def test_basic(self):
"""Test basic fuzzing session."""
session = fuzz_task.FuzzingSession('libFuzzer', 'libfuzzer_asan_test', 60)
session.testcase_directory = os.environ['FUZZ_INPUTS']
session.data_directory = '/data_dir'
os.environ['FUZZ_TARGET'] = 'test_target'
os.environ['APP_REVISION'] = '1'
expected_crashes = [engine.Crash('/input', 'stack', ['args'], 1.0)]
engine_impl = mock.Mock()
engine_impl.name = 'libFuzzer'
engine_impl.prepare.return_value = engine.FuzzOptions(
'/corpus', ['arg'], ['strategy_1', 'strategy_2'])
engine_impl.fuzz.return_value = engine.Result(
'logs', ['cmd'], expected_crashes, {'stat': 1}, 42.0)
crashes, fuzzer_metadata = session.do_engine_fuzzing(engine_impl)
self.assertDictEqual({
'issue_components': 'component1,component2',
'issue_labels': 'label1,label2',
'issue_owners': '*****@*****.**',
}, fuzzer_metadata)
log_time = datetime.datetime(1970, 1, 1, 0, 0)
self.mock.upload_log.assert_called_with(
'Component revisions (build r1):\n'
'component: rev\n\n'
'Return code: 1\n\n'
'Command: cmd\nBot: None\nTime ran: 42.0\n\n'
'logs\n'
'cf::fuzzing_strategies: strategy_1,strategy_2', log_time)
self.mock.upload_testcase.assert_called_with('/input', log_time)
self.assertEqual(1, len(crashes))
self.assertEqual('/input', crashes[0].file_path)
self.assertEqual(1, crashes[0].return_code)
self.assertEqual('stack', crashes[0].unsymbolized_crash_stacktrace)
self.assertEqual(1.0, crashes[0].crash_time)
self.assertListEqual(['test_target', 'args'], crashes[0].arguments)
upload_args = self.mock.upload_stats.call_args[0][0]
testcase_run = upload_args[0]
self.assertDictEqual({
'build_revision': 1,
'command': ['cmd'],
'fuzzer': u'libFuzzer_test_target',
'job': 'libfuzzer_asan_test',
'kind': 'TestcaseRun',
'stat': 1,
'timestamp': 0.0,
}, testcase_run.data)
def prepare(self, corpus_dir, target_path, build_dir): # pylint: disable=unused-argument
"""Prepare for a fuzzing session by generating options.
Though blackbox fuzzers follow the engine interface, they must be launched
in a different manner from most other engine fuzzers. Instead of running a
target directly, these fuzzers tend to be wrapper scripts which generate
test cases and pass them to a binary that is managed by the infrastructure.
Args:
corpus_dir: The main corpus directory.
target_path: Path to the fuzzer script or binary.
build_dir: Path to the build directory.
Returns:
A FuzzOptions object.
"""
return engine.FuzzOptions(corpus_dir, [], {})
def prepare(self, corpus_dir, target_path, build_dir):
"""Prepare for a fuzzing session, by generating options. Returns a
FuzzOptions object.
Args:
corpus_dir: The main corpus directory.
target_path: Path to the target.
build_dir: Path to the build directory.
Returns:
A FuzzOptions object.
"""
arguments = []
dict_path = dictionary_manager.get_default_dictionary_path(target_path)
if os.path.exists(dict_path):
arguments.extend(['--dict', dict_path])
return engine.FuzzOptions(corpus_dir, arguments, {})