141-592 sg3-141-592 changed the title urllib3: Fuzzer missing from project coverage urllib3: Fuzzer missing from code coverage Mar 5, 2023
@DavidKorczynski
Copy link
Collaborator

DavidKorczynski commented Mar 6, 2023
edited
Loading

I think is probably because the fuzzer is having some trouble running, am seeing this issue:

=== Uncaught Python exception: ===
  | MaxRetryError: HTTPConnectionPool(host='localhost', port=8011): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f4687259b80>: Failed to establish a new connection: [Errno 101] Network is unreachable'))
  | Traceback (most recent call last):
  | File "fuzz_requests.py", line 109, in TestOneInput
  | File "urllib3/_request_methods.py", line 118, in request
  | File "urllib3/_request_methods.py", line 217, in request_encode_body
  | File "urllib3/poolmanager.py", line 433, in urlopen
  | File "urllib3/connectionpool.py", line 874, in urlopen
  | File "urllib3/connectionpool.py", line 874, in urlopen
  | File "urllib3/connectionpool.py", line 874, in urlopen
  | File "urllib3/connectionpool.py", line 844, in urlopen
  | File "urllib3/util/retry.py", line 505, in increment
  | MaxRetryError: HTTPConnectionPool(host='localhost', port=8011): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f4687259b80>: Failed to establish a new connection: [Errno 101] Network is unreachable'))

This probably affects such that the fuzzer either failed to generate corpus or was not run in a manner such that atheris was exited proper (sys.exit(0)) which is needed for coverage runs. Note the proper exit will be handled by the infrastructure if the fuzzer does not e.g. throw exceptions on a normal run. Therefore, it's likely the above exception is thrown on the first iteration of TestOneInput.

@sg3-141-592
Copy link
Contributor Author

sg3-141-592 commented Mar 6, 2023
edited
Loading

Thanks for finding this @DavidKorczynski . I'll do some research on where the issue is occurring.

I can run this locally on my Ubuntu 20.04 setup without exception (i.e. infra/helper.py introspector urllib3), so it's likely to be an environment difference I've not accounted for.

I couldn't find the exception you've shared on the introspector reports or this build dashboard https://oss-fuzz-build-logs.storage.googleapis.com/index.html#urllib3. How did you see this exception?

I'd like the see the rest of the logs in-case there's something I'm missing like a port binding issue when starting the test HTTP server.

@DavidKorczynski
Copy link
Collaborator

This was an issue reported by OSS-Fuzz to the list of emails in the project.yaml. Basically, it's reported as a "bug found by the fuzzer" because it breaks the fuzzer execution.

To get experience with the end-to-end OSS-Fuzz approach I think a good approach is to carry out an initial integration of some project where you've reached out the maintainers beforehand to ask if it's okay for you to see potential issues being raised. If the maintainers are happy with this then you can put your email in the project.yaml and see e.g. all logs + issues being raised.

@sg3-141-592 sg3-141-592 mentioned this issue Mar 20, 2023
Merged
jonathanmetzman pushed a commit that referenced this issue Mar 20, 2023
@sg3-141-592
Fixing urllib3 port binding crash (#9958)
ab523fb 
I've managed to recreate the issue that was stopping the `fuzz_requests`
coverage on `urllib3` ( see #9863 )

The issues not visible running introspector locally but can be see in
clusterfuzzlite which is a port binding error. This change randomises
the port that's used and ensures that it can bind to it before fuzzing
starts. Change is tested and demonstrated as working here
[sg3-141-592/urllib3 - ClusterFuzzLite PR
fuzzing](https://github.com/sg3-141-592/urllib3/actions/runs/4466205991/jobs/7844093473?pr=1).

Also I've changed the style of the main block and atheris to be
consistent with the other fuzzers added lately.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DavidKorczynski @sg3-141-592