Fuzz introspector: fuzz_flask_wtf
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
7 55 ...fuzz_flask_wtf.fuzz_csrf call site: 00055 flask_wtf.csrf._get_config
4 8 flask_wtf.i18n._get_translations call site: 00008 os.path.abspath
2 5 flask_wtf.i18n.Translations.gettext call site: 00005 .getattr
2 71 flask_wtf.csrf.generate_csrf call site: 00071 os.urandom
1 28 flask.app.Flask.__init__ call site: 00028 flask.sansio.scaffold._endpoint_from_view_func
1 42 flask.app.Flask.test_request_context call site: 00042 .bool
1 45 flask.testing.EnvironBuilder.__init__ call site: 00045 app_root.lstrip
1 75 flask_wtf.csrf.generate_csrf call site: 00075 g.get

Fuzzer calltree

0 ...fuzz_flask_wtf.TestOneInput [function] [call site] 00000
1 ...fuzz_flask_wtf.fuzz_i18n [function] [call site] 00001
2 atheris.FuzzedDataProvider [function] [call site] 00002
2 fdp.ConsumeUnicodeNoSurrogates [function] [call site] 00003
2 flask_wtf.i18n.Translations.gettext [function] [call site] 00004
3 flask_wtf.i18n._get_translations [function] [call site] 00005
4 <builtin>.getattr [function] [call site] 00006
4 babel.support.Translations.load [function] [call site] 00007
4 wtforms.i18n.messages_path [function] [call site] 00008
5 os.path.abspath [function] [call site] 00009
5 os.path.dirname [function] [call site] 00010
5 os.path.join [function] [call site] 00011
5 os.path.exists [function] [call site] 00012
4 flask_babel.get_locale [function] [call site] 00013
3 t.ugettext [function] [call site] 00014
2 fdp.ConsumeUnicodeNoSurrogates [function] [call site] 00015
2 flask_wtf.i18n.Translations.ngettext [function] [call site] 00016
3 flask_wtf.i18n._get_translations [function] [call site] 00017
3 t.ungettext [function] [call site] 00018
2 fdp.ConsumeUnicodeNoSurrogates [function] [call site] 00019
1 ...fuzz_flask_wtf.fuzz_csrf [function] [call site] 00020
2 atheris.FuzzedDataProvider [function] [call site] 00021
2 ...fuzz_flask_wtf.get_app [function] [call site] 00022
3 flask.app.Flask.__init__ [function] [call site] 00023
4 <builtin>.super [function] [call site] 00024
4 cli.AppGroup [function] [call site] 00025
4 <builtin>.bool [function] [call site] 00026
4 weakref.ref [function] [call site] 00027
4 flask.sansio.app.App.add_url_rule [function] [call site] 00028
5 flask.sansio.scaffold._endpoint_from_view_func [function] [call site] 00029
5 options.pop [function] [call site] 00030
5 <builtin>.getattr [function] [call site] 00031
5 <builtin>.isinstance [function] [call site] 00032
5 item.upper [function] [call site] 00033
5 <builtin>.getattr [function] [call site] 00034
5 <builtin>.set [function] [call site] 00035
5 <builtin>.getattr [function] [call site] 00036
5 required_methods.add [function] [call site] 00037
5 werkzeug.routing.Rule [function] [call site] 00038
3 fdp.ConsumeUnicodeNoSurrogates [function] [call site] 00039
3 fdp.ConsumeUnicodeNoSurrogates [function] [call site] 00040
2 flask.app.Flask.test_request_context [function] [call site] 00041
3 flask.testing.EnvironBuilder.__init__ [function] [call site] 00042
4 <builtin>.bool [function] [call site] 00043
4 werkzeug.test.Client.application.config.get [function] [call site] 00044
4 urllib.parse.urlsplit [function] [call site] 00045
4 app_root.lstrip [function] [call site] 00046
4 <builtin>.super [function] [call site] 00047
3 builder.get_environ [function] [call site] 00048
3 flask.app.Flask.request_context [function] [call site] 00049
4 flask.ctx.RequestContext.__init__ [function] [call site] 00050
5 app.request_class [function] [call site] 00051
5 flask.app.Flask.create_url_adapter [function] [call site] 00052
6 werkzeug.wsgi.get_host [function] [call site] 00053
3 builder.close [function] [call site] 00054
2 flask_wtf.csrf.validate_csrf [function] [call site] 00055
3 flask_wtf.csrf._get_config [function] [call site] 00056
4 current_app.config.get [function] [call site] 00057
3 flask_wtf.csrf._get_config [function] [call site] 00058
3 flask_wtf.csrf._get_config [function] [call site] 00059
3 itsdangerous.URLSafeTimedSerializer [function] [call site] 00060
3 itsdangerous.URLSafeTimedSerializer.loads [function] [call site] 00061
3 hmac.compare_digest [function] [call site] 00062
2 fdp.ConsumeIntInRange [function] [call site] 00063
2 fdp.ConsumeUnicodeNoSurrogates [function] [call site] 00064
2 flask_wtf.csrf.generate_csrf [function] [call site] 00065
3 flask_wtf.csrf._get_config [function] [call site] 00066
3 flask_wtf.csrf._get_config [function] [call site] 00067
3 itsdangerous.URLSafeTimedSerializer [function] [call site] 00068
3 os.urandom [function] [call site] 00069
3 hashlib.sha1 [function] [call site] 00070
3 itsdangerous.URLSafeTimedSerializer.dumps [function] [call site] 00071
3 os.urandom [function] [call site] 00072
3 hashlib.sha1 [function] [call site] 00073
3 itsdangerous.URLSafeTimedSerializer.dumps [function] [call site] 00074
3 <builtin>.setattr [function] [call site] 00075
3 g.get [function] [call site] 00076
2 fdp.ConsumeIntInRange [function] [call site] 00077
2 fdp.ConsumeUnicodeNoSurrogates [function] [call site] 00078