ossfuzz
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseOSS-Fuzz
OSS-Fuzz
OSS-Fuzz is an open-source project developed by Google that provides free distributed infrastructure for continuous fuzz testing. It streamlines the fuzzing process and facilitates simpler modifications. While only select projects are accepted into OSS-Fuzz, the project's core is open-source, allowing anyone to host their own instance for private projects.
OSS-Fuzz 是由Google开发的开源项目,为持续模糊测试提供免费的分布式基础设施。它简化了模糊测试流程,便于进行修改。虽然只有部分精选项目能被OSS-Fuzz接纳,但该项目的核心是开源的,任何人都可以为私有项目部署自己的实例。
Overview
概述
OSS-Fuzz provides a simple CLI framework for building and starting harnesses or calculating their coverage. Additionally, OSS-Fuzz can be used as a service that hosts static web pages generated from fuzzing outputs such as coverage information.
OSS-Fuzz提供了一个简单的CLI框架,用于构建和启动harness,或计算它们的覆盖率。此外,OSS-Fuzz还可以作为一项服务,托管由模糊测试输出(如覆盖率信息)生成的静态网页。
Key Concepts
核心概念
| Concept | Description |
|---|---|
| helper.py | CLI script for building images, building fuzzers, and running harnesses locally |
| Base Images | Hierarchical Docker images providing build dependencies and compilers |
| project.yaml | Configuration file defining project metadata for OSS-Fuzz enrollment |
| Dockerfile | Project-specific image with build dependencies |
| build.sh | Script that builds fuzzing harnesses for your project |
| Criticality Score | Metric used by OSS-Fuzz team to evaluate project acceptance |
| 概念 | 描述 |
|---|---|
| helper.py | 用于构建镜像、构建模糊测试器以及在本地运行测试harness的CLI脚本 |
| Base Images | 分层Docker镜像,提供构建依赖和编译器 |
| project.yaml | 定义OSS-Fuzz注册项目元数据的配置文件 |
| Dockerfile | 包含项目构建依赖的项目专属镜像 |
| build.sh | 为你的项目构建模糊测试harness的脚本 |
| Criticality Score | OSS-Fuzz团队用于评估项目是否可被接纳的指标 |
When to Apply
适用场景
Apply this technique when:
- Setting up continuous fuzzing for an open-source project
- Need distributed fuzzing infrastructure without managing servers
- Want coverage reports and bug tracking integrated with fuzzing
- Testing existing OSS-Fuzz harnesses locally
- Reproducing crashes from OSS-Fuzz bug reports
Skip this technique when:
- Project is closed-source (unless hosting your own OSS-Fuzz instance)
- Project doesn't meet OSS-Fuzz's criticality score threshold
- Need proprietary or specialized fuzzing infrastructure
- Fuzzing simple scripts that don't warrant infrastructure
在以下场景中应用该技术:
- 为开源项目搭建持续模糊测试
- 需要分布式模糊测试基础设施但不想管理服务器
- 希望将覆盖率报告和漏洞追踪与模糊测试集成
- 在本地测试现有的OSS-Fuzz harness
- 重现OSS-Fuzz漏洞报告中的崩溃问题
在以下场景中跳过该技术:
- 项目为闭源(除非部署自己的OSS-Fuzz实例)
- 项目未达到OSS-Fuzz的Criticality Score阈值
- 需要专有或特殊的模糊测试基础设施
- 模糊测试简单脚本,无需基础设施支持
Quick Reference
快速参考
| Task | Command |
|---|---|
| Clone OSS-Fuzz | |
| Build project image | |
| Build fuzzers with ASan | |
| Run specific harness | |
| Generate coverage report | |
| Check helper.py options | |
| 任务 | 命令 |
|---|---|
| 克隆OSS-Fuzz | |
| 构建项目镜像 | |
| 使用ASan构建模糊测试器 | |
| 运行指定的harness | |
| 生成覆盖率报告 | |
| 查看helper.py选项 | |
OSS-Fuzz Project Components
OSS-Fuzz项目组件
OSS-Fuzz provides several publicly available tools and web interfaces:
OSS-Fuzz提供了多个公开可用的工具和Web界面:
Bug Tracker
漏洞追踪器
The bug tracker allows you to:
- Check bugs from specific projects (initially visible only to maintainers, later made public)
- Create new issues and comment on existing ones
- Search for similar bugs across all projects to understand issues
Build Status System
构建状态系统
The build status system helps track:
- Build statuses of all included projects
- Date of last successful build
- Build failures and their duration
构建状态系统 有助于追踪:
- 所有纳入项目的构建状态
- 上次成功构建的日期
- 构建失败及其持续时间
Fuzz Introspector
Fuzz Introspector
Fuzz Introspector displays:
- Coverage data for projects enrolled in OSS-Fuzz
- Hit frequency for covered code
- Performance analysis and blocker identification
Read this case study for examples and explanations.
Step-by-Step: Running a Single Harness
分步指南:运行单个Harness
You don't need to host the whole OSS-Fuzz platform to use it. The helper script makes it easy to run individual harnesses locally.
你无需部署整个OSS-Fuzz平台即可使用它。helper脚本可帮助你轻松在本地运行单个harness。
Step 1: Clone OSS-Fuzz
步骤1:克隆OSS-Fuzz
bash
git clone https://github.com/google/oss-fuzz
cd oss-fuzz
python3 infra/helper.py --helpbash
git clone https://github.com/google/oss-fuzz
cd oss-fuzz
python3 infra/helper.py --helpStep 2: Build Project Image
步骤2:构建项目镜像
bash
python3 infra/helper.py build_image --pull <project-name>This downloads and builds the base Docker image for the project.
bash
python3 infra/helper.py build_image --pull <project-name>此命令会下载并构建该项目的基础Docker镜像。
Step 3: Build Fuzzers with Sanitizers
步骤3:使用Sanitizer构建模糊测试器
bash
python3 infra/helper.py build_fuzzers --sanitizer=address <project-name>Sanitizer options:
- for AddressSanitizer with LeakSanitizer
--sanitizer=address - Other sanitizers available (language support varies)
Note: Fuzzers are built to containing the harness executables, dictionaries, corpus, and crash files.
/build/out/<project-name>/bash
python3 infra/helper.py build_fuzzers --sanitizer=address <project-name>Sanitizer选项:
- 用于搭配LeakSanitizer的AddressSanitizer
--sanitizer=address - 还支持其他sanitizer(语言支持情况有所不同)
注意: 模糊测试器会被构建到目录下,包含harness可执行文件、字典、语料库和崩溃文件。
/build/out/<project-name>/Step 4: Run the Fuzzer
步骤4:运行模糊测试器
bash
python3 infra/helper.py run_fuzzer <project-name> <harness-name> [<fuzzer-args>]The helper script automatically runs any missed steps if you skip them.
bash
python3 infra/helper.py run_fuzzer <project-name> <harness-name> [<fuzzer-args>]如果你跳过某些步骤,helper脚本会自动运行遗漏的步骤。
Step 5: Coverage Analysis (Optional)
步骤5:覆盖率分析(可选)
First, install gsutil (skip gcloud initialization).
bash
python3 infra/helper.py build_fuzzers --sanitizer=coverage <project-name>
python3 infra/helper.py coverage <project-name>Use to use only local corpus. The command generates and hosts a coverage report locally.
--no-corpus-downloadSee official OSS-Fuzz documentation for details.
首先,安装gsutil(跳过gcloud初始化)。
bash
python3 infra/helper.py build_fuzzers --sanitizer=coverage <project-name>
python3 infra/helper.py coverage <project-name>使用仅使用本地语料库。该命令会在本地生成并托管覆盖率报告。
--no-corpus-download详情请参阅OSS-Fuzz官方文档。
Common Patterns
常见模式
Pattern: Running irssi Example
模式:运行irssi示例
Use Case: Testing OSS-Fuzz setup with a simple enrolled project
bash
undefined使用场景: 通过一个简单的已注册项目测试OSS-Fuzz设置
bash
undefinedClone and navigate to OSS-Fuzz
克隆并进入OSS-Fuzz目录
git clone https://github.com/google/oss-fuzz
cd oss-fuzz
git clone https://github.com/google/oss-fuzz
cd oss-fuzz
Build and run irssi fuzzer
构建并运行irssi模糊测试器
python3 infra/helper.py build_image --pull irssi
python3 infra/helper.py build_fuzzers --sanitizer=address irssi
python3 infra/helper.py run_fuzzer irssi irssi-fuzz
**Expected Output:**INFO:main:Running: docker run --rm --privileged --shm-size=2g --platform linux/amd64 -i -e FUZZING_ENGINE=libfuzzer -e SANITIZER=address -e RUN_FUZZER_MODE=interactive -e HELPER=True -v /private/tmp/oss-fuzz/build/out/irssi:/out -t gcr.io/oss-fuzz-base/base-runner run_fuzzer irssi-fuzz.
Using seed corpus: irssi-fuzz_seed_corpus.zip
/out/irssi-fuzz -rss_limit_mb=2560 -timeout=25 /tmp/irssi-fuzz_corpus -max_len=2048 < /dev/null
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1531341664
INFO: Loaded 1 modules (95687 inline 8-bit counters): 95687 [0x1096c80, 0x10ae247),
INFO: Loaded 1 PC tables (95687 PCs): 95687 [0x10ae248,0x1223eb8),
INFO: 719 files found in /tmp/irssi-fuzz_corpus
INFO: seed corpus: files: 719 min: 1b max: 170106b total: 367969b rss: 48Mb
#720 INITED cov: 409 ft: 1738 corp: 640/163Kb exec/s: 0 rss: 62Mb
#762 REDUCE cov: 409 ft: 1738 corp: 640/163Kb lim: 2048 exec/s: 0 rss: 63Mb L: 236/2048 MS: 2 ShuffleBytes-EraseBytes-
undefinedpython3 infra/helper.py build_image --pull irssi
python3 infra/helper.py build_fuzzers --sanitizer=address irssi
python3 infra/helper.py run_fuzzer irssi irssi-fuzz
**预期输出:**INFO:main:Running: docker run --rm --privileged --shm-size=2g --platform linux/amd64 -i -e FUZZING_ENGINE=libfuzzer -e SANITIZER=address -e RUN_FUZZER_MODE=interactive -e HELPER=True -v /private/tmp/oss-fuzz/build/out/irssi:/out -t gcr.io/oss-fuzz-base/base-runner run_fuzzer irssi-fuzz.
Using seed corpus: irssi-fuzz_seed_corpus.zip
/out/irssi-fuzz -rss_limit_mb=2560 -timeout=25 /tmp/irssi-fuzz_corpus -max_len=2048 < /dev/null
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1531341664
INFO: Loaded 1 modules (95687 inline 8-bit counters): 95687 [0x1096c80, 0x10ae247),
INFO: Loaded 1 PC tables (95687 PCs): 95687 [0x10ae248,0x1223eb8),
INFO: 719 files found in /tmp/irssi-fuzz_corpus
INFO: seed corpus: files: 719 min: 1b max: 170106b total: 367969b rss: 48Mb
#720 INITED cov: 409 ft: 1738 corp: 640/163Kb exec/s: 0 rss: 62Mb
#762 REDUCE cov: 409 ft: 1738 corp: 640/163Kb lim: 2048 exec/s: 0 rss: 63Mb L: 236/2048 MS: 2 ShuffleBytes-EraseBytes-
undefinedPattern: Enrolling a New Project
模式:注册新项目
Use Case: Adding your project to OSS-Fuzz (or private instance)
Create three files in :
projects/<your-project>/1. project.yaml - Project metadata:
yaml
homepage: "https://github.com/yourorg/yourproject"
language: c++
primary_contact: "your-email@example.com"
main_repo: "https://github.com/yourorg/yourproject"
fuzzing_engines:
- libfuzzer
sanitizers:
- address
- undefined2. Dockerfile - Build dependencies:
dockerfile
FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y \
autoconf \
automake \
libtool \
pkg-config
RUN git clone --depth 1 https://github.com/yourorg/yourproject
WORKDIR yourproject
COPY build.sh $SRC/3. build.sh - Build harnesses:
bash
#!/bin/bash -eu
./autogen.sh
./configure --disable-shared
make -j$(nproc)使用场景: 将你的项目添加到OSS-Fuzz(或私有实例)
在目录下创建三个文件:
projects/<your-project>/1. project.yaml - 项目元数据:
yaml
homepage: "https://github.com/yourorg/yourproject"
language: c++
primary_contact: "your-email@example.com"
main_repo: "https://github.com/yourorg/yourproject"
fuzzing_engines:
- libfuzzer
sanitizers:
- address
- undefined2. Dockerfile - 构建依赖:
dockerfile
FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y \
autoconf \
automake \
libtool \
pkg-config
RUN git clone --depth 1 https://github.com/yourorg/yourproject
WORKDIR yourproject
COPY build.sh $SRC/3. build.sh - 构建harness:
bash
#!/bin/bash -eu
./autogen.sh
./configure --disable-shared
make -j$(nproc)Build harnesses
构建harness
$CXX $CXXFLAGS -std=c++11 -I.
$SRC/yourproject/fuzz/harness.cc -o $OUT/harness
$LIB_FUZZING_ENGINE ./libyourproject.a
$SRC/yourproject/fuzz/harness.cc -o $OUT/harness
$LIB_FUZZING_ENGINE ./libyourproject.a
$CXX $CXXFLAGS -std=c++11 -I.
$SRC/yourproject/fuzz/harness.cc -o $OUT/harness
$LIB_FUZZING_ENGINE ./libyourproject.a
$SRC/yourproject/fuzz/harness.cc -o $OUT/harness
$LIB_FUZZING_ENGINE ./libyourproject.a
Copy corpus and dictionary if available
复制语料库和字典(如果有)
cp $SRC/yourproject/fuzz/corpus.zip $OUT/harness_seed_corpus.zip
cp $SRC/yourproject/fuzz/dictionary.dict $OUT/harness.dict
undefinedcp $SRC/yourproject/fuzz/corpus.zip $OUT/harness_seed_corpus.zip
cp $SRC/yourproject/fuzz/dictionary.dict $OUT/harness.dict
undefinedDocker Images in OSS-Fuzz
OSS-Fuzz中的Docker镜像
Harnesses are built and executed in Docker containers. All projects share a runner image, but each project has its own build image.
Harness在Docker容器中构建和执行。所有项目共享一个运行器镜像,但每个项目都有自己的构建镜像。
Image Hierarchy
镜像层级
Images build on each other in this sequence:
- base_image - Specific Ubuntu version
- base_clang - Clang compiler; based on
base_image - base_builder - Build dependencies; based on
base_clang- Language-specific variants: , etc.
base_builder_go - See /oss-fuzz/infra/base-images/ for full list
- Language-specific variants:
- Your project Docker image - Project-specific dependencies; based on or language variant
base_builder
镜像按以下顺序逐层构建:
- base_image - 特定版本的Ubuntu
- base_clang - Clang编译器;基于
base_image - base_builder - 构建依赖;基于
base_clang- 特定语言变体:等
base_builder_go - 完整列表请查看/oss-fuzz/infra/base-images/
- 特定语言变体:
- 你的项目Docker镜像 - 项目专属依赖;基于或特定语言变体
base_builder
Runner Images (Used Separately)
运行器镜像(单独使用)
- base_runner - Executes harnesses; based on
base_clang - base_runner_debug - With debug tools; based on
base_runner
- base_runner - 执行harness;基于
base_clang - base_runner_debug - 包含调试工具;基于
base_runner
Advanced Usage
高级用法
Tips and Tricks
技巧与窍门
| Tip | Why It Helps |
|---|---|
| Don't manually copy source code | Project Dockerfile likely already pulls latest version |
| Check existing projects | Browse oss-fuzz/projects for examples |
| Keep harnesses in separate repo | Like curl-fuzzer - cleaner organization |
| Use specific compiler versions | Base images provide consistent build environment |
| Install dependencies in Dockerfile | May require approval for OSS-Fuzz enrollment |
| 技巧 | 优势 |
|---|---|
| 不要手动复制源代码 | 项目Dockerfile可能已经拉取了最新版本 |
| 查看现有项目 | 浏览oss-fuzz/projects获取示例 |
| 将harness放在单独的仓库中 | 类似于curl-fuzzer - 组织更清晰 |
| 使用特定版本的编译器 | 基础镜像提供一致的构建环境 |
| 在Dockerfile中安装依赖 | OSS-Fuzz注册可能需要审批 |
Criticality Score
Criticality Score
OSS-Fuzz uses a criticality score to evaluate project acceptance. See this example for how scoring works.
Projects with lower scores may still be added to private OSS-Fuzz instances.
OSS-Fuzz使用Criticality Score评估项目是否可被接纳。查看该示例了解评分方式。
评分较低的项目仍可添加到私有OSS-Fuzz实例中。
Hosting Your Own Instance
部署自己的实例
Since OSS-Fuzz is open-source, you can host your own instance for:
- Private projects not eligible for public OSS-Fuzz
- Projects with lower criticality scores
- Custom fuzzing infrastructure needs
由于OSS-Fuzz是开源的,你可以部署自己的实例用于:
- 不符合公共OSS-Fuzz条件的私有项目
- 评分较低的项目
- 自定义模糊测试基础设施需求
Anti-Patterns
反模式
| Anti-Pattern | Problem | Correct Approach |
|---|---|---|
| Manually pulling source in build.sh | Doesn't use latest version | Let Dockerfile handle git clone |
| Copying code to OSS-Fuzz repo | Hard to maintain, violates separation | Reference external harness repo |
| Ignoring base image versions | Build inconsistencies | Use provided base images and compilers |
| Skipping local testing | Wastes CI resources | Use helper.py locally before PR |
| Not checking build status | Unnoticed build failures | Monitor build status page regularly |
| 反模式 | 问题 | 正确做法 |
|---|---|---|
| 在build.sh中手动拉取源代码 | 无法使用最新版本 | 让Dockerfile处理git克隆 |
| 将代码复制到OSS-Fuzz仓库 | 难以维护,违反分离原则 | 引用外部harness仓库 |
| 忽略基础镜像版本 | 构建不一致 | 使用提供的基础镜像和编译器 |
| 跳过本地测试 | 浪费CI资源 | 在提交PR前使用helper.py进行本地测试 |
| 不检查构建状态 | 未发现构建失败 | 定期监控构建状态页面 |
Tool-Specific Guidance
工具特定指南
libFuzzer
libFuzzer
OSS-Fuzz primarily uses libFuzzer as the fuzzing engine for C/C++ projects.
Harness signature:
c
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// Your fuzzing logic
return 0;
}Build in build.sh:
bash
$CXX $CXXFLAGS -std=c++11 -I. \
harness.cc -o $OUT/harness \
$LIB_FUZZING_ENGINE ./libproject.aIntegration tips:
- Use variable provided by OSS-Fuzz
$LIB_FUZZING_ENGINE - Include is handled automatically
-fsanitize=fuzzer - Link against static libraries when possible
OSS-Fuzz主要使用libFuzzer作为C/C++项目的模糊测试引擎。
Harness签名:
c
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// 你的模糊测试逻辑
return 0;
}在build.sh中构建:
bash
$CXX $CXXFLAGS -std=c++11 -I. \
harness.cc -o $OUT/harness \
$LIB_FUZZING_ENGINE ./libproject.a集成技巧:
- 使用OSS-Fuzz提供的变量
$LIB_FUZZING_ENGINE - 自动处理的添加
-fsanitize=fuzzer - 尽可能链接静态库
AFL++
AFL++
OSS-Fuzz supports AFL++ as an alternative fuzzing engine.
Enable in project.yaml:
yaml
fuzzing_engines:
- afl
- libfuzzerIntegration tips:
- AFL++ harnesses work alongside libFuzzer harnesses
- Use persistent mode for better performance
- OSS-Fuzz handles engine-specific compilation flags
OSS-Fuzz支持AFL++作为替代模糊测试引擎。
在project.yaml中启用:
yaml
fuzzing_engines:
- afl
- libfuzzer集成技巧:
- AFL++ harness可与libFuzzer harness共存
- 使用持久模式提升性能
- OSS-Fuzz处理引擎特定的编译标志
Atheris (Python)
Atheris(Python)
For Python projects with C extensions.
Example from cbor2 integration:
Harness:
python
import atheris
import sys
import cbor2
@atheris.instrument_func
def TestOneInput(data):
fdp = atheris.FuzzedDataProvider(data)
try:
cbor2.loads(data)
except (cbor2.CBORDecodeError, ValueError):
pass
def main():
atheris.Setup(sys.argv, TestOneInput)
atheris.Fuzz()
if __name__ == "__main__":
main()Build in build.sh:
bash
pip3 install .
for fuzzer in $(find $SRC -name 'fuzz_*.py'); do
compile_python_fuzzer $fuzzer
doneIntegration tips:
- Use helper provided by OSS-Fuzz
compile_python_fuzzer - See Continuously Fuzzing Python C Extensions blog post
适用于带有C扩展的Python项目。
来自cbor2集成的示例:
Harness:
python
import atheris
import sys
import cbor2
@atheris.instrument_func
def TestOneInput(data):
fdp = atheris.FuzzedDataProvider(data)
try:
cbor2.loads(data)
except (cbor2.CBORDecodeError, ValueError):
pass
def main():
atheris.Setup(sys.argv, TestOneInput)
atheris.Fuzz()
if __name__ == "__main__":
main()在build.sh中构建:
bash
pip3 install .
for fuzzer in $(find $SRC -name 'fuzz_*.py'); do
compile_python_fuzzer $fuzzer
done集成技巧:
- 使用OSS-Fuzz提供的助手
compile_python_fuzzer - 阅读持续模糊测试Python C扩展博客文章
Rust Projects
Rust项目
Enable in project.yaml:
yaml
language: rust
fuzzing_engines:
- libfuzzer
sanitizers:
- address # Only AddressSanitizer supported for RustBuild in build.sh:
bash
cargo fuzz build -O --debug-assertions
cp fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1 $OUT/Integration tips:
- Rust supports only AddressSanitizer with libfuzzer
- Use cargo-fuzz for local development
- OSS-Fuzz handles Rust-specific compilation
在project.yaml中启用:
yaml
language: rust
fuzzing_engines:
- libfuzzer
sanitizers:
- address # Rust仅支持AddressSanitizer在build.sh中构建:
bash
cargo fuzz build -O --debug-assertions
cp fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1 $OUT/集成技巧:
- Rust仅支持搭配libfuzzer的AddressSanitizer
- 使用cargo-fuzz进行本地开发
- OSS-Fuzz处理Rust特定的编译
Troubleshooting
故障排除
| Issue | Cause | Solution |
|---|---|---|
| Build fails with missing dependencies | Dependencies not in Dockerfile | Add |
| Harness crashes immediately | Missing input validation | Add size checks in harness |
| Coverage is 0% | Harness not reaching target code | Verify harness actually calls target functions |
| Build timeout | Complex build process | Optimize build.sh, consider parallel builds |
| Sanitizer errors in build | Incompatible flags | Use flags provided by OSS-Fuzz environment variables |
| Cannot find source code | Wrong working directory in Dockerfile | Set WORKDIR or use absolute paths |
| 问题 | 原因 | 解决方案 |
|---|---|---|
| 构建失败,提示缺少依赖 | Dockerfile中未包含依赖 | 在Dockerfile中添加 |
| Harness立即崩溃 | 缺少输入验证 | 在harness中添加大小检查 |
| 覆盖率为0% | Harness未触达目标代码 | 验证harness是否实际调用了目标函数 |
| 构建超时 | 构建过程复杂 | 优化build.sh,考虑并行构建 |
| 构建中出现Sanitizer错误 | 标志不兼容 | 使用OSS-Fuzz环境变量提供的标志 |
| 无法找到源代码 | Dockerfile中的工作目录错误 | 设置WORKDIR或使用绝对路径 |
Related Skills
相关技能
Tools That Use This Technique
使用该技术的工具
| Skill | How It Applies |
|---|---|
| libfuzzer | Primary fuzzing engine used by OSS-Fuzz |
| aflpp | Alternative fuzzing engine supported by OSS-Fuzz |
| atheris | Used for fuzzing Python projects in OSS-Fuzz |
| cargo-fuzz | Used for Rust projects in OSS-Fuzz |
| 技能 | 应用方式 |
|---|---|
| libfuzzer | OSS-Fuzz使用的主要模糊测试引擎 |
| aflpp | OSS-Fuzz支持的替代模糊测试引擎 |
| atheris | 用于在OSS-Fuzz中模糊测试Python项目 |
| cargo-fuzz | 用于在OSS-Fuzz中模糊测试Rust项目 |
Related Techniques
相关技术
| Skill | Relationship |
|---|---|
| coverage-analysis | OSS-Fuzz generates coverage reports via helper.py |
| address-sanitizer | Default sanitizer for OSS-Fuzz projects |
| fuzz-harness-writing | Essential for enrolling projects in OSS-Fuzz |
| corpus-management | OSS-Fuzz maintains corpus for enrolled projects |
| 技能 | 关系 |
|---|---|
| coverage-analysis | OSS-Fuzz通过helper.py生成覆盖率报告 |
| address-sanitizer | OSS-Fuzz项目的默认Sanitizer |
| fuzz-harness-writing | 项目加入OSS-Fuzz的必备技能 |
| corpus-management | OSS-Fuzz为已注册项目维护语料库 |
Resources
资源
Key External Resources
关键外部资源
OSS-Fuzz Official Documentation
Comprehensive documentation covering enrollment, harness writing, and troubleshooting for the OSS-Fuzz platform.
Getting Started Guide
Step-by-step process for enrolling new projects into OSS-Fuzz, including requirements and approval process.
cbor2 OSS-Fuzz Integration PR
Real-world example of enrolling a Python project with C extensions into OSS-Fuzz. Shows:
- Initial proposal and project introduction
- Criticality score evaluation
- Complete implementation (project.yaml, Dockerfile, build.sh, harnesses)
Fuzz Introspector Case Studies
Examples and explanations of using Fuzz Introspector to analyze coverage and identify fuzzing blockers.
OSS-Fuzz官方文档
涵盖注册、harness编写和故障排除的综合文档。
入门指南
将新项目注册到OSS-Fuzz的分步流程,包括要求和审批流程。
cbor2 OSS-Fuzz集成PR
将带有C扩展的Python项目注册到OSS-Fuzz的真实示例。展示:
- 初始提案和项目介绍
- Criticality Score评估
- 完整实现(project.yaml、Dockerfile、build.sh、harness)
Fuzz Introspector案例研究
使用Fuzz Introspector分析覆盖率和识别模糊测试阻塞点的示例和说明。
Video Resources
视频资源
Check OSS-Fuzz documentation for workshop recordings and tutorials on enrollment and harness development.
查看OSS-Fuzz文档获取研讨会录像和关于注册与harness开发的教程。