OneFuzz是微软开源的一个自托管的模糊测试服务（Fuzzing-As-A-Service）平台资源-CSDN文库

共1242个文件

txt：263个

cs：223个

rs：221个

版权申诉

开发工具

测试工具

159 浏览量 2023-07-17 10:53:38 上传评论收藏 8.83MB ZIP 举报

资源推荐

资源详情

资源评论

收起资源包目录

OneFuzz 是微软开源的一个自托管的模糊测试服务（Fuzzing-As-A-Service）平台（1242个子文件）

azuredeploy.bicep 7KB

operational-insights.bicep 4KB

storageAccounts.bicep 3KB

feature-flags.bicep 3KB

function.bicep 3KB

function-settings-disabled-apps.bicep 2KB

function-settings.bicep 2KB

autoscale-settings.bicep 2KB

event-grid.bicep 1KB

signalR.bicep 743B

server-farms.bicep 570B

simple.c 2KB

fuzz.c 1KB

bad2.c 1KB

bad1.c 1KB

simple.c 1KB

fuzz.c 1KB

bad.c 1KB

main.c 867B

main.c 847B

fuzz.c 675B

fuzz.c 482B

simple.c 425B

main.c 303B

launching-job.cast 34KB

live-debugging.cast 11KB

bandit.cfg 106B

workspace.code-workspace 248B

ScalesetOperations.cs 42KB

OrmModelsTest.cs 38KB

Model.cs 34KB

Defs.cs 33KB

NodeOperations.cs 28KB

Ado.cs 25KB

VmssOperations.cs 25KB

Extension.cs 23KB

Config.cs 22KB

OrmTest.cs 20KB

JinjaToScribanMigrationTests.cs 19KB

EntityConverter.cs 18KB

JinjaTemplateAdapter.cs 18KB

AutoScale.cs 18KB

Orm.cs 15KB

Containers.cs 15KB

Log.cs 15KB

TestLogTracer.cs 15KB

VmOperations.cs 15KB

NsgOperations.cs 14KB

ReproOperations.cs 14KB

ProxyOperations.cs 14KB

TaskOperations.cs 14KB

WebhookOperations.cs 14KB

AgentEvents.cs 13KB

AgentEventsTests.cs 12KB

IpOperations.cs 12KB

NodeOperationsTestHooks.cs 12KB

ImageReference.cs 12KB

Scheduler.cs 11KB

CustomConverterFactory.cs 11KB

Events.cs 10KB

Enums.cs 10KB

Program.cs 10KB

NotificationOperations.cs 9KB

Tasks.cs 9KB

Storage.cs 9KB

Scaleset.cs 9KB

PoolOperations.cs 9KB

ApiBase.cs 9KB

Requests.cs 9KB

TemplateTests.cs 9KB

PoolTests.cs 9KB

ReproVmssTests.cs 9KB

ContainersTests.cs 8KB

Queue.cs 8KB

GithubIssues.cs 8KB

Program.cs 7KB

AgentRegistrationTests.cs 7KB

Request.cs 7KB

ImageReferenceTests.cs 7KB

RequestsTests.cs 7KB

Proxy.cs 7KB

Events.cs 7KB

TimerRetention.cs 7KB

Pool.cs 7KB

TestContext.cs 7KB

Node.cs 7KB

Creds.cs 7KB

OnefuzzContext.cs 6KB

Tasks.cs 6KB

Responses.cs 6KB

JobsTests.cs 6KB

NotificationsBase.cs 6KB

AgentRegistration.cs 6KB

ServiceConfiguration.cs 6KB

TestScaleset.cs 6KB

NodeTests.cs 6KB

Validated.cs 6KB

Webhooks.cs 6KB

Jobs.cs 6KB

共 1242 条

# Collecting Source Coverage using Analysis Tasks The `generic_analysis` task can be used to perform a user-defined analysis of a target executable for every test input from some storage container. Running an application compiled with [LLVM's source-based code coverage](https://clang.llvm.org/docs/SourceBasedCodeCoverage.html) with each input can be used to generate source based coverage information. This example demonstrates using `generic_analysis` and the LLVM source coverage tools to provide source-based coverage on every input for a job. For more information, see [Custom Analysis Tasks](../../../../docs/custom-analysis.md) * [source-coverage-libfuzzer.py](source-coverage-libfuzzer.py): A wrapper that will launch a standard `libfuzzer basic` job *with* a source-based coverage task. (used below) * [source-coverage.py](source-coverage.py): A wrapper that will launch a new job comprised of a source-based coverage task * [setup](setup): a basic libFuzzer target that builds with and without source coverage enabled * [tools/source-coverage.sh](tools/source-coverage.sh): a script that wraps `llvm-profdata` and `llvm-cov` to perform the source analysis This example generates the following data in the `analysis` container: * inputs/`SHA256_OF_INPUT`.profraw: the "raw" coverage data for each input analyzed * coverage.profdata: The merged coverage data using `llvm-profdata` * coverage.report: The `JSON` report of the merged coverage data provided by `llvm-cov export` * coverage.lcov : The `lcov` report of the merged coverage data provided by `llvm-cov export --format lcov` ``` ❯ # build our libfuzzer ❯ cd setup/ ❯ ls Makefile simple.c ❯ make clang -g3 -fsanitize=fuzzer -fsanitize=address simple.c -o fuzz.exe clang -g3 -fsanitize=fuzzer -fprofile-instr-generate -fcoverage-mapping simple.c -o fuzz-coverage.exe ❯ cd .. ❯ # submit our basic job with an additional analysis task ❯ ./source-coverage-libfuzzer.py setup/ setup/fuzz.exe ./setup/fuzz-coverage.exe coverage-example 1 1 linux-1 ./tools/ INFO:onefuzz:creating libfuzzer from template INFO:onefuzz:creating job (runtime: 24 hours) INFO:onefuzz:created job: 61bc5c7c-d24f-4ebc-9bac-bec8fe040ade INFO:onefuzz:using container: oft-setup-d1100b49a03c5a9483f140cee0676b87 INFO:onefuzz:using container: oft-inputs-6f3b76e7e841532bb7714375f564d483 INFO:onefuzz:using container: oft-crashes-6f3b76e7e841532bb7714375f564d483 INFO:onefuzz:using container: oft-reports-6f3b76e7e841532bb7714375f564d483 INFO:onefuzz:using container: oft-unique-reports-6f3b76e7e841532bb7714375f564d483 INFO:onefuzz:using container: oft-unique-inputs-6f3b76e7e841532bb7714375f564d483 INFO:onefuzz:using container: oft-no-repro-6f3b76e7e841532bb7714375f564d483 INFO:onefuzz:using container: oft-coverage-d1100b49a03c5a9483f140cee0676b87 INFO:onefuzz:using container: oft-regression-reports-06bdcba10b5f5e45bdb38ed924856426 INFO:onefuzz:uploading setup dir `setup/` INFO:onefuzz:creating libfuzzer_regression task INFO:onefuzz:creating libfuzzer task INFO:onefuzz:creating coverage task INFO:onefuzz:creating libfuzzer_crash_report task INFO:onefuzz:done creating tasks INFO:onefuzz:using container: oft-setup-d1100b49a03c5a9483f140cee0676b87 INFO:onefuzz:using container: oft-analysis-6f3b76e7e841532bb7714375f564d483 INFO:onefuzz:using container: oft-inputs-6f3b76e7e841532bb7714375f564d483 INFO:onefuzz:using container: oft-tools-6f3b76e7e841532bb7714375f564d483 INFO:onefuzz:Creating generic_analysis task job:{ "timestamp": null, "job_id": "61bc5c7c-d24f-4ebc-9bac-bec8fe040ade", "state": "init", "config": { "project": "coverage-example", "name": "1", "build": "1", "duration": 24 }, "error": null, "end_time": null, "task_info": null, "user_info": { "application_id": "00000000-0000-0000-0000-000000000000", "object_id": "00000000-0000-0000-0000-000000000000", "upn": "example@contoso.com" } } ❯ # a little while later, check on the status of our job ❯ onefuzz job: 61bc5c7c-d24f-4ebc-9bac-bec8fe040ade project:coverage-example name:1 build:1 tasks: 50e1b076 target:fuzz-coverage.exe state:running type:generic_analysis 63880445 target:fuzz.exe state:stopped type:libfuzzer_regression 77fb6177 target:fuzz.exe state:running type:coverage a8e3338c target:fuzz.exe state:running type:libfuzzer_crash_report aae7ba1b target:fuzz.exe state:running type:libfuzzer_fuzz containers: setup count:4 name:oft-setup-d1100b49a03c5a9483f140cee0676b87 analysis count:14 name:oft-analysis-6f3b76e7e841532bb7714375f564d483 tools count:1 name:oft-tools-6f3b76e7e841532bb7714375f564d483 crashes count:11 name:oft-inputs-6f3b76e7e841532bb7714375f564d483 crashes count:4 name:oft-crashes-6f3b76e7e841532bb7714375f564d483 unique_reports count:3 name:oft-unique-reports-6f3b76e7e841532bb7714375f564d483 regression_reports count:0 name:oft-regression-reports-06bdcba10b5f5e45bdb38ed924856426 coverage count:1 name:oft-coverage-d1100b49a03c5a9483f140cee0676b87 readonly_inputs count:11 name:oft-inputs-6f3b76e7e841532bb7714375f564d483 reports count:4 name:oft-reports-6f3b76e7e841532bb7714375f564d483 no_repro count:0 name:oft-no-repro-6f3b76e7e841532bb7714375f564d483 inputs count:11 name:oft-inputs-6f3b76e7e841532bb7714375f564d483 ❯ # lets check on the results of the analysis thus far ❯ onefuzz containers files list oft-analysis-6f3b76e7e841532bb7714375f564d483 { "files": [ "coverage.lcov", "coverage.profdata", "coverage.report", "inputs/06a7e66b4ddb9d43b9007e20f351c8076a2f5c5c13ec6d683e1307eeee472f7a.profraw", "inputs/075de2b906dbd7066da008cab735bee896370154603579a50122f9b88545bd45.profraw", "inputs/0fc4f9bfb1e6850b77e130904c0d5f8d0bfabe9a658efee7c4c41ad0015bff22.profraw", "inputs/15dab3cc1c78958bc8c6d959cf708c2062e8327d3db873c2629b243c7e1a1759.profraw", "inputs/3ebe1b59762a1c8020c1efe3747dd07f0e30617ed60b4e6a5bee16b6ea421dd0.profraw", "inputs/594e519ae499312b29433b7dd8a97ff068defcba9755b6d5d00e84c524d67b06.profraw", "inputs/75558b9c2275acb05f57066ce1199be864c7affffece0b952edac02e785bbc9f.profraw", "inputs/bc9b8634ef85180578a9b501c901ce394ccd9087096fa4f298e4fc3752e60804.profraw", "inputs/c6b27b6743b120d83d5cc1d37b0f51acddcb69ff544763e7552efb7b575bac38.profraw", "inputs/c8bc644c4ddaaeafdb76142b72577e1f923b6797d87d254025f2fdf2b8225540.profraw", "inputs/e5e1b99e66064d2e9414a37158465eb4fdc1a8120b9fa8e10e9301b5fc25bc98.profraw" ] } ❯ # this parses the report and checks that it's an coverage json report as we expect ❯ 1f containers files get oft-analysis-6f3b76e7e841532bb7714375f564d483 coverage.report | jq .type "llvm.coverage.json.export" ❯ # now let's inspect the merged lcov file ❯ 1f containers files get oft-analysis-6f3b76e7e841532bb7714375f564d483 coverage.lcov |head -n 10 SF:/home/USERNAME/onefuzz/src/cli/examples/llvm-source-coverage/setup/simple.c FN:8,LLVMFuzzerTestOneInput FNDA:6,LLVMFuzzerTestOneInput FNF:1 FNH:1 DA:8,6 DA:9,6 DA:10,6 DA:11,6 DA:12,1 ❯ ```

评论收藏

内容反馈

版权申诉