Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage

Table of contents

Project overview: cryptography
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: fuzz_aead
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_sym
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_dh
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_dsa
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Runtime coverage analysis
Complex functions with low coverage
Files and Directories in report
Files in report
Directories in report
Metadata section
Function call coverage
Function in each files in report
Report generation date: 2023-03-14

Project overview: cryptography

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
10.7%
193/1804
Cyclomatic complexity statically reachable by fuzzers
10.8%
617/5700
Runtime code coverage of functions
68.0%
1230 / 1804

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
fuzz_aead /src/fuzz_aead.py 64 1764 8 7 44 204 fuzz_aead.py
fuzz_sym /src/fuzz_sym.py 109 1717 10 15 65 342 fuzz_sym.py
fuzz_dh /src/fuzz_dh.py 66 1763 7 10 22 201 fuzz_dh.py
fuzz_dsa /src/fuzz_dsa.py 54 1773 7 11 16 163 fuzz_dsa.py

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: fuzz_aead

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 18 9.37%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 174 90.6%
All colors 192 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
2 42 cryptography.hazmat.backends.openssl.aead._evp_cipher call site: 00042 cryptography.hazmat.backends.openssl.backend.Backend.openssl_assert
2 57 cryptography.hazmat.bindings.openssl.binding._errors_with_text call site: 00057 typing.NamedTuple.__init__
2 119 cryptography.hazmat.backends.openssl.aead._encrypt call site: 00119 cryptography.hazmat.backends.openssl.backend.Backend.openssl_assert
1 36 cryptography.hazmat.backends.openssl.aead._aead_cipher_name call site: 00036 .len
1 45 cryptography.hazmat.backends.openssl.backend.Backend.openssl_assert call site: 00045 cryptography.hazmat.bindings.openssl.binding._consume_errors
1 51 cryptography.hazmat.bindings.openssl.binding._consume_errors call site: 00051 cryptography.hazmat.bindings.openssl.binding._errors_with_text
1 64 cryptography.hazmat.backends.openssl.aead._aead_setup call site: 00064 .int
1 67 cryptography.hazmat.backends.openssl.aead._aead_setup call site: 00067 .len
1 72 cryptography.hazmat.backends.openssl.aead._set_tag call site: 00072 .len
1 80 cryptography.hazmat.backends.openssl.aead._aead_setup call site: 00080 .int
1 85 cryptography.hazmat.backends.openssl.aead._set_nonce_operation call site: 00085 .int
1 97 cryptography.hazmat.backends.openssl.aead._process_aad call site: 00097 .len

Runtime coverage analysis

Covered functions
423
Functions that are reachable but not covered
30
Reachable functions
64
Percentage of reachable functions covered
53.12%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/ 1
...fuzz_aead 16
cryptography.hazmat.primitives.ciphers.aead 12
cryptography.utils 1
cryptography.hazmat.backends.openssl.aead 25
cryptography.hazmat.backends.openssl.backend 2
cryptography.hazmat.bindings.openssl.binding 13

Fuzzer: fuzz_sym

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 45 19.6%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 184 80.3%
All colors 229 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
7 122 cryptography.hazmat.backends.openssl.ciphers._CipherContext.finalize call site: 00122 cryptography.hazmat.backends.openssl.backend.Backend.openssl_assert
6 55 cryptography.hazmat.backends.openssl.ciphers._CipherContext.__init__ call site: 00055 .isinstance
5 79 cryptography.hazmat.backends.openssl.ciphers._CipherContext.__init__ call site: 00079 cryptography.hazmat.backends.openssl.backend.Backend.openssl_assert
2 1 ...fuzz_sym.TestInput call site: 00001 cryptography.fernet.Fernet.generate_key
2 32 cryptography.hazmat.primitives.padding._byte_padding_pad call site: 00032 .bytes
2 51 cryptography.hazmat.backends.openssl.ciphers._CipherContext.__init__ call site: 00051 cryptography.hazmat.backends.openssl.backend.Backend.openssl_version_text
2 75 cryptography.hazmat.bindings.openssl.binding._errors_with_text call site: 00075 typing.NamedTuple.__init__
2 89 cryptography.hazmat.primitives.ciphers.base.Cipher._wrap_ctx call site: 00089 cryptography.hazmat.primitives.ciphers.base._AEADCipherContext.__init__
2 99 cryptography.fernet.Fernet._encrypt_from_parts call site: 00099 cryptography.hazmat.primitives.ciphers.base._AEADCipherContext._check_limit
2 163 cryptography.fernet.Fernet._get_unverified_token_data call site: 00163 time.time
2 182 cryptography.hazmat.primitives.ciphers.base.Cipher.decryptor call site: 00182 cryptography.hazmat.primitives.ciphers.algorithms.AES.__init__
2 220 cryptography.hazmat.backends.openssl.backend.Backend.derive_pbkdf2_hmac call site: 00220 .len

Runtime coverage analysis

Covered functions
423
Functions that are reachable but not covered
39
Reachable functions
109
Percentage of reachable functions covered
64.22%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/ 1
...fuzz_sym 9
cryptography.fernet 35
cryptography.utils 2
cryptography.hazmat.primitives.padding 15
cryptography.hazmat.primitives.ciphers.base 12
cryptography.hazmat.primitives.ciphers.modes 5
cryptography.hazmat.backends.openssl.backend 16
cryptography.hazmat.backends.openssl.ciphers 14
cryptography.hazmat.bindings.openssl.binding 13
cryptography.hazmat.primitives.ciphers.algorithms 3
cryptography.hazmat.primitives.hmac 7
cryptography.hazmat.backends.openssl.hmac 9
cryptography.hazmat.primitives.constant_time 2
cryptography.hazmat.primitives.kdf.pbkdf2 4

Fuzzer: fuzz_dh

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 15 12.2%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 107 87.7%
All colors 122 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
5 32 cryptography.hazmat.backends.openssl.dh._dh_params_dup call site: 00032 cryptography.hazmat.backends.openssl.backend.Backend.openssl_assert
1 0 EP call site: 00000 atheris.FuzzedDataProvider
1 5 cryptography.hazmat.backends.openssl.backend.Backend.openssl_assert call site: 00005 cryptography.hazmat.bindings.openssl.binding._consume_errors
1 11 cryptography.hazmat.bindings.openssl.binding._consume_errors call site: 00011 cryptography.hazmat.bindings.openssl.binding._errors_with_text
1 17 cryptography.hazmat.bindings.openssl.binding._errors_with_text call site: 00017 typing.NamedTuple.__init__
1 24 cryptography.hazmat.backends.openssl.backend.Backend.generate_dh_parameters call site: 00024 fdp.ConsumeBool
1 45 ...fuzz_dh.TestInput call site: 00045 cryptography.hazmat.backends.openssl.dh._DHPrivateKey.public_key
1 58 cryptography.hazmat.backends.openssl.dh._get_dh_num_bits call site: 00058 cryptography.hazmat.backends.openssl.dh._DHPrivateKey.exchange
1 64 cryptography.hazmat.backends.openssl.dh._DHPrivateKey.exchange call site: 00064 cryptography.hazmat.backends.openssl.backend.Backend._consume_errors_with_text
1 76 ...fuzz_dh.TestInput call site: 00076 cryptography.utils._check_bytes
1 93 cryptography.hazmat.backends.openssl.hmac._HMACContext.__init__ call site: 00093 .len

Runtime coverage analysis

Covered functions
423
Functions that are reachable but not covered
29
Reachable functions
66
Percentage of reachable functions covered
56.06%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/ 1
...fuzz_dh 10
cryptography.hazmat.primitives.asymmetric.dh 1
cryptography.hazmat.backends.openssl.backend 12
cryptography.hazmat.bindings.openssl.binding 13
cryptography.hazmat.backends.openssl.dh 19
cryptography.hazmat.primitives.kdf.hkdf 12
cryptography.utils 2
cryptography.hazmat.primitives.hmac 5
cryptography.hazmat.backends.openssl.hmac 7

Fuzzer: fuzz_dsa

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 16 15.5%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 87 84.4%
All colors 103 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
4 64 cryptography.hazmat.backends.openssl.hashes._HashContext.finalize call site: 00064 cryptography.hazmat.backends.openssl.hashes._HashContext._finalize_xof
3 96 cryptography.hazmat.backends.openssl.dsa._dsa_sig_verify call site: 00096 cryptography.hazmat.backends.openssl.backend.Backend._consume_errors
1 6 cryptography.hazmat.backends.openssl.backend.Backend.openssl_assert call site: 00006 cryptography.hazmat.bindings.openssl.binding._consume_errors
1 12 cryptography.hazmat.bindings.openssl.binding._consume_errors call site: 00012 cryptography.hazmat.bindings.openssl.binding._errors_with_text
1 18 cryptography.hazmat.bindings.openssl.binding._errors_with_text call site: 00018 typing.NamedTuple.__init__
1 33 cryptography.hazmat.backends.openssl.dsa._DSAPrivateKey.__init__ call site: 00033 cryptography.hazmat.backends.openssl.dsa._DSAPrivateKey.public_key
1 43 cryptography.hazmat.backends.openssl.dsa._DSAPublicKey.__init__ call site: 00043 fdp.ConsumeBytes
1 58 cryptography.hazmat.backends.openssl.hashes._HashContext.update call site: 00058 .len
1 85 cryptography.hazmat.backends.openssl.dsa._dsa_sig_sign call site: 00085 .len
1 89 cryptography.hazmat.backends.openssl.dsa._dsa_sig_sign call site: 00089 cryptography.hazmat.primitives.asymmetric.utils.Prehashed.__init__
1 91 cryptography.hazmat.primitives.asymmetric.utils.Prehashed.__init__ call site: 00091 cryptography.hazmat.backends.openssl.dsa._DSAPrivateKey.sign

Runtime coverage analysis

Covered functions
423
Functions that are reachable but not covered
23
Reachable functions
54
Percentage of reachable functions covered
57.41%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/ 1
...fuzz_dsa 10
cryptography.hazmat.primitives.asymmetric.dsa 1
cryptography.hazmat.backends.openssl.backend 12
cryptography.hazmat.bindings.openssl.binding 13
cryptography.hazmat.backends.openssl.dsa 14
cryptography.hazmat.primitives.hashes 5
cryptography.hazmat.backends.openssl.hashes 9
cryptography.utils 1
cryptography.hazmat.backends.openssl.utils 5
cryptography.hazmat.primitives.asymmetric.utils 1

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
cryptography.hazmat.primitives.serialization.ssh.SSHCertificateBuilder.sign cryptography.hazmat.primitives.serialization.ssh 2 ['N/A', 'N/A'] 4 0 33 9 7 113 0 358 237
cryptography.hazmat.backends.openssl.backend.Backend.load_pkcs12 cryptography.hazmat.backends.openssl.backend 3 ['N/A', 'N/A', 'N/A'] 5 0 5 9 7 71 3 233 117
cryptography.hazmat.backends.openssl.backend.Backend.__init__ cryptography.hazmat.backends.openssl.backend 1 ['N/A'] 2 0 4 2 4 42 1 135 83
cryptography.hazmat.backends.openssl.ed25519._Ed25519PrivateKey.private_bytes cryptography.hazmat.backends.openssl.ed25519 4 ['N/A', 'N/A', 'N/A', 'N/A'] 4 0 0 2 4 110 1 359 51
cryptography.x509.name._RFC4514NameParser._parse_na cryptography.x509.name 1 ['N/A'] 2 0 1 2 4 17 3 59 50
cryptography.hazmat.primitives.kdf.kbkdf._KBKDFDeriver.derive cryptography.hazmat.primitives.kdf.kbkdf 3 ['N/A', 'N/A', 'N/A'] 3 0 3 5 5 51 4 164 47
cryptography.hazmat.backends.openssl.rsa._enc_dec_rsa cryptography.hazmat.backends.openssl.rsa 4 ['N/A', 'N/A', 'N/A', 'N/A'] 3 0 0 5 5 34 2 112 42
cryptography.hazmat.backends.openssl.ec._EllipticCurvePrivateKey.exchange cryptography.hazmat.backends.openssl.ec 3 ['N/A', 'N/A', 'N/A'] 3 0 0 2 4 32 0 102 35

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
21.0%
380/1804
Cyclomatic complexity statically reachable by fuzzers
21.8%
1243 / 5700

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
cryptography.hazmat.backends.openssl.backend.Backend._evp_pkey_to_private_key 38 0 0.0% []
cryptography.hazmat.backends.openssl.backend.Backend._evp_pkey_to_public_key 40 0 0.0% []
cryptography.hazmat.backends.openssl.backend.Backend._private_key_bytes 52 0 0.0% []
cryptography.hazmat.backends.openssl.backend.Backend.load_pkcs12 47 0 0.0% []
cryptography.hazmat.backends.openssl.backend.Backend.serialize_key_and_certificates_to_pkcs12 76 0 0.0% []
cryptography.hazmat.backends.openssl.rsa._enc_dec_rsa_pkey_ctx 35 0 0.0% []
cryptography.hazmat.primitives.serialization.ssh.load_ssh_private_key 54 0 0.0% []
cryptography.hazmat.primitives.serialization.ssh._serialize_ssh_private_key 52 5 9.615% []
cryptography.hazmat.primitives.serialization.ssh._load_ssh_public_identity 56 0 0.0% []
cryptography.hazmat.primitives.serialization.ssh.SSHCertificateBuilder.sign 77 0 0.0% []
m.policy.clone 34 16 47.05% []
h.finalize 34 17 50.0% []

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
cryptography.hazmat.bindings [] []
cryptography.hazmat.primitives.twofactor [] []
cryptography.hazmat.primitives.hashes ['fuzz_dsa'] []
cryptography.x509.general_name [] []
cryptography.hazmat.primitives.asymmetric.ed25519 [] []
cryptography.hazmat.primitives [] []
cryptography.hazmat.primitives.kdf.scrypt [] []
cryptography.hazmat.primitives.hmac ['fuzz_sym', 'fuzz_dh'] []
cryptography.hazmat.primitives.twofactor.hotp [] []
cryptography.hazmat.primitives.asymmetric.types [] []
cryptography.hazmat.backends.openssl.rsa [] []
cryptography.hazmat.bindings.openssl._conditional [] []
cryptography.hazmat.backends.openssl.x448 [] []
cryptography.hazmat.primitives.ciphers.algorithms ['fuzz_sym'] []
cryptography.hazmat.primitives.asymmetric.dsa ['fuzz_dsa'] []
cryptography.hazmat.backends.openssl.cmac [] []
urllib [] []
cryptography.hazmat.primitives.asymmetric.ec [] []
cryptography.hazmat.backends.openssl.poly1305 [] []
math [] []
cryptography.hazmat.primitives.kdf.pbkdf2 ['fuzz_sym'] []
cryptography.hazmat.primitives.asymmetric.padding [] []
cryptography.hazmat.primitives.keywrap [] []
cryptography.hazmat.backends.openssl.x25519 [] []
cryptography.hazmat.primitives.constant_time ['fuzz_sym'] []
cryptography.hazmat.primitives.cmac [] []
cryptography.hazmat.backends.openssl.decode_asn1 [] []
cryptography.hazmat.bindings.openssl.binding ['fuzz_aead', 'fuzz_sym', 'fuzz_dh', 'fuzz_dsa'] []
itertools [] []
cryptography.hazmat.primitives.asymmetric.x25519 [] []
...fuzz_dsa ['fuzz_dsa'] []
cryptography.hazmat.bindings._rust [] []
[] []
bcrypt [] []
cryptography.hazmat.primitives.kdf.kbkdf [] []
cryptography.hazmat.primitives.asymmetric [] []
cryptography.hazmat.primitives.twofactor.totp [] []
cryptography.hazmat.primitives.serialization.pkcs12 [] []
cryptography.hazmat.primitives.serialization.base [] []
cryptography.x509.base [] []
datetime [] []
cryptography.hazmat.backends.openssl.ed448 [] []
cryptography.hazmat.primitives.kdf.concatkdf [] []
cryptography.x509.ocsp [] []
cryptography.utils ['fuzz_aead', 'fuzz_sym', 'fuzz_dh', 'fuzz_dsa'] []
hashlib [] []
cryptography.hazmat [] []
cryptography.hazmat.backends.openssl.hashes ['fuzz_dsa'] []
io [] []
...fuzz_aead ['fuzz_aead'] []
types [] []
atheris [] []
cryptography.hazmat.primitives.ciphers.base ['fuzz_sym'] []
cryptography.hazmat.primitives.kdf.x963kdf [] []
cryptography.hazmat.backends.openssl.dh ['fuzz_dh'] []
cryptography.x509 [] []
cryptography.hazmat.primitives._cipheralgorithm [] []
cryptography.hazmat.primitives.poly1305 [] []
cryptography.hazmat.primitives.serialization [] []
email [] []
cryptography.x509.oid [] []
cryptography.hazmat.backends.openssl.backend ['fuzz_aead', 'fuzz_sym', 'fuzz_dh', 'fuzz_dsa'] []
cryptography.hazmat.primitives.asymmetric.dh ['fuzz_dh'] []
cryptography.x509.extensions [] []
collections [] []
cryptography [] []
binascii [] []
cryptography.hazmat.primitives.asymmetric.rsa [] []
base64 [] []
cryptography.hazmat._oid [] []
warnings [] []
cryptography.hazmat.primitives.kdf [] []
cryptography.hazmat.backends.openssl.dsa ['fuzz_dsa'] []
cryptography.hazmat.backends.openssl.utils ['fuzz_dsa'] []
cryptography.exceptions [] []
cryptography.hazmat.bindings._openssl [] []
cryptography.hazmat.primitives._serialization [] []
cryptography.hazmat.primitives.asymmetric.ed448 [] []
cryptography.hazmat.primitives.kdf.hkdf ['fuzz_dh'] []
threading [] []
cryptography.hazmat.backends [] []
cryptography.hazmat.primitives.ciphers.modes ['fuzz_sym'] []
cryptography.hazmat.backends.openssl.ed25519 [] []
cryptography.__about__ [] []
cryptography.hazmat.backends.openssl.hmac ['fuzz_sym', 'fuzz_dh'] []
...fuzz_sym ['fuzz_sym'] []
cryptography.hazmat.primitives.ciphers [] []
cryptography.hazmat.primitives.asymmetric.x448 [] []
cryptography.hazmat.backends.openssl.ciphers ['fuzz_sym'] []
cryptography.hazmat.primitives.ciphers.aead ['fuzz_aead'] []
cryptography.hazmat.primitives.asymmetric.utils ['fuzz_dsa'] []
cryptography.hazmat.backends.openssl.ec [] []
time [] []
cryptography.hazmat.primitives.padding ['fuzz_sym'] []
re [] []
cryptography.hazmat.backends.openssl.aead ['fuzz_aead'] []
cryptography.x509.name [] []
cryptography.fernet ['fuzz_sym'] []
hmac [] []
os [] []
cryptography.hazmat.primitives.serialization.pkcs7 [] []
cryptography.x509.certificate_transparency [] []
cryptography.hazmat.bindings.openssl [] []
cryptography.hazmat.backends.openssl [] []
cryptography.hazmat.primitives.serialization.ssh [] []
cryptography.hazmat.primitives._asymmetric [] []
...fuzz_dh ['fuzz_dh'] []
typing [] []

Directories in report

Directory

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
fuzz_aead fuzzerLogFile-fuzz_aead.data fuzzerLogFile-fuzz_aead.data.yaml all_cov.json
fuzz_sym fuzzerLogFile-fuzz_sym.data fuzzerLogFile-fuzz_sym.data.yaml all_cov.json
fuzz_dh fuzzerLogFile-fuzz_dh.data fuzzerLogFile-fuzz_dh.data.yaml all_cov.json
fuzz_dsa fuzzerLogFile-fuzz_dsa.data fuzzerLogFile-fuzz_dsa.data.yaml all_cov.json

Function call coverage

This section shows a chosen list of functions / methods calls and their relative coverage information. By static analysis of the target project code, all of these function call and their caller information, including the source file or class and line number that initiate the call are captured. Column 1 is the function name of that selected functions or methods. Column 2 of each row indicate if the target function covered by any fuzzer calltree information. Column 3 lists all fuzzers (or no fuzzers at all) that have coered that particular function call dynamically. Column 4 shows list of parent function for the specific function call, while column 5 shows possible blocker functions that make the fuzzers fail to reach the specific functions. Both column 4 and 5 will only show information if none of the fuzzers cover the target function calls.

Function in each files in report

Target sink Callsite location Reached by fuzzer Function call path Covered by fuzzer Possible branch blockers