Skip to content

[VRP] Untrusted fuzzer UI#5329

Open
PauloVLB wants to merge 1 commit into
masterfrom
vrp-untrusted-fuzzer-ui
Open

[VRP] Untrusted fuzzer UI#5329
PauloVLB wants to merge 1 commit into
masterfrom
vrp-untrusted-fuzzer-ui

Conversation

@PauloVLB

@PauloVLB PauloVLB commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator

Problem

We need a way to identify fuzzers that are "untrusted" (e.g., external fuzzers provided by VRP researchers) so we can apply different security policies to them (like restricting where they can run). Currently, there is no field in the UI or Datastore to mark a fuzzer as untrusted.

Proposed Solution

Add an untrusted boolean field to the Fuzzer model in Datastore and expose it as a simple checkbox in the Fuzzer management UI. This allows admins to easily mark specific fuzzers as untrusted.

UI Change

image

Trying to upload a untrusted fuzzer for a non-linux job gives an error:

image

Testing

Validated by deploying to dev and verifying that the checkbox state is correctly persisted to and loaded from Datastore.

Validation

I have uploaded a fuzzer with untrusted set to true; here is a screenshot.

image

@PauloVLB
PauloVLB force-pushed the vrp-untrusted-fuzzer-ui branch from 37f5d31 to 8d2a70a Compare June 17, 2026 16:05
@PauloVLB PauloVLB changed the title Vrp untrusted fuzzer UI [VRP] Untrusted fuzzer UI Jun 17, 2026
@PauloVLB
PauloVLB force-pushed the vrp-untrusted-fuzzer-ui branch 2 times, most recently from 6deb047 to 7feb0e9 Compare July 15, 2026 19:42
@PauloVLB
PauloVLB force-pushed the vrp-untrusted-fuzzer-ui branch from 7feb0e9 to ec90403 Compare July 16, 2026 16:04
@PauloVLB
PauloVLB marked this pull request as ready for review July 16, 2026 23:10
@PauloVLB
PauloVLB requested a review from a team as a code owner July 16, 2026 23:10

@letitz letitz left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for sending this! Overall I think we should invert the trusted/untrusted bit to make trust explicit instead of implicit, and default to safety in the absence of an explicit trust signal.

Comment on lines +216 to +221
if not job:
raise helpers.EarlyExitError(f'Job {job_name} not found.', 400)
if job.platform.lower() != 'linux':
raise helpers.EarlyExitError(
f'Untrusted fuzzers can only be run on Linux jobs. '
f'Job "{job_name}" has platform "{job.platform}".', 400)

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a similar check for untrusted testcases:

if (not trusted_agreement_signed and utils.is_chromium() and
task_utils.is_remotely_executing_utasks() and
((platform_id and platform_id != 'Linux') or
job.platform.lower() != 'linux')):
# Trusted agreement was not signed even though the job has privileges and
# there are other jobs that don't have privileges.
raise helpers.EarlyExitError(
'Sign the trusted job statement or upload to a trusted job.', 400)

We should factor the check out into a single method somewhere to ensure there is no accidental divergence in behavior as the code evolves:

def check_job_supports_untrusted_workloads(job_name: str) -> None:
  """Checks that the named job can run untrusted testcases or fuzzers.
  
  Raises:
    ValueError: if the job can run on privileged bots and should never run
      an untrusted workload.
  """
  if not ...:
    raise ValueError(f'Job "{job_name}" does not support running untrusted workloads. $reason")

Structuring it with an exception allows this helper to define the error message to show to users, which can evolve over time as the condition changes (maybe one day we won't support untrusted execution on all linux jobs, or maybe we'll support it for windows jobs etc.).

<paper-checkbox checked="{{fuzzer.external_contribution}}">External contribution</paper-checkbox>
</div>
<div class="inline narrow">
<paper-checkbox checked="{{fuzzer.untrusted}}">Untrusted</paper-checkbox>

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should default to safe behavior: if someone forgets to check the box, we should be conservative and assume the fuzzer is not trusted. Let's invert the meaning of the box to "trusted" instead.

Comment on lines 353 to 354
# Does it run un-trusted content ? Examples including running live sites.
untrusted_content = ndb.BooleanProperty(default=False)

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is interesting! Have you looked into what this does?

untrusted_content = ndb.BooleanProperty(default=False)

# Is this fuzzer untrusted? (VRP support)
untrusted = ndb.BooleanProperty(default=False)

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same deal here, let's default to safe behavior and assume jobs are untrusted if not specifically told otherwise. Let's invert this boolean to "trusted" (default false) just like for Testcase:

trusted = ndb.BooleanProperty(default=False)

We can run a migration script to set the property to true for all existing fuzzers in the database.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants