fuzz-introspector icon indicating copy to clipboard operation
fuzz-introspector copied to clipboard

Published 20 hours ago verified publisher icon ossf

Python target integration

Open DavidKorczynski opened this issue 2 years ago • 3 comments

Integrate support for Python fuzzing.

Roughly, the steps:

  1. Add a set of test cases such that once these are analysed properly we have basic support for python
  2. Add static analysis part to cover the basic data needed by the post-processing. In this context use a (modified) version of https://github.com/vitsalis/PyCG
  3. Add support for extracting the static data on a project-wide level
  4. Demonstrate basic capabilities of fuzz-introspector excluding runtime coverage information
  5. Add runtime coverage features, using the coverage approach from OSS-Fuzz
  6. Demonstrate full end-to-end features
  7. Cleanup/refactor to ensure datastructures neatly fit the existing fuzz-introspector implementation

DavidKorczynski avatar May 27 '22 09:05 DavidKorczynski

The current state is: Screenshot from 2022-07-29 22-36-48

This is from pyyaml OSS-Fuzz project run by way of https://github.com/ossf/fuzz-introspector/blob/main/oss_fuzz_integration/run_both.sh

DavidKorczynski avatar Jul 29 '22 21:07 DavidKorczynski

Example using it on idna: Screenshot from 2022-10-26 04-54-51

DavidKorczynski avatar Oct 26 '22 03:10 DavidKorczynski

glom:

Screenshot from 2022-10-26 13-14-33

DavidKorczynski avatar Oct 26 '22 12:10 DavidKorczynski

Python is now working in general. Closing this and will make more specific issues for further Python work.

DavidKorczynski avatar Feb 03 '23 14:02 DavidKorczynski