Comments (6)
oliverchang
commented on May 1, 2024
@jonathanmetzman can you help answer this?
from clusterfuzzlite.
jonathanmetzman
commented on May 1, 2024
Hi, first of all thanks for all the awesome work you've put into this project really appreciate it.
No problem!
For several of my fuzzers I've created dictionaries and/or have large number of sample files which I obviously would like the fuzzers to take advantage of.
I've looked through the documentation here but was not able to find the answers there so maybe someone here can help me.
Good point we should document this.
Basically you need to put the dictionary/seed corpus (zip containing sample files) next to your fuzzers.
For example: if youre fuzzer is called png_parser_fuzzer, your $OUT directory should look like this:
png_parser_fuzzer
png_parser_fuzzer_seed_corpus.zip
png_parser_fuzzer.dict
from clusterfuzzlite.
AMS21
commented on May 1, 2024
Thanks for the quick response. That's exactly what I was looking for.
Keeping this issue open to track the missing documentation then.
from clusterfuzzlite.
securitykernel
commented on May 1, 2024
This is both already documented in OSS-Fuzz's New project guide > Efficient fuzzing section, which ClusterFuzzLite's docs link to from Build integration > Efficient fuzzing, so I think this issue can be closed. This is probably due to the code base being the same for OSS-Fuzz and CFL in this regard.
To provide a corpus for my_fuzzer, put my_fuzzer_seed_corpus.zip file next to the fuzz target’s binary in $OUT during the build.
...
Put your dict file in $OUT. If the dict filename is the same as your target binary name (i.e. %fuzz_target%.dict), it will be automatically used.
I too, sometimes find it hard to find the right information from the docs due to the similarities between OSS-Fuzz and ClusterFuzzLite, but I don't think this is easy to overcome. For example, searching for dictionary or seed on the CFL docs gives no useful results. Maybe in the efficient fuzzing section, we could change:
To improve your fuzz target ability to find bugs faster, please read this section.
to:
To improve your fuzz target ability to find bugs faster, e.g., by providing a seed corpus or dictionaries, please read this section.
from clusterfuzzlite.
AMS21
commented on May 1, 2024
Good point. I agree
from clusterfuzzlite.
jonathanmetzman
commented on May 1, 2024
I think this info should be more front and center though.
from clusterfuzzlite.
Related Issues (20)
- Gitlab instructions do not just work. HOT 14
- Investigate providing reusable workflows for GitHub users
- build.sh example for go test -fuzz HOT 16
- Failing to build python project HOT 1
- run fuzzers with -jobs (or -workers?) for parallelism HOT 6
- ClusterfuzzLite does not check out submodules HOT 2
- Affordances for "local maxima" in coverage HOT 4
- Requesting addition of AFL++ Fuzzer Engine. HOT 5
- Empty Coverage Reports using ClusterFuzzLite with Prow and GO
- Allow to customize FUZZ_SECONDS option per target HOT 2
- Minimal gitlab configuration is failing to cp to default $OUT HOT 13
- Demo or sample project for Python? HOT 2
- Timeout in pruning job HOT 2
- Possible to continue fuzzing despite errors? HOT 2
- CFLite seems to fail to download the latest builds due to "Bad credentials" HOT 2
- Undefined references to C++ standard library symbols HOT 13
- There doesn't seem to be a way to use the latest docker images (without the "v1" tag) HOT 4
- Mention in docs that OSS-Fuzz has a lot of examples to learn from
- jazzer_driver not available in local infra/helper.py run_fuzzer command HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clusterfuzzlite.