fuzz-introspector
fuzz-introspector copied to clipboard
ossf
Fuzz Introspector -- introspect, extend and optimise fuzzers
The reports for the OSS-Fuzz projects where the introspector successfully runs are now public at: https://oss-fuzz-introspector.storage.googleapis.com/ We should go and evaluate these to ensure their quality, before we make them...
One of the main things I have in mind here is that it would be nice to re-run some of the fuzz-introspector analysis by way of the interface, without having...
When we use the fuzz-introspector on projects with a lot of functions, e.g. OpenSSL, then the resulting HTML report is huge. We should refactor the HTML report so this won't...
The README does not tell how this is to be used with a project and instead points to a build_all script, which then needs to be further analyzed how it...
The ordering in the calltree depends on the location at which each node is in the source code. This makes it convenient to keep a pattern that follows the source-code...
Add feature for displaying bugs in the calltree - i.e. bugs that have been found by a given fuzzer over time. This could be mixed with with https://osv.dev/ integration where...
Fuzz-introspector has issues with large projects on OSS-Fuzz and Git is an example of this. When running fuzz-introspector on Git there are two issues: 1) The initial compiling of fuzzers...
One of the project examples in the repository is dng_sdk (https://android.googlesource.com/platform/external/dng_sdk/+/refs/heads/master/) dng_sdk is a C++ library and the current reachability extraction is sub-optimal on this example. An example is that...
libFuzzer has the ability to prioritise fuzzing of certain functions. We should use the data from the reachability and coverage analysis to feed information back to the fuzzer about nice-to-analyse...