Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Aggregate all string literals during instrumentation #48

Open
disconnect3d opened this issue Nov 4, 2022 · 1 comment
Open

Aggregate all string literals during instrumentation #48

disconnect3d opened this issue Nov 4, 2022 · 1 comment
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@disconnect3d
Copy link
Contributor

Hi,

as we discussed yesterday on my talk about fuzzing in Python it may be good if Atheris extracted all string literals to use them later during mutating of an input.

Apparently Atheris currently extract literals that are directly compared with a variable like this: if x == "abc" but it doesn't extract literals that are used in other ways like: if x.startswith("some string".

On the other hand, one downside to extracting all string literals are logging string formatting messages which may not be that useful for fuzzing. But I am not sure how big of a problem that is, and, maybe there should be an option to inspect the extracted strings and influence them.
@jvoisin jvoisin added enhancement New feature or request good first issue Good for newcomers labels Mar 20, 2023
@jvoisin
Copy link
Collaborator

jvoisin commented Jul 4, 2023

Ignoring strings passed to logging.… would ~solve the problem :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jvoisin @disconnect3d