def test_max_length_strategy_without_override(self): """Tests max length strategy without override.""" self.mock.randint.return_value = 1337 strategy_pool = set_strategy_pool([strategy.RANDOM_MAX_LENGTH_STRATEGY]) strategy_info = launcher.pick_strategies(strategy_pool, '/path/target', '/path/corpus', []) self.assertItemsEqual(['-max_len=1337'], strategy_info.arguments)
def test_max_length_strategy_with_override(self): """Tests max length strategy with override.""" strategy_pool = set_strategy_pool( [strategy.RANDOM_MAX_LENGTH_STRATEGY]) strategy_info = launcher.pick_strategies(strategy_pool, '/path/target', '/path/corpus', ['-max_len=100']) self.assertItemsEqual([], strategy_info.arguments)
def prepare(self, corpus_dir, target_path, _): """Prepare for a fuzzing session, by generating options. Returns a FuzzOptions object. Args: corpus_dir: The main corpus directory. target_path: Path to the target. build_dir: Path to the build directory. Returns: A FuzzOptions object. """ arguments = fuzzer.get_arguments(target_path) strategy_pool = strategy_selection.generate_weighted_strategy_pool( strategy_list=strategy.LIBFUZZER_STRATEGY_LIST, use_generator=True, engine_name=self.name) strategy_info = launcher.pick_strategies(strategy_pool, target_path, corpus_dir, arguments) arguments.extend(strategy_info.arguments) # Check for seed corpus and add it into corpus directory. engine_common.unpack_seed_corpus_if_needed(target_path, corpus_dir) # Pick a few testcases from our corpus to use as the initial corpus. subset_size = engine_common.random_choice( engine_common.CORPUS_SUBSET_NUM_TESTCASES) if (not strategy_info.use_dataflow_tracing and strategy_pool.do_strategy(strategy.CORPUS_SUBSET_STRATEGY) and shell.get_directory_file_count(corpus_dir) > subset_size): # Copy |subset_size| testcases into 'subset' directory. corpus_subset_dir = self._create_temp_corpus_dir('subset') launcher.copy_from_corpus(corpus_subset_dir, corpus_dir, subset_size) strategy_info.fuzzing_strategies.append( strategy.CORPUS_SUBSET_STRATEGY.name + '_' + str(subset_size)) strategy_info.additional_corpus_dirs.append(corpus_subset_dir) else: strategy_info.additional_corpus_dirs.append(corpus_dir) # Check dict argument to make sure that it's valid. dict_argument = fuzzer_utils.extract_argument(arguments, constants.DICT_FLAG, remove=False) if dict_argument and not os.path.exists(dict_argument): logs.log_error('Invalid dict %s for %s.' % (dict_argument, target_path)) fuzzer_utils.extract_argument(arguments, constants.DICT_FLAG) # If there's no dict argument, check for %target_binary_name%.dict file. if (not fuzzer_utils.extract_argument( arguments, constants.DICT_FLAG, remove=False)): default_dict_path = dictionary_manager.get_default_dictionary_path( target_path) if os.path.exists(default_dict_path): arguments.append(constants.DICT_FLAG + default_dict_path) return LibFuzzerOptions(corpus_dir, arguments, strategy_info.fuzzing_strategies, strategy_info.additional_corpus_dirs, strategy_info.extra_env, strategy_info.use_dataflow_tracing, strategy_info.is_mutations_run)