def test_max_length_strategy_without_override(self):
"""Tests max length strategy without override."""
self.mock.randint.return_value = 1337
strategy_pool = set_strategy_pool([strategy.RANDOM_MAX_LENGTH_STRATEGY])
strategy_info = libfuzzer.pick_strategies(strategy_pool, "/path/target",
"/path/corpus", [])
self.assertItemsEqual(["-max_len=1337"], strategy_info.arguments)
def test_max_length_strategy_with_override(self):
"""Tests max length strategy with override."""
strategy_pool = set_strategy_pool(
[strategy.RANDOM_MAX_LENGTH_STRATEGY])
strategy_info = libfuzzer.pick_strategies(strategy_pool,
'/path/target',
'/path/corpus',
['-max_len=100'])
self.assertItemsEqual([], strategy_info.arguments)
def prepare(self, corpus_dir, target_path, _):
"""Prepare for a fuzzing session, by generating options. Returns a
FuzzOptions object.
Args:
corpus_dir: The main corpus directory.
target_path: Path to the target.
build_dir: Path to the build directory.
Returns:
A FuzzOptions object.
"""
arguments = fuzzer.get_arguments(target_path)
strategy_pool = strategy_selection.generate_weighted_strategy_pool(
strategy_list=strategy.LIBFUZZER_STRATEGY_LIST,
use_generator=True,
engine_name=self.name)
strategy_info = libfuzzer.pick_strategies(strategy_pool, target_path,
corpus_dir, arguments)
arguments.extend(strategy_info.arguments)
# Check for seed corpus and add it into corpus directory.
engine_common.unpack_seed_corpus_if_needed(target_path, corpus_dir)
# Pick a few testcases from our corpus to use as the initial corpus.
subset_size = engine_common.random_choice(
engine_common.CORPUS_SUBSET_NUM_TESTCASES)
if (not strategy_info.use_dataflow_tracing
and strategy_pool.do_strategy(strategy.CORPUS_SUBSET_STRATEGY)
and shell.get_directory_file_count(corpus_dir) > subset_size):
# Copy |subset_size| testcases into 'subset' directory.
corpus_subset_dir = self._create_temp_corpus_dir('subset')
libfuzzer.copy_from_corpus(corpus_subset_dir, corpus_dir,
subset_size)
strategy_info.fuzzing_strategies.append(
strategy.CORPUS_SUBSET_STRATEGY.name + '_' + str(subset_size))
strategy_info.additional_corpus_dirs.append(corpus_subset_dir)
else:
strategy_info.additional_corpus_dirs.append(corpus_dir)
# Check dict argument to make sure that it's valid.
dict_path = fuzzer_utils.extract_argument(arguments,
constants.DICT_FLAG,
remove=False)
if dict_path and not os.path.exists(dict_path):
logs.log_error('Invalid dict %s for %s.' %
(dict_path, target_path))
fuzzer_utils.extract_argument(arguments, constants.DICT_FLAG)
# If there's no dict argument, check for %target_binary_name%.dict file.
dict_path = fuzzer_utils.extract_argument(arguments,
constants.DICT_FLAG,
remove=False)
if not dict_path:
dict_path = dictionary_manager.get_default_dictionary_path(
target_path)
if os.path.exists(dict_path):
arguments.append(constants.DICT_FLAG + dict_path)
# If we have a dictionary, correct any items that are not formatted properly
# (e.g. quote items that are missing them).
dictionary_manager.correct_if_needed(dict_path)
strategies = stats.process_strategies(strategy_info.fuzzing_strategies,
name_modifier=lambda x: x)
return LibFuzzerOptions(corpus_dir, arguments, strategies,
strategy_info.additional_corpus_dirs,
strategy_info.extra_env,
strategy_info.use_dataflow_tracing,
strategy_info.is_mutations_run)
