DavidKorczynski
DavidKorczynski
We should have some test cases for Python calltree extraction to check in the event a regression in PyCG causes the calltree to be wrong.
Currently, analysis is only run if a binary contains a fuzzer entrypoint (`LLVMFuzzerTestOneInput`) and no `main` function. However, this leaves out potential code for analysis, e.g. if there is code...
At the moment it's unclear for someone new to the project how to write an analysis plugin. It would be nice with documentation and a tutorial on how to do...
include configs and logs in the final report This is useful to track, for instance, which functions were discarded from the analysis
There are places in the code that uses `covmap` from the coverage utility directly, without accessing it through some form of API in the `fuzz_cov_load.CoverageProfile` class. This is causing issues...
We currently have some facilities to test fuzz-introspector, including: - Testing local benchmarks: https://github.com/ossf/fuzz-introspector/blob/main/tests/run_simple_tests.sh - Testing OSS-Fuzz integrations by ensuring fuzz-introspector runs to completion for a given project: https://github.com/ossf/fuzz-introspector/blob/main/oss_fuzz_integration/test_projects.sh There...
Some reports are fairly bloated, e.g. showing data about many thousands of functions. This is currently addressed by making a configuration for specifying files to exclude from the report (https://github.com/ossf/fuzz-introspector/issues/116)....
One other extension point we'd like to see is for infrastructure to be able to inject additional info into these reports. e.g. on infra we have information about e.g: -...
In some projects with good coverage but a few red nodes e.g. 1 or 2 consecutive nodes we currently set fuzz blockers to be there. It's a bit misleading in...
such as - insights into code that need not be compiled with sanitizers, e.g. https://blog.envoyproxy.io/a-stroll-down-fuzzer-optimisation-lane-and-why-instrumentation-policies-matter-f0012ec260b3 - excessive logging areas - areas that may be overanalysed, e.g. the fuzzers are spending...