fuzz-introspector
fuzz-introspector copied to clipboard
ossf
Fuzz Introspector -- introspect, extend and optimise fuzzers
I'm not sure how stable the web api is going to be but would it make sense to semver it. e.g. Rather than; `curl -L https://introspector.oss-fuzz.com/api/far-reach-but-low-coverage?project=json-c` It'd be something like;...
At the moment the [project-summary endpoint](https://introspector.oss-fuzz.com/api#api-project-summary) provides a per fuzz-harness summary rather than a project wide summary. i.e. it provides reachable cyclomatic complexity/line coverage per fuzz-harness. It would be great...
It would be nice to have direct links to the fuzzer source files on the profile pages -- I think some heuristics will be able to do this and it...
The following function https://storage.googleapis.com/oss-fuzz-coverage/lua/reports/20230827/linux/src/testdir/build/lua-master/source/lstrlib.c.html#L942 is set as uncovered in the project functions overview: https://storage.googleapis.com/oss-fuzz-introspector/lua/inspector-report/20230827/fuzz_report.html#Project-functions-overview
Some projects like `openssl` or `binutils` are hitting the generous timeout of 16hrs on cloud build. This is while `openssl` finishes locally within 6hrs. We may start looking at opportunities...
The return type of function [`std::string CEscape(absl::string_view src);`](https://github.com/abseil/abseil-cpp/blob/8ebad34c3fa54a9ad2f46ca8cab98e75c4f750bf/absl/strings/escaping.h#L90) was incorrect in [the report.](https://storage.googleapis.com/oss-fuzz-introspector/abseil-cpp/inspector-report/20230823/summary.json) It should be `std::string`, but the report records `void`.
We discussed this offline, but it would be very nice to get the function arg names returned in /api/far-reach-but-low-coverage as part of the existing "function-arguments" value.
Ref: https://storage.googleapis.com/oss-fuzz-introspector/tinyxml2/inspector-report/20230728/calltree_view_0.html
I've been analysing some of the situations where the "Reached by Fuzzers" numbers are coming up short, i.e. (https://storage.googleapis.com/oss-fuzz-introspector/croniter/inspector-report/20230709/fuzz_report.html)).  [oss-fuzz : croniter : 2023-07-09](https://[storage.googleapis.com/oss-fuzz-introspector/croniter/inspector-report/20230709/fuzz_report.html] Taking an example `croniter.get_current()`, when...
