urllib3: Fix fuzz_requests (#14742)

urllib3's `fuzz_requests` has been broken for over a year because it
uses HTTPretty which does not support modern urllib3
gabrielfalcao/HTTPretty#485.

In this PR, I'm replacing HTTPretty with a simple server in a separate
thread, the approach is borrowed from [a httpx
fuzzer](https://github.com/google/oss-fuzz/blob/5b14ead1ed0b85d5a21ce30c993a22d71b415b35/projects/httpx/fuzz_api.py).

Also, I'm adding myself as the primary contact for urllib3 because I'm
its current lead maintainer.

Author: illia-v

projects/urllib3/Dockerfile

@@ -15,7 +15,6 @@
 ################################################################################
 
 FROM gcr.io/oss-fuzz-base/base-builder-python
-RUN pip3 install httpretty
 
 RUN git clone --depth 1 https://github.com/urllib3/urllib3
 

projects/urllib3/fuzz_requests.py

@@ -15,35 +15,51 @@
 # limitations under the License.
 
 import atheris
-import httpretty
+import socket
 import sys
+import threading
+import time
 
 import urllib3
 
 # Setup http mocking
-GLOBAL_RESPONSE_BODY = ""
+GLOBAL_RESPONSE_BODY = b""
 GLOBAL_RESPONSE_CODE = 0
-GLOBAL_CONTENT_TYPE = ""
-
-def request_callback(request, uri, headers):
-    headers['Content-Type'] = GLOBAL_CONTENT_TYPE
-    return [GLOBAL_RESPONSE_CODE, headers, GLOBAL_RESPONSE_BODY]
+GLOBAL_CONTENT_TYPE = b""
+
+
+class ServerThread(threading.Thread):
+    def __init__(self) -> None:
+        self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        self.s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+        self.s.bind(("127.0.0.1", 8001))
+        self.s.listen(1)
+        super().__init__()
+
+    def run(self) -> None:
+        global GLOBAL_RESPONSE_CODE, GLOBAL_CONTENT_TYPE, GLOBAL_RESPONSE_BODY
+        conn, addr = self.s.accept()
+        conn.recv(1024)
+        conn.send(
+            b"HTTP/1.1 %d FOO\r\nContent-Type: %b\r\n\r\n%b"
+            % (GLOBAL_RESPONSE_CODE, GLOBAL_CONTENT_TYPE, GLOBAL_RESPONSE_BODY)
+        )
+        time.sleep(0.005)
+        conn.close()
+        self.s.shutdown(1)
+        self.s.close()
+        time.sleep(0.01)
 
-httpretty.enable(verbose=True, allow_net_connect=False)
-httpretty.register_uri(httpretty.GET, "http://www.test.com", body=request_callback)
-httpretty.register_uri(httpretty.POST, "http://www.test.com", body=request_callback)
-httpretty.register_uri(httpretty.HEAD, "http://www.test.com", body=request_callback)
-httpretty.register_uri(httpretty.PUT, "http://www.test.com", body=request_callback)
 
 REQUEST_METHODS = ["POST", "GET", "HEAD", "PUT"]
 
 def TestOneInput(data):
     fdp = atheris.FuzzedDataProvider(data)
 
     global GLOBAL_RESPONSE_BODY, GLOBAL_RESPONSE_CODE, GLOBAL_CONTENT_TYPE
-    GLOBAL_RESPONSE_BODY = fdp.ConsumeUnicodeNoSurrogates(sys.maxsize)
+    GLOBAL_RESPONSE_BODY = fdp.ConsumeBytes(sys.maxsize)
     GLOBAL_RESPONSE_CODE = fdp.ConsumeIntInRange(200, 599)
-    GLOBAL_CONTENT_TYPE = fdp.ConsumeString(sys.maxsize)
+    GLOBAL_CONTENT_TYPE = fdp.ConsumeBytes(sys.maxsize)
 
     requestType = fdp.PickValueInList(REQUEST_METHODS)
 
@@ -64,9 +80,12 @@ def TestOneInput(data):
     timeout = urllib3.util.Timeout(connect=0.1, read=0.1)
     urllib_pool = urllib3.poolmanager.PoolManager(timeout=timeout)
 
+    t1 = ServerThread()
+    t1.start()
+
     response = urllib_pool.request(
         requestType,
-        "http://www.test.com",
+        "http://localhost:8001/", 
         headers=requestHeaders,
         fields=formData
     )
@@ -75,6 +94,9 @@ def TestOneInput(data):
     response.data
     response.headers
 
+    t1.join()
+
+
 def main():
     atheris.instrument_all()
     atheris.Setup(sys.argv, TestOneInput)

projects/urllib3/project.yaml

@@ -6,6 +6,7 @@ main_repo: https://github.com/urllib3/urllib3
 sanitizers:
 - address
 - undefined
+primary_contact: "illia.volochii@gmail.com"
 vendor_ccs:
 - david@adalogics.com
 - sean@compactcloud.co.uk