Product
Introducing SSO
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
Readme
CobraFuzz is a parallel coverage-guided fuzzer for testing Python programs. It is a fork of pythonfuzz.
Fuzzing for safe languages like Python is a powerful strategy for finding bugs like unhandled exceptions, logic bugs and security bugs. It makes a good addition to classic unit-testing.
The first step is to implement a function to be fuzz-tested, also called a fuzz target.
Here is an example of a simple fuzz target for the built-in html
module
from html.parser import HTMLParser
from cobrafuzz.main import CobraFuzz
@CobraFuzz
def fuzz(buf):
try:
string = buf.decode("ascii")
parser = HTMLParser()
parser.feed(string)
except UnicodeDecodeError:
pass
if __name__ == '__main__':
fuzz()
Features of a fuzz target:
fuzz()
will call the fuzz target in an infinite loop with random data generated by the coverage-guided algorithm. The data is passed to the target in a separate process through the buf
parameter.The next step is to download CobraFuzz and then run the fuzzer:
$ pip install cobrafuzz
[...]
$ python examples/htmlparser/fuzz.py --crash-dir results --max-crashes 1
#0 READ units: 1 workers: 7 seeds: 1
#1 NEW cov: 279 corp: 1 exec/s: 89 crashes: 0
#5 NEW cov: 366 corp: 2 exec/s: 299 crashes: 0
#7 NEW cov: 401 corp: 3 exec/s: 3124 crashes: 0
[...]
#154382 NEW cov: 1086 corp: 50 exec/s: 22835 crashes: 0
#156521 NEW cov: 1092 corp: 51 exec/s: 2797 crashes: 0
Crash dir created (results)
sample was written to results/crash-c76ab601df7d8513560ad3c1a38f43c715122b342637a4517a32d13dea03d3ce
sample = 3c215b2119
Found 1 crashes, stopping.
By default, CobraFuzz will use all CPUs available in the system (8 in this example: 1 coordination process and 7 independent workers).
Use the -j
/ --num-workers
command line parameter to override the default.
In this example an unhandled exception is found in a few seconds.
CobraFuzz will generate and test various inputs in an infinite loop.
Seeds can be provided as a mix of files and directories by the seeds
parameter.
If one of those seeds parameters is a directory, all regular files therein are used as seeds.
CobraFuzz can also start with an empty seed corpus, though some valid test-cases in the seed corpus may speed up the fuzzing substantially.
More fuzz target examples (for real and popular libraries) can be found in the examples directory.
CobraFuzz is a fork of pythonfuzz. pythonfuzz is a port of fuzzitdev/jsfuzz. jsfuzz is in turn heavily based on go-fuzz originally developed by Dmitry Vyukov. go-fuzz is in turn heavily based on Michal Zalewski's AFL.
Contributions are welcome, feel free to open issues and pull requests on GitHub.
Feel free to add bugs that you found with CobraFuzz to this list via pull requests.
FAQs
Coverage-guided fuzz testing for Python
We found that cobrafuzz demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.