def test_fuzz_no_crash(self):
"""Test fuzzing (no crash)."""
_, corpus_path = setup_testcase_and_corpus('empty', 'corpus')
engine_impl = engine.HonggfuzzEngine()
target_path = engine_common.find_fuzzer_path(DATA_DIR, 'test_fuzzer')
options = engine_impl.prepare(corpus_path, target_path, DATA_DIR)
results = engine_impl.fuzz(target_path, options, TEMP_DIR, 10)
self.assertListEqual([
os.path.join(DATA_DIR, 'honggfuzz'),
'-n',
'1',
'--exit_upon_crash',
'-v',
'-z',
'-P',
'-S',
'--rlimit_rss',
'2560',
'--timeout',
'25',
'--dict',
os.path.join(DATA_DIR, 'test_fuzzer.dict'),
'--input',
os.path.join(TEMP_DIR, 'corpus'),
'--workspace',
TEMP_DIR,
'--run_time',
'10',
'--',
target_path,
], results.command)
self.assertGreater(len(os.listdir(corpus_path)), 0)
self.assert_has_stats(results)
def test_reproduce(self):
"""Tests reproducing a crash."""
testcase_path, _ = setup_testcase_and_corpus('crash', 'empty_corpus')
engine_impl = engine.HonggfuzzEngine()
target_path = engine_common.find_fuzzer_path(DATA_DIR, 'test_fuzzer')
result = engine_impl.reproduce(target_path, testcase_path, [], 65)
self.assertListEqual([target_path], result.command)
self.assertIn('ERROR: AddressSanitizer: heap-use-after-free', result.output)
def test_fuzz_crash(self):
"""Test fuzzing that results in a crash."""
_, corpus_path = setup_testcase_and_corpus("empty", "corpus")
engine_impl = engine.HonggfuzzEngine()
target_path = engine_common.find_fuzzer_path(DATA_DIR,
"always_crash_fuzzer")
options = engine_impl.prepare(corpus_path, target_path, DATA_DIR)
results = engine_impl.fuzz(target_path, options, TEMP_DIR, 10)
self.assertListEqual(
[
os.path.join(DATA_DIR, "honggfuzz"),
"-n",
"1",
"--exit_upon_crash",
"-v",
"-z",
"-P",
"-S",
"--rlimit_rss",
"2560",
"--timeout",
"25",
"--input",
os.path.join(TEMP_DIR, "corpus"),
"--workspace",
TEMP_DIR,
"--run_time",
"10",
"--",
target_path,
],
results.command,
)
self.assertIn("Seen a crash. Terminating all fuzzing threads",
results.logs)
self.assertEqual(1, len(results.crashes))
crash = results.crashes[0]
self.assertEqual(TEMP_DIR, os.path.dirname(crash.input_path))
self.assertIn("ERROR: AddressSanitizer: heap-use-after-free",
crash.stacktrace)
with open(crash.input_path) as f:
self.assertEqual("A", f.read()[0])
self.assert_has_stats(results)
def test_fuzz_crash(self):
"""Test fuzzing that results in a crash."""
_, corpus_path = setup_testcase_and_corpus('empty', 'corpus')
engine_impl = engine.HonggfuzzEngine()
target_path = engine_common.find_fuzzer_path(DATA_DIR,
'always_crash_fuzzer')
options = engine_impl.prepare(corpus_path, target_path, DATA_DIR)
results = engine_impl.fuzz(target_path, options, TEMP_DIR, 10)
self.assertListEqual([
os.path.join(DATA_DIR, 'honggfuzz'),
'-n',
'1',
'--exit_upon_crash',
'-v',
'-z',
'-P',
'-S',
'--rlimit_rss',
'2560',
'--timeout',
'25',
'--input',
os.path.join(TEMP_DIR, 'corpus'),
'--workspace',
TEMP_DIR,
'--run_time',
'10',
'--',
target_path,
], results.command)
self.assertIn('Seen a crash. Terminating all fuzzing threads',
results.logs)
self.assertEqual(1, len(results.crashes))
crash = results.crashes[0]
self.assertEqual(TEMP_DIR, os.path.dirname(crash.input_path))
self.assertIn('ERROR: AddressSanitizer: heap-use-after-free',
crash.stacktrace)
with open(crash.input_path) as f:
self.assertEqual('A', f.read()[0])
self.assert_has_stats(results)
def test_fuzz_no_crash(self):
"""Test fuzzing (no crash)."""
_, corpus_path = setup_testcase_and_corpus("empty", "corpus")
engine_impl = engine.HonggfuzzEngine()
target_path = engine_common.find_fuzzer_path(DATA_DIR, "test_fuzzer")
options = engine_impl.prepare(corpus_path, target_path, DATA_DIR)
results = engine_impl.fuzz(target_path, options, TEMP_DIR, 10)
self.assertListEqual(
[
os.path.join(DATA_DIR, "honggfuzz"),
"-n",
"1",
"--exit_upon_crash",
"-v",
"-z",
"-P",
"-S",
"--rlimit_rss",
"2560",
"--timeout",
"25",
"--dict",
os.path.join(DATA_DIR, "test_fuzzer.dict"),
"--input",
os.path.join(TEMP_DIR, "corpus"),
"--workspace",
TEMP_DIR,
"--run_time",
"10",
"--",
target_path,
],
results.command,
)
self.assertGreater(len(os.listdir(corpus_path)), 0)
self.assert_has_stats(results)