Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzzer details

Fuzzer: fuzz_flask_wtf

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 12 25.5%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 35 74.4%
All colors 47 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
7 23 ...fuzz_flask_wtf.fuzz_csrf call site: 00023 flask_wtf.csrf._get_config
2 5 flask_wtf.i18n.Translations.gettext call site: 00005 .getattr
2 39 flask_wtf.csrf.generate_csrf call site: 00039 os.urandom
1 43 flask_wtf.csrf.generate_csrf call site: 00043 flask.g.get

Runtime coverage analysis

Covered functions
15
Functions that are reachable but not covered
27
Reachable functions
30
Percentage of reachable functions covered
10.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/ 1
...fuzz_flask_wtf 12
flask_wtf.i18n 7
flask_wtf.csrf 10