High level conclusions

Fuzzer fuzz_http_parser is blocked:

The runtime code coverage of fuzz_http_parser covers 20.0% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer fuzz_http_parser_pure_python is blocked:

The runtime code coverage of fuzz_http_parser_pure_python covers 20.0% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer fuzz_multipart is blocked:

The runtime code coverage of fuzz_multipart covers 14.03% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer fuzz_web_request is blocked:

The runtime code coverage of fuzz_web_request covers 26.88% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer fuzz_http_payload_parser_pure_python is blocked:

The runtime code coverage of fuzz_http_payload_parser_pure_python covers 29.41% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer fuzz_http_payload_parser is blocked:

The runtime code coverage of fuzz_http_payload_parser covers 29.41% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Reachability and coverage overview

Functions statically reachable by fuzzers

54 / 1382

Cyclomatic complexity statically reachable by fuzzers

209 / 4711

Runtime code coverage of functions

248 / 1382

Warning: The number of runtime covered functions are larger than the number of reachable functions. This means that Fuzz Introspector found there are more functions covered at runtime than what is considered reachable based on the static analysis. This is a limitation in the analysis as anything covered at runtime is by definition reachable by the fuzzers.
This is likely due to a limitation in the static analysis. In this case, the count of functions covered at runtime is the true value, which means this is what should be considered "achieved" by the fuzzer.

Use the project functions table below to query all functions that were not covered at runtime.

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer: fuzz_http_payload_parser

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	31	42.4%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	42	57.5%
All colors	73	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
24	0	EP	call site: 00000	aiohttp.http_parser.HttpPayloadParser.feed_data
4	44	aiohttp.http_parser.HttpPayloadParser.feed_data	call site: 00044	aiohttp.streams.StreamReader.set_exception
1	29	aiohttp.streams.StreamReader.feed_data	call site: 00029	aiohttp.helpers.set_result
1	38	aiohttp.http_parser.HttpPayloadParser.feed_data	call site: 00038	size_b.strip
1	60	aiohttp.http_parser.HttpPayloadParser.feed_data	call site: 00060	aiohttp.helpers.set_result

Runtime coverage analysis

Covered functions

257

Functions that are reachable but not covered

24

Reachable functions

34

Percentage of reachable functions covered

29.41%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/	1
...aiohttp.fuzz_http_payload_parser	4
aiohttp.http_parser	20
aiohttp.compression_utils	5
aiohttp.streams	5
aiohttp.helpers	2
aiohttp.http_exceptions	1

Fuzzer: fuzz_http_payload_parser_pure_python

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	31	42.4%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	42	57.5%
All colors	73	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
24	0	EP	call site: 00000	aiohttp.http_parser.HttpPayloadParser.feed_data
4	44	aiohttp.http_parser.HttpPayloadParser.feed_data	call site: 00044	aiohttp.streams.StreamReader.set_exception
1	29	aiohttp.streams.StreamReader.feed_data	call site: 00029	aiohttp.helpers.set_result
1	38	aiohttp.http_parser.HttpPayloadParser.feed_data	call site: 00038	size_b.strip
1	60	aiohttp.http_parser.HttpPayloadParser.feed_data	call site: 00060	aiohttp.helpers.set_result

Runtime coverage analysis

Covered functions

257

Functions that are reachable but not covered

24

Reachable functions

34

Percentage of reachable functions covered

29.41%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/	1
...aiohttp.fuzz_http_payload_parser_pure_python	4
aiohttp.http_parser	20
aiohttp.compression_utils	5
aiohttp.streams	5
aiohttp.helpers	2
aiohttp.http_exceptions	1

Fuzzer: fuzz_web_request

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	83	51.2%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	79	48.7%
All colors	162	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
36	125	aiohttp.helpers.parse_mimetype	call site: 00125	aiohttp.web_request.BaseRequest.read
14	102	aiohttp.web_request.BaseRequest.post	call site: 00102	aiohttp.web_request.BaseRequest.multipart
9	38	multidict._multidict_py.MultiDict._extend	call site: 00038	aiohttp.test_utils.make_mocked_request
6	30	multidict._multidict_py.MultiDict._extend	call site: 00030	used_keys.get
5	0	EP	call site: 00000	...aiohttp.fuzz_web_request.fuzz_run_one_async
5	60	multidict._multidict_py._Base.items	call site: 00060	multidict._multidict_py.MultiDict.__init__
4	12	multidict._multidict_py.MultiDict._extend	call site: 00012	.list
3	56	aiohttp.test_utils.make_mocked_request	call site: 00056	multidict._multidict_py._Base.items
1	92	aiohttp.web_urldispatcher.UrlMappingMatchInfo.__init__	call site: 00092	unittest.mock.Mock

Runtime coverage analysis

Covered functions

322

Functions that are reachable but not covered

68

Reachable functions

93

Percentage of reachable functions covered

26.88%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/	1
...aiohttp.fuzz_web_request	10
multidict._multidict_py	24
aiohttp.test_utils	23
aiohttp.web_request	31
aiohttp.web_urldispatcher	2
aiohttp.multipart	3
aiohttp.helpers	11

Fuzzer: fuzz_multipart

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	48	61.5%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	30	38.4%
All colors	78	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
19	45	aiohttp.multipart.BodyPartReader.get_charset	call site: 00045	aiohttp.client_reqrep.ClientResponse.links
9	34	aiohttp.multipart.BodyPartReader.read	call site: 00034	aiohttp.multipart.BodyPartReader._decode_content
8	23	aiohttp.multipart.BodyPartReader.read_chunk	call site: 00023	chunk.split
7	0	EP	call site: 00000	...aiohttp.fuzz_multipart.fuzz_bodypart_reader
2	10	aiohttp.multipart.BodyPartReader.read	call site: 00010	aiohttp.multipart.BodyPartReader._read_chunk_from_length
1	13	aiohttp.multipart.BodyPartReader.read_chunk	call site: 00013	.len
1	72	aiohttp.helpers.parse_mimetype	call site: 00072	multidict.MultiDictProxy
1	76	aiohttp.multipart.BodyPartReader.form	call site: 00076	asyncio.run

Runtime coverage analysis

Covered functions

257

Functions that are reachable but not covered

49

Reachable functions

57

Percentage of reachable functions covered

14.04%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/	1
...aiohttp.fuzz_multipart	8
aiohttp.multipart	29
aiohttp.compression_utils	3
aiohttp.helpers	9
aiohttp.client_reqrep	10

Fuzzer: fuzz_http_parser_pure_python

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	3	60.0%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	2	40.0%
All colors	5	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
3	0	EP	call site: 00000	asyncio.get_event_loop

Runtime coverage analysis

Covered functions

257

Functions that are reachable but not covered

4

Reachable functions

5

Percentage of reachable functions covered

20.0%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/	1
...aiohttp.fuzz_http_parser_pure_python	4

Fuzzer: fuzz_http_parser

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	3	60.0%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	2	40.0%
All colors	5	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
3	0	EP	call site: 00000	asyncio.get_event_loop

Runtime coverage analysis

Covered functions

257

Functions that are reachable but not covered

4

Reachable functions

5

Percentage of reachable functions covered

20.0%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/	1
...aiohttp.fuzz_http_parser	4

Fuzzer: fuzz_payload_url

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	27	43.5%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	35	56.4%
All colors	62	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
6	0	EP	call site: 00000	aiohttp.payload.StringPayload.__init__
6	31	multidict._multidict_py.MultiDict._extend	call site: 00031	used_keys.get
5	39	multidict._multidict_py.MultiDict._extend	call site: 00039	multidict._multidict_py.CIMultiDict._title
4	13	multidict._multidict_py.MultiDict._extend	call site: 00013	.list
3	55	aiohttp.helpers.parse_mimetype	call site: 00055	multidict._multidict_py.MultiDictProxy.__init__
2	59	aiohttp.payload.StringPayload.__init__	call site: 00059	...aiohttp.fuzz_payload_url.TestOneInput.original.encode
1	45	multidict._multidict_py.MultiDictProxy.__init__	call site: 00045	_multidict.MultiDictProxy

Runtime coverage analysis

Covered functions

322

Functions that are reachable but not covered

27

Reachable functions

40

Percentage of reachable functions covered

32.5%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/	1
...aiohttp.fuzz_payload_url	3
aiohttp.payload	5
aiohttp.helpers	11
multidict._multidict_py	20

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name	Functions filename	Arg count	Args	Function depth	hitcount	instr count	bb count	cyclomatic complexity	Reachable functions	Incoming references	total cyclomatic complexity	Unreached complexity
aiohttp.client.ClientSession._ws_connect	aiohttp.client	20	['N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A']	6	0	5	16	9	233	1	792	709
aiohttp.connector.BaseConnector.connect	aiohttp.connector	4	['N/A', 'N/A', 'N/A', 'N/A']	8	0	23	12	8	198	0	663	275
aiohttp.web.main	aiohttp.web	1	['N/A']	5	0	12	3	4	94	1	295	259
aiohttp.web_protocol.RequestHandler.start	aiohttp.web_protocol	1	['N/A']	5	0	16	14	9	99	1	338	247
yarl._url.URL.__new__	yarl._url	4	['N/A', 'N/A', 'N/A', 'N/A']	3	0	2	10	7	34	0	114	96
aiohttp.web_urldispatcher.UrlDispatcher.add_resource	aiohttp.web_urldispatcher	3	['N/A', 'N/A', 'N/A']	4	0	2	4	5	29	9	95	77
aiohttp.multipart.parse_content_disposition	aiohttp.multipart	1	['N/A']	2	0	9	15	9	22	3	75	63

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers

211 / 1382

Cyclomatic complexity statically reachable by fuzzers

860 / 4711

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

/src/aiohttp/fuzz_http_payload_parser.py

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['aiohttp.http_parser.HttpPayloadParser.feed_data', 'aiohttp.streams.StreamReader.feed_data']

/src/aiohttp/fuzz_http_payload_parser_pure_python.py

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['aiohttp.http_parser.HttpPayloadParser.feed_data', 'aiohttp.streams.StreamReader.feed_data']

/src/aiohttp/fuzz_web_request.py

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['aiohttp.helpers.parse_mimetype', 'aiohttp.web_request.BaseRequest.post', 'multidict._multidict_py.MultiDict._extend', 'multidict._multidict_py._Base.items', 'aiohttp.test_utils.make_mocked_request', 'aiohttp.web_urldispatcher.UrlMappingMatchInfo.__init__']

/src/aiohttp/fuzz_multipart.py

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['aiohttp.multipart.BodyPartReader.get_charset', 'aiohttp.multipart.BodyPartReader.read', 'aiohttp.multipart.BodyPartReader.read_chunk', 'aiohttp.helpers.parse_mimetype', 'aiohttp.multipart.BodyPartReader.form']

/src/aiohttp/fuzz_http_parser_pure_python.py

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

/src/aiohttp/fuzz_http_parser.py

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

/src/aiohttp/fuzz_payload_url.py

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['multidict._multidict_py.MultiDict._extend', 'aiohttp.helpers.parse_mimetype', 'aiohttp.payload.StringPayload.__init__', 'multidict._multidict_py.MultiDictProxy.__init__']

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name	Function total lines	Lines covered at runtime	percentage covered	Reached by fuzzers
aiohttp.web._run_app._wait	38	0	0.0%	[]
aiohttp.web_fileresponse.FileResponse.prepare	73	0	0.0%	[]
aiohttp.client.ClientSession.__init__	49	2	4.081%	[]
aiohttp.client.ClientSession._request	167	20	11.97%	[]
aiohttp.client.ClientSession._ws_connect	70	14	20.0%	[]
aiohttp.web_request.BaseRequest.forwarded	32	3	9.375%	[]
aiohttp.web_request.BaseRequest.post	56	4	7.142%	['fuzz_web_request']
aiohttp.web_response.StreamResponse._prepare_headers	44	0	0.0%	[]
aiohttp.web_response.Response.__init__	39	2	5.128%	[]
aiohttp.web_protocol.RequestHandler.__init__	34	0	0.0%	[]
aiohttp.web_protocol.RequestHandler.start	77	0	0.0%	[]
aiohttp.connector.BaseConnector.connect	58	0	0.0%	[]
aiohttp.connector.TCPConnector._resolve_host	43	0	0.0%	[]
aiohttp.connector.TCPConnector._create_direct_connection.drop_exception	33	0	0.0%	[]
aiohttp.connector.TCPConnector._create_proxy_connection	46	2	4.347%	[]
aiohttp.http_websocket.ws_ext_parse	31	4	12.90%	[]
aiohttp.http_websocket.WebSocketReader._feed_data	56	0	0.0%	[]
aiohttp.http_websocket.WebSocketReader.parse_frame	83	10	12.04%	[]
aiohttp.http_websocket.WebSocketWriter._send_frame	39	0	0.0%	[]
aiohttp.multipart.parse_content_disposition.unescape	53	0	0.0%	[]
aiohttp.client_reqrep.ClientRequest.__init__	42	0	0.0%	[]
aiohttp.client_reqrep.ClientRequest.send	36	0	0.0%	[]
async_timeout.timeout_at	116	39	33.62%	[]
aiohttp.cookiejar.CookieJar.update_cookies	46	0	0.0%	[]
aiohttp.cookiejar.CookieJar.filter_cookies	41	0	0.0%	[]
aiohttp.cookiejar.CookieJar._parse_date	49	2	4.081%	[]
aiohttp.client_proto.ResponseHandler.data_received	37	0	0.0%	[]
aiohttp.client_ws.ClientWebSocketResponse.close	38	0	0.0%	[]
aiohttp.client_ws.ClientWebSocketResponse.receive	50	0	0.0%	[]
aiodns.DNSResolver	107	29	27.10%	[]
aiohttp.web_ws.WebSocketResponse._handshake	35	0	0.0%	[]
aiohttp.web_ws.WebSocketResponse.close	44	0	0.0%	[]
aiohttp.web_ws.WebSocketResponse.receive	52	0	0.0%	[]

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file	Reached by	Covered by
	[]	[]
weakref	[]	[]
_quoting_c	[]	[]
yarl	[]	[]
multidict._compat	[]	[]
contextlib	[]	[]
math	[]	[]
io	[]	[]
aiohappyeyeballs	[]	[]
types	[]	[]
http	[]	[]
traceback	[]	[]
string	[]	[]
aiohttp.helpers	['fuzz_http_payload_parser', 'fuzz_http_payload_parser_pure_python', 'fuzz_web_request', 'fuzz_multipart', 'fuzz_payload_url']	[]
typing	[]	[]
ssl	[]	[]
yarl._quoting_py	[]	[]
argparse	[]	[]
aiohttp.client	[]	[]
...aiohttp.fuzz_multipart	['fuzz_multipart']	[]
zlib	[]	[]
functools	[]	[]
brotlicffi	[]	[]
aiohttp.web_app	[]	[]
aiosignal	[]	[]
aiohttp	[]	[]
aiohttp.web_server	[]	[]
urllib	[]	[]
pathlib	[]	[]
aiohttp.hdrs	[]	[]
...aiohttp.fuzz_web_request	['fuzz_web_request']	[]
aiohttp.client_exceptions	[]	[]
aiohttp.http_parser	['fuzz_http_payload_parser', 'fuzz_http_payload_parser_pure_python']	[]
dataclasses	[]	[]
inspect	[]	[]
yarl._url	[]	[]
aiohttp.web_runner	[]	[]
aiohttp.web_middlewares	[]	[]
_websocket	[]	[]
time	[]	[]
sys	[]	[]
platform	[]	[]
aiohttp.http	[]	[]
uvloop	[]	[]
logging	[]	[]
...aiohttp.fuzz_payload_url	['fuzz_payload_url']	[]
aiohttp.http_writer	[]	[]
random	[]	[]
calendar	[]	[]
aiohttp.client_reqrep	['fuzz_multipart']	[]
aiohttp.pytest_plugin	[]	[]
json	[]	[]
aiohttp.resolver	[]	[]
abc	[]	[]
ipaddress	[]	[]
textwrap	[]	[]
aiohttp.tcp_helpers	[]	[]
_abc	[]	[]
datetime	[]	[]
_helpers	[]	[]
aiohttp.client_ws	[]	[]
aiohttp.streams	['fuzz_http_payload_parser', 'fuzz_http_payload_parser_pure_python']	[]
	[]	[]
re	[]	[]
gunicorn	[]	[]
...aiohttp.fuzz_http_payload_parser	['fuzz_http_payload_parser']	[]
codecs	[]	[]
aiohttp.web_ws	[]	[]
aiohttp.multipart	['fuzz_web_request', 'fuzz_multipart']	[]
aiohttp.web_routedef	[]	[]
async_timeout	[]	[]
aiohttp.web_response	[]	[]
aiohttp.base_protocol	[]	[]
os	[]	[]
socket	[]	[]
aiohttp.tracing	[]	[]
aiodns	[]	[]
pickle	[]	[]
brotli	[]	[]
aiohttp.cookiejar	[]	[]
html	[]	[]
base64	[]	[]
aiohttp.web_urldispatcher	['fuzz_web_request']	[]
gc	[]	[]
aiohttp.formdata	[]	[]
aiohttp.test_utils	['fuzz_web_request']	[]
multidict	[]	[]
collections	[]	[]
aiohttp.web_fileresponse	[]	[]
multidict._multidict_py	['fuzz_web_request', 'fuzz_payload_url']	[]
...aiohttp.fuzz_http_parser_pure_python	['fuzz_http_parser_pure_python']	[]
aiohttp.payload	['fuzz_payload_url']	[]
_multidict	[]	[]
aiohttp.log	[]	[]
...aiohttp.fuzz_http_parser	['fuzz_http_parser']	[]
keyword	[]	[]
aiohttp.worker	[]	[]
...aiohttp.fuzz_http_payload_parser_pure_python	['fuzz_http_payload_parser_pure_python']	[]
aiohttp.http_exceptions	['fuzz_http_payload_parser', 'fuzz_http_payload_parser_pure_python']	[]
atheris	[]	[]
frozenlist	[]	[]
itertools	[]	[]
asyncio	[]	[]
aiohttp.web	[]	[]
aiohttp.web_exceptions	[]	[]
aiohttp.locks	[]	[]
aiohttp.http_websocket	[]	[]
hashlib	[]	[]
aiohttp.web_protocol	[]	[]
aiohttp.typedefs	[]	[]
uuid	[]	[]
warnings	[]	[]
email	[]	[]
aiohttp.web_log	[]	[]
importlib	[]	[]
tempfile	[]	[]
idna	[]	[]
struct	[]	[]
aiohttp.compression_utils	['fuzz_http_payload_parser', 'fuzz_http_payload_parser_pure_python', 'fuzz_multipart']	[]
binascii	[]	[]
array	[]	[]
yarl._quoting	[]	[]
netrc	[]	[]
_http_parser	[]	[]
signal	[]	[]
aiohttp.client_proto	[]	[]
aiohttp.connector	[]	[]
unittest	[]	[]
aiohttp.abc	[]	[]
multidict._multidict_base	[]	[]
ClientSession	[]	[]
enum	[]	[]
multidict._abc	[]	[]
aiohttp.web_request	['fuzz_web_request']	[]
mimetypes	[]	[]

Directories in report

Directory