Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: mosquitto
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: lib_fuzz_utf8
Call tree
Runtime coverage analysis
Files reached
Fuzzer: lib_fuzz_pub_topic_check2
Call tree
Runtime coverage analysis
Files reached
Fuzzer: lib_fuzz_sub_topic_check2
Call tree
Runtime coverage analysis
Files reached
Fuzzer: mosquitto_passwd_fuzz_load
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: db_dump_fuzz_load_client_stats
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: db_dump_fuzz_load
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: db_dump_fuzz_load_stats
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: broker_fuzz_read_handle
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: broker_fuzz_test_config
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: dynsec_fuzz_load
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Runtime coverage analysis
Complex functions with low coverage
Files and Directories in report
Files in report
Directories in report
Metadata section
Function call coverage
Function in each files in report
Report generation date: 2023-09-19

Project overview: mosquitto

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
93.0%
772 / 829
Cyclomatic complexity statically reachable by fuzzers
94.0%
8405 / 8954
Runtime code coverage of functions
33.0%
277 / 829

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
lib_fuzz_utf8 fuzzing/lib/lib_fuzz_utf8.cpp 2 0 1 2 83 32 lib_fuzz_utf8.cpp
lib_fuzz_pub_topic_check2 fuzzing/lib/lib_fuzz_pub_topic_check2.cpp 2 10 1 2 19 8 lib_fuzz_pub_topic_check2.cpp
lib_fuzz_sub_topic_check2 fuzzing/lib/lib_fuzz_sub_topic_check2.cpp 2 10 1 2 39 15 lib_fuzz_sub_topic_check2.cpp
mosquitto_passwd_fuzz_load fuzzing/apps/mosquitto_passwd/mosquitto_passwd_fuzz_load.cpp 84 8 6 6 470 311 mosquitto_passwd_fuzz_load.cpp
db_dump_fuzz_load_client_stats fuzzing/apps/db_dump/db_dump_fuzz_load_client_stats.cpp 86 76 9 12 1696 533 db_dump_fuzz_load_client_stats.cpp
db_dump_fuzz_load fuzzing/apps/db_dump/db_dump_fuzz_load.cpp 86 76 9 12 1696 533 db_dump_fuzz_load.cpp
db_dump_fuzz_load_stats fuzzing/apps/db_dump/db_dump_fuzz_load_stats.cpp 86 76 9 12 1696 533 db_dump_fuzz_load_stats.cpp
broker_fuzz_read_handle fuzzing/broker/broker_fuzz_read_handle.cpp 333 573 22 67 9558 2996 broker_fuzz_read_handle.cpp
broker_fuzz_test_config fuzzing/broker/broker_fuzz_test_config.cpp 840 68 25 99 19761 6822 broker_fuzz_test_config.cpp
dynsec_fuzz_load fuzzing/plugins/dynamic-security/dynsec_fuzz_load.cpp 415 646 22 59 11054 3476 dynsec_fuzz_load.cpp

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: lib_fuzz_utf8

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 2 100.%
All colors 2 100

Runtime coverage analysis

Covered functions
2
Functions that are reachable but not covered
0
Reachable functions
2
Percentage of reachable functions covered
100.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/lib/lib_fuzz_utf8.cpp 1
lib/utf8_mosq.c 1

Fuzzer: lib_fuzz_pub_topic_check2

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 2 100.%
All colors 2 100

Runtime coverage analysis

Covered functions
2
Functions that are reachable but not covered
0
Reachable functions
2
Percentage of reachable functions covered
100.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/lib/lib_fuzz_pub_topic_check2.cpp 1
lib/util_topic.c 1

Fuzzer: lib_fuzz_sub_topic_check2

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 2 100.%
All colors 2 100

Runtime coverage analysis

Covered functions
2
Functions that are reachable but not covered
0
Reachable functions
2
Percentage of reachable functions covered
100.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/lib/lib_fuzz_sub_topic_check2.cpp 1
lib/util_topic.c 1

Fuzzer: mosquitto_passwd_fuzz_load

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 108 52.4%
gold [1:9] 5 2.42%
yellow [10:29] 2 0.97%
greenyellow [30:49] 1 0.48%
lawngreen 50+ 90 43.6%
All colors 206 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
102 102 1 :

['update_file']

118 136 mosquitto_passwd_fuzz_main call site: 00160 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:657
53 53 1 :

['delete_pwuser']

69 87 mosquitto_passwd_fuzz_main call site: 00159 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:655
34 34 1 :

['get_password']

56 181 mosquitto_passwd_fuzz_main call site: 00182 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:660
12 12 5 :

['EVP_MD_CTX_free', 'EVP_DigestUpdate', 'EVP_MD_CTX_new', 'EVP_DigestFinal_ex', 'EVP_DigestInit_ex']

14 14 pw__hash call site: 00107 /src/mosquitto/apps/mosquitto_passwd/../../common/password_mosq.c:91
4 4 2 :

['getuid', 'getpwuid_r']

12 12 mosquitto__fopen call site: 00095 /src/mosquitto/apps/mosquitto_passwd/../../common/misc_mosq.c:189
4 4 2 :

['getgrgid_r', 'getgid']

6 6 mosquitto__fopen call site: 00098 /src/mosquitto/apps/mosquitto_passwd/../../common/misc_mosq.c:208
2 2 1 :

['fopen']

22 22 mosquitto__fopen call site: 00085 /src/mosquitto/apps/mosquitto_passwd/../../common/misc_mosq.c:139
0 56 1 :

['output_new_password']

40 143 mosquitto_passwd_fuzz_main call site: 00067 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:603
0 0 None 299 749 mosquitto_passwd_fuzz_main call site: 00032 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:472
0 0 None 299 749 mosquitto_passwd_fuzz_main call site: 00038 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:488
0 0 None 299 749 mosquitto_passwd_fuzz_main call site: 00039 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:490
0 0 None 299 749 mosquitto_passwd_fuzz_main call site: 00040 /src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c:492

Runtime coverage analysis

Covered functions
16
Functions that are reachable but not covered
67
Reachable functions
84
Percentage of reachable functions covered
20.24%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/apps/mosquitto_passwd/mosquitto_passwd_fuzz_load.cpp 2
apps/mosquitto_passwd/mosquitto_passwd.c 12
apps/mosquitto_passwd/get_password.c 3
apps/mosquitto_passwd/../../common/misc_mosq.c 3
apps/mosquitto_passwd/../../common/password_mosq.c 1
apps/mosquitto_passwd/../../common/base64_mosq.c 1

Fuzzer: db_dump_fuzz_load_client_stats

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 53 18.1%
gold [1:9] 1 0.34%
yellow [10:29] 6 2.05%
greenyellow [30:49] 3 1.02%
lawngreen 50+ 229 78.4%
All colors 292 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
40 40 1 :

['print__base_msg']

40 54 dump__base_msg_chunk_process call site: 00149 /src/mosquitto/apps/db_dump/db_dump.c:302
6 6 1 :

['print__client']

6 8 dump__client_chunk_process call site: 00263 /src/mosquitto/apps/db_dump/db_dump.c:172
5 5 1 :

['print__client_msg']

5 7 dump__client_msg_chunk_process call site: 00191 /src/mosquitto/apps/db_dump/db_dump.c:214
4 4 1 :

['print__sub']

4 6 dump__sub_chunk_process call site: 00231 /src/mosquitto/apps/db_dump/db_dump.c:362
0 0 None 46 97 dump__base_msg_chunk_process call site: 00146 /src/mosquitto/apps/db_dump/db_dump.c:293
0 0 None 24 821 db_dump_fuzz_main call site: 00008 /src/mosquitto/apps/db_dump/db_dump.c:428
0 0 None 22 819 db_dump_fuzz_main call site: 00012 /src/mosquitto/apps/db_dump/db_dump.c:444
0 0 None 20 59 dump__client_chunk_process call site: 00259 /src/mosquitto/apps/db_dump/db_dump.c:163
0 0 None 6 26 db_dump_fuzz_main call site: 00271 /src/mosquitto/apps/db_dump/db_dump.c:490
0 0 None 2 185 persist__chunk_base_msg_read_v56 call site: 00069 /src/mosquitto/src/persist_read_v5.c:212
0 0 None 0 181 property__read_all call site: 00073 /src/mosquitto/src/../lib/property_mosq.c:176
0 0 None 0 59 db_dump_fuzz_main call site: 00274 /src/mosquitto/apps/db_dump/db_dump.c:504

Runtime coverage analysis

Covered functions
56
Functions that are reachable but not covered
29
Reachable functions
86
Percentage of reachable functions covered
66.28%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/apps/db_dump/db_dump_fuzz_load_client_stats.cpp 2
apps/db_dump/db_dump.c 14
src/persist_read.c 3
src/persist_read_v5.c 7
src/persist_read_v234.c 7
apps/db_dump/stubs.c 2
src/../lib/memory_mosq.c 3
src/../lib/property_mosq.c 9
src/../lib/packet_datatypes.c 6
src/../lib/utf8_mosq.c 1
src/memory_public.c 2
apps/db_dump/print.c 5

Fuzzer: db_dump_fuzz_load

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 30 10.2%
gold [1:9] 1 0.34%
yellow [10:29] 8 2.73%
greenyellow [30:49] 3 1.02%
lawngreen 50+ 250 85.6%
All colors 292 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
16 53 7 :

['mosquitto_free', 'exit', 'mosquitto_malloc', 'strlen', 'strdup', 'free', 'calloc']

16 61 dump__client_chunk_process call site: 00258 /src/mosquitto/apps/db_dump/db_dump.c:161
12 12 2 :

['strlen', 'memcmp']

12 19 dump__client_msg_chunk_process call site: 00188 /src/mosquitto/apps/db_dump/db_dump.c:201
10 10 2 :

['strlen', 'memcmp']

10 16 dump__sub_chunk_process call site: 00229 /src/mosquitto/apps/db_dump/db_dump.c:354
8 45 4 :

['mosquitto_free', 'exit', 'mosquitto_malloc', 'calloc']

8 99 dump__base_msg_chunk_process call site: 00143 /src/mosquitto/apps/db_dump/db_dump.c:291
0 0 None 22 819 db_dump_fuzz_main call site: 00011 /src/mosquitto/apps/db_dump/db_dump.c:444
0 0 None 6 26 db_dump_fuzz_main call site: 00270 /src/mosquitto/apps/db_dump/db_dump.c:490
0 0 None 2 185 persist__chunk_base_msg_read_v56 call site: 00067 /src/mosquitto/src/persist_read_v5.c:212
0 0 None 0 181 property__read_all call site: 00071 /src/mosquitto/src/../lib/property_mosq.c:176
0 0 None 0 59 db_dump_fuzz_main call site: 00273 /src/mosquitto/apps/db_dump/db_dump.c:504
0 0 None 0 25 persist__chunk_base_msg_read_v56 call site: 00065 /src/mosquitto/src/persist_read_v5.c:200
0 0 None 0 20 persist__chunk_base_msg_read_v234 call site: 00130 /src/mosquitto/src/persist_read_v234.c:171
0 0 None 0 0 dump__base_msg_chunk_process call site: 00138 /src/mosquitto/apps/db_dump/db_dump.c:256

Runtime coverage analysis

Covered functions
61
Functions that are reachable but not covered
24
Reachable functions
86
Percentage of reachable functions covered
72.09%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/apps/db_dump/db_dump_fuzz_load.cpp 2
apps/db_dump/db_dump.c 14
src/persist_read.c 3
src/persist_read_v5.c 7
src/persist_read_v234.c 7
apps/db_dump/stubs.c 2
src/../lib/memory_mosq.c 3
src/../lib/property_mosq.c 9
src/../lib/packet_datatypes.c 6
src/../lib/utf8_mosq.c 1
src/memory_public.c 2
apps/db_dump/print.c 5

Fuzzer: db_dump_fuzz_load_stats

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 60 20.5%
gold [1:9] 1 0.34%
yellow [10:29] 8 2.73%
greenyellow [30:49] 2 0.68%
lawngreen 50+ 221 75.6%
All colors 292 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
40 40 1 :

['print__base_msg']

40 54 dump__base_msg_chunk_process call site: 00149 /src/mosquitto/apps/db_dump/db_dump.c:302
16 53 7 :

['mosquitto_free', 'exit', 'mosquitto_malloc', 'strlen', 'strdup', 'free', 'calloc']

22 61 dump__client_chunk_process call site: 00259 /src/mosquitto/apps/db_dump/db_dump.c:161
12 12 2 :

['strlen', 'memcmp']

17 19 dump__client_msg_chunk_process call site: 00189 /src/mosquitto/apps/db_dump/db_dump.c:201
10 10 2 :

['strlen', 'memcmp']

14 16 dump__sub_chunk_process call site: 00230 /src/mosquitto/apps/db_dump/db_dump.c:354
8 45 4 :

['mosquitto_free', 'exit', 'mosquitto_malloc', 'calloc']

48 99 dump__base_msg_chunk_process call site: 00145 /src/mosquitto/apps/db_dump/db_dump.c:291
6 6 1 :

['print__client']

6 8 dump__client_chunk_process call site: 00263 /src/mosquitto/apps/db_dump/db_dump.c:172
5 5 1 :

['print__client_msg']

5 7 dump__client_msg_chunk_process call site: 00191 /src/mosquitto/apps/db_dump/db_dump.c:214
4 4 1 :

['print__sub']

4 6 dump__sub_chunk_process call site: 00231 /src/mosquitto/apps/db_dump/db_dump.c:362
0 0 None 24 821 db_dump_fuzz_main call site: 00008 /src/mosquitto/apps/db_dump/db_dump.c:428
0 0 None 22 819 db_dump_fuzz_main call site: 00012 /src/mosquitto/apps/db_dump/db_dump.c:444
0 0 None 6 26 db_dump_fuzz_main call site: 00271 /src/mosquitto/apps/db_dump/db_dump.c:490
0 0 None 2 185 persist__chunk_base_msg_read_v56 call site: 00069 /src/mosquitto/src/persist_read_v5.c:212

Runtime coverage analysis

Covered functions
56
Functions that are reachable but not covered
29
Reachable functions
86
Percentage of reachable functions covered
66.28%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/apps/db_dump/db_dump_fuzz_load_stats.cpp 2
apps/db_dump/db_dump.c 14
src/persist_read.c 3
src/persist_read_v5.c 7
src/persist_read_v234.c 7
apps/db_dump/stubs.c 2
src/../lib/memory_mosq.c 3
src/../lib/property_mosq.c 9
src/../lib/packet_datatypes.c 6
src/../lib/utf8_mosq.c 1
src/memory_public.c 2
apps/db_dump/print.c 5

Fuzzer: broker_fuzz_read_handle

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 848 64.7%
gold [1:9] 68 5.19%
yellow [10:29] 66 5.03%
greenyellow [30:49] 42 3.20%
lawngreen 50+ 286 21.8%
All colors 1310 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
3396 3414 6 :

['mosquitto__mid_generate', 'mosquitto__malloc', 'db__messages_easy_queue', 'strlen', 'send__real_publish', 'mosquitto__free']

5976 5994 bridge__on_connect call site: 01152 /src/mosquitto/src/bridge.c:634
1446 1446 1 :

['connect__on_authorised']

1446 1446 handle__connect call site: 00760 /src/mosquitto/src/handle_connect.c:981
939 939 1 :

['get_username_from_cert']

4788 15716 handle__connect call site: 00713 /src/mosquitto/src/handle_connect.c:912
896 898 2 :

['send__auth', 'mosquitto__set_state']

896 898 handle__connect call site: 00761 /src/mosquitto/src/handle_connect.c:983
98 98 3 :

['session_expiry__add', 'context__add_to_disused', 'plugin_persist__handle_client_delete']

98 125 context__disconnect call site: 00866 /src/mosquitto/src/context.c:253
64 64 3 :

['mosquitto_strerror', '__errno_location', 'strerror']

64 1077 do_disconnect call site: 00825 /src/mosquitto/src/loop.c:295
47 47 1 :

['mosquitto__fopen']

51 51 log__init call site: 00003 /src/mosquitto/src/logging.c:129
39 39 1 :

['bridge__cleanup']

39 1212 context__cleanup call site: 01246 /src/mosquitto/src/context.c:152
18 18 3 :

['close', 'memcmp', 'mosquitto_free']

18 18 net__socket_close call site: 00871 /src/mosquitto/src/../lib/net_mosq.c:248
16 16 1 :

['ws__prepare_packet']

16 1692 packet__queue call site: 00227 /src/mosquitto/src/../lib/packet_mosq.c:189
12 12 1 :

['mosquitto__strdup']

3849 11187 handle__connect call site: 00720 /src/mosquitto/src/handle_connect.c:956
6 6 3 :

['SSL_free', 'SSL_shutdown', 'SSL_in_init']

24 26 net__socket_close call site: 00867 /src/mosquitto/src/../lib/net_mosq.c:228

Runtime coverage analysis

Covered functions
132
Functions that are reachable but not covered
201
Reachable functions
333
Percentage of reachable functions covered
39.64%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/broker/broker_fuzz_read_handle.cpp 1
src/logging.c 4
src/../common/misc_mosq.c 1
src/database.c 36
src/../lib/memory_mosq.c 5
src/../lib/property_mosq.c 29
src/memory_public.c 2
src/subs.c 14
src/topic_tok.c 2
src/plugin_acl_check.c 3
src/../lib/util_topic.c 4
src/../lib/util_mosq.c 8
src/../lib/net_mosq.c 5
src/sys_tree.c 2
src/plugin_persist.c 12
src/../lib/send_publish.c 2
src/plugin_message.c 3
src/../lib/alias_mosq.c 7
src/../lib/packet_datatypes.c 14
src/../lib/packet_mosq.c 7
src/../lib/net_ws.c 1
src/mux.c 3
src/mux_epoll.c 3
src/../lib/send_mosq.c 7
src/retain.c 6
src/context.c 8
src/read_handle.c 1
src/../lib/handle_ping.c 2
src/../lib/handle_pubackcomp.c 1
src/../lib/utf8_mosq.c 1
src/handle_publish.c 1
src/bridge_topic.c 1
src/control.c 1
src/../lib/handle_pubrec.c 1
src/../lib/handle_pubrel.c 1
src/handle_connect.c 8
src/send_connack.c 1
src/keepalive.c 3
src/property_broker.c 3
src/plugin_extended_auth.c 4
src/will_delay.c 3
src/loop.c 2
src/../lib/will_mosq.c 1
src/session_expiry.c 4
src/../lib/send_disconnect.c 1
src/../lib/strings_mosq.c 2
src/plugin_disconnect.c 2
src/plugin_client_offline.c 2
src/security_default.c 1
src/plugin_connect.c 2
src/send_auth.c 1
src/plugin_basic_auth.c 2
src/handle_disconnect.c 1
src/handle_subscribe.c 1
src/plugin_subscribe.c 2
src/send_suback.c 1
src/handle_unsubscribe.c 1
src/plugin_unsubscribe.c 2
src/send_unsuback.c 1
src/handle_connack.c 1
src/bridge.c 2
src/../lib/send_subscribe.c 1
src/../lib/send_unsubscribe.c 1
src/../lib/handle_suback.c 1
src/../lib/handle_unsuback.c 1
src/handle_auth.c 1
src/conf.c 1

Fuzzer: broker_fuzz_test_config

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2917 85.6%
gold [1:9] 168 4.93%
yellow [10:29] 7 0.20%
greenyellow [30:49] 12 0.35%
lawngreen 50+ 303 8.89%
All colors 3407 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
32809 32814 37 :

['mosquitto_main_loop', 'will_delay__send_all', 'log__init', 'mux__init', 'pid__write', 'set_umask', 'drop_privileges', 'mosquitto__free', 'report_features', 'mosquitto_security_init', 'remove', 'sys_tree__init', 'keepalive__cleanup', 'plugin__unload_all', 'session_expiry__remove_all', 'bridge__db_cleanup', 'acl__find_acls', 'mosquitto_security_cleanup', 'context__send_will', 'db__msg_store_compact', 'listeners__stop', 'plugin__load_all', 'signal__setup', 'db__close', 'context__free_disused', 'net__broker_cleanup', 'context__cleanup', 'keepalive__init', 'log__close', 'broker_control__init', 'listeners__start', 'bridge__start_all', 'mosquitto__daemonise', 'persist__backup', 'db__open', 'plugin_persist__handle_restore', 'broker_control__cleanup']

32809 32852 mosquitto_fuzz_main call site: 01209 /src/mosquitto/src/mosquitto.c:371
3069 126979 30 :

['strrchr', 'listener__set_defaults', 'conf__parse_string', 'mosquitto__realloc', 'conf__parse_int', 'conf__attempt_resolve', 'atoi', 'conf__parse_bool', 'conf__set_cur_security_options', 'fgets_extending', 'strncmp', 'mosquitto__hex2bin_sha1', 'mosquitto__malloc', 'config__read_file', 'bridge__add_topic', 'strcmp', 'conf__parse_ssize_t', 'config__get_dir_files', 'mosquitto_pub_topic_check', 'mosquitto__free', 'strcasecmp', 'mosquitto__strdup', 'config__create_default_listener', 'memory__set_limit', 'strtok_r', 'config__plugin_find', 'config__plugin_load', 'config__plugin_add_secopt', 'strlen', 'config__add_listener']

3069 126979 config__read_file_core call site: 00555 /src/mosquitto/src/conf.c:1173
3069 126979 30 :

['strrchr', 'listener__set_defaults', 'conf__parse_string', 'mosquitto__realloc', 'conf__parse_int', 'conf__attempt_resolve', 'atoi', 'conf__parse_bool', 'conf__set_cur_security_options', 'fgets_extending', 'strncmp', 'mosquitto__hex2bin_sha1', 'mosquitto__malloc', 'config__read_file', 'bridge__add_topic', 'strcmp', 'conf__parse_ssize_t', 'config__get_dir_files', 'mosquitto_pub_topic_check', 'mosquitto__free', 'strcasecmp', 'mosquitto__strdup', 'config__create_default_listener', 'memory__set_limit', 'strtok_r', 'config__plugin_find', 'config__plugin_load', 'config__plugin_add_secopt', 'strlen', 'config__add_listener']

3069 126979 config__read_file_core call site: 00801 /src/mosquitto/src/conf.c:1857
3069 126979 30 :

['strrchr', 'listener__set_defaults', 'conf__parse_string', 'mosquitto__realloc', 'conf__parse_int', 'conf__attempt_resolve', 'atoi', 'conf__parse_bool', 'conf__set_cur_security_options', 'fgets_extending', 'strncmp', 'mosquitto__hex2bin_sha1', 'mosquitto__malloc', 'config__read_file', 'bridge__add_topic', 'strcmp', 'conf__parse_ssize_t', 'config__get_dir_files', 'mosquitto_pub_topic_check', 'mosquitto__free', 'strcasecmp', 'mosquitto__strdup', 'config__create_default_listener', 'memory__set_limit', 'strtok_r', 'config__plugin_find', 'config__plugin_load', 'config__plugin_add_secopt', 'strlen', 'config__add_listener']

3069 126979 config__read_file_core call site: 00807 /src/mosquitto/src/conf.c:1885
3069 126979 30 :

['strrchr', 'listener__set_defaults', 'conf__parse_string', 'mosquitto__realloc', 'conf__parse_int', 'conf__attempt_resolve', 'atoi', 'conf__parse_bool', 'conf__set_cur_security_options', 'fgets_extending', 'strncmp', 'mosquitto__hex2bin_sha1', 'mosquitto__malloc', 'config__read_file', 'bridge__add_topic', 'strcmp', 'conf__parse_ssize_t', 'config__get_dir_files', 'mosquitto_pub_topic_check', 'mosquitto__free', 'strcasecmp', 'mosquitto__strdup', 'config__create_default_listener', 'memory__set_limit', 'strtok_r', 'config__plugin_find', 'config__plugin_load', 'config__plugin_add_secopt', 'strlen', 'config__add_listener']

3069 126979 config__read_file_core call site: 00841 /src/mosquitto/src/conf.c:1979
3069 126979 30 :

['strrchr', 'listener__set_defaults', 'conf__parse_string', 'mosquitto__realloc', 'conf__parse_int', 'conf__attempt_resolve', 'atoi', 'conf__parse_bool', 'conf__set_cur_security_options', 'fgets_extending', 'strncmp', 'mosquitto__hex2bin_sha1', 'mosquitto__malloc', 'config__read_file', 'bridge__add_topic', 'strcmp', 'conf__parse_ssize_t', 'config__get_dir_files', 'mosquitto_pub_topic_check', 'mosquitto__free', 'strcasecmp', 'mosquitto__strdup', 'config__create_default_listener', 'memory__set_limit', 'strtok_r', 'config__plugin_find', 'config__plugin_load', 'config__plugin_add_secopt', 'strlen', 'config__add_listener']

3069 126979 config__read_file_core call site: 00970 /src/mosquitto/src/conf.c:2266
843 843 2 :

['strlen', 'db__messages_easy_queue']

843 843 log__vprintf call site: 00077 /src/mosquitto/src/logging.c:363
21 21 1 :

['config__copy']

27 918 config__read call site: 01098 /src/mosquitto/src/conf.c:737
16 21 3 :

['getenv', 'mosquitto_strdup', 'mosquitto__free']

16 41 config__parse_args call site: 01202 /src/mosquitto/src/conf.c:606
12 12 4 :

['getuid', 'getpwuid_r', 'getgrgid_r', 'getgid']

14 14 mosquitto__fopen call site: 00391 /src/mosquitto/apps/mosquitto_passwd/../../common/misc_mosq.c:176
10 10 4 :

['strlen', 'fdopen', 'umask', 'open']

30 30 mosquitto__fopen call site: 00386 /src/mosquitto/apps/mosquitto_passwd/../../common/misc_mosq.c:139
9 9 2 :

['get_time', 'strftime']

854 854 log__vprintf call site: 00067 /src/mosquitto/src/logging.c:320

Runtime coverage analysis

Covered functions
46
Functions that are reachable but not covered
793
Reachable functions
840
Percentage of reachable functions covered
5.6%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/broker/broker_fuzz_test_config.cpp 2
src/mosquitto.c 7
src/../common/time_mosq.c 2
src/plugin_public.c 4
src/net.c 17
src/../lib/net_mosq.c 26
src/conf.c 25
src/listeners.c 7
src/../lib/memory_mosq.c 7
src/logging.c 5
src/database.c 40
src/../lib/property_mosq.c 28
src/memory_public.c 4
src/subs.c 15
src/topic_tok.c 2
src/plugin_acl_check.c 4
src/../lib/util_topic.c 5
src/../lib/util_mosq.c 11
src/sys_tree.c 5
src/plugin_persist.c 13
src/../lib/send_publish.c 2
src/plugin_message.c 3
src/../lib/alias_mosq.c 7
src/../lib/packet_datatypes.c 14
src/../lib/packet_mosq.c 8
src/../lib/net_ws.c 8
src/mux.c 9
src/mux_epoll.c 10
src/../lib/send_mosq.c 8
src/retain.c 8
src/../common/misc_mosq.c 4
src/../lib/utf8_mosq.c 1
src/conf_includedir.c 2
src/bridge_topic.c 5
src/keepalive.c 7
src/persist_read.c 12
src/persist_read_v5.c 7
src/persist_read_v234.c 7
src/context.c 10
src/session_expiry.c 7
src/plugin_init.c 5
src/plugin_v5.c 1
src/plugin_v4.c 7
src/plugin_callbacks.c 7
src/control.c 4
src/plugin_v3.c 5
src/plugin_v2.c 5
src/security_default.c 19
src/../common/base64_mosq.c 2
src/../common/password_mosq.c 1
src/loop.c 6
src/plugin_psk_key.c 2
src/signals.c 3
src/bridge.c 19
src/../lib/will_mosq.c 2
src/../lib/tls_mosq.c 3
/usr/include/openssl/x509v3.h 3
src/../lib/net_mosq_ocsp.c 1
/usr/include/openssl/x509.h 1
src/../lib/send_connect.c 1
src/broker_control.c 9
src/control_common.c 4
src/will_delay.c 5
src/../lib/strings_mosq.c 2
src/plugin_disconnect.c 2
src/plugin_client_offline.c 2
src/../lib/send_disconnect.c 1
src/plugin_tick.c 2
src/http_serv.c 4
src/read_handle.c 1
src/../lib/handle_ping.c 2
src/../lib/handle_pubackcomp.c 1
src/handle_publish.c 1
src/../lib/handle_pubrec.c 1
src/../lib/handle_pubrel.c 1
src/handle_connect.c 8
src/send_connack.c 1
src/property_broker.c 3
src/plugin_extended_auth.c 4
src/plugin_connect.c 2
src/send_auth.c 1
src/plugin_basic_auth.c 2
src/handle_disconnect.c 1
src/handle_subscribe.c 1
src/plugin_subscribe.c 2
src/send_suback.c 1
src/handle_unsubscribe.c 1
src/plugin_unsubscribe.c 2
src/send_unsuback.c 1
src/handle_connack.c 1
src/../lib/send_subscribe.c 1
src/../lib/send_unsubscribe.c 1
src/../lib/handle_suback.c 1
src/../lib/handle_unsuback.c 1
src/handle_auth.c 1
lib/../deps/picohttpparser/picohttpparser.c 8
src/persist_write.c 9
src/persist_write_v5.c 6
src/plugin_cleanup.c 4

Fuzzer: dynsec_fuzz_load

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 1551 86.5%
gold [1:9] 0 0.0%
yellow [10:29] 1 0.05%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 241 13.4%
All colors 1793 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
1087 1087 2 :

['fopen', 'dynsec__config_init']

1109 2459 dynsec__config_load call site: 00365 /src/mosquitto/plugins/dynamic-security/config.c:107
47 47 1 :

['mosquitto__fopen']

51 51 log__init call site: 00008 /src/mosquitto/src/logging.c:129
31 31 1 :

['dynsec_rolelist__remove_role']

31 31 dynsec_rolelist__client_add call site: 00583 /src/mosquitto/plugins/dynamic-security/rolelist.c:149
31 31 1 :

['dynsec_rolelist__remove_role']

31 31 dynsec_rolelist__group_add call site: 00614 /src/mosquitto/plugins/dynamic-security/rolelist.c:165
29 29 1 :

['dynsec_clientlist__remove']

29 29 dynsec_groups__add_client call site: 00630 /src/mosquitto/plugins/dynamic-security/groups.c:524
4 4 2 :

['__errno_location', 'strerror']

6 6 dynsec__config_load call site: 00477 /src/mosquitto/plugins/dynamic-security/config.c:123
2 2 1 :

['openlog']

53 53 log__init call site: 00007 /src/mosquitto/src/logging.c:121
2 2 1 :

['dynsec__config_batch_save']

2 2 dynsec_groups__add_client call site: 00631 /src/mosquitto/plugins/dynamic-security/groups.c:529
0 14 1 :

['mosquitto_strdup']

0 14 mosquitto_plugin_set_info call site: 00363 /src/mosquitto/src/plugin_public.c:43
0 7 1 :

['mosquitto_free']

2 9 dynsec__config_load call site: 00482 /src/mosquitto/plugins/dynamic-security/config.c:139
0 5 1 :

['mosquitto__free']

0 5 control__register_callback call site: 00640 /src/mosquitto/src/control.c:110
0 0 None 28 478 dynsec_groups__config_load call site: 00603 /src/mosquitto/plugins/dynamic-security/groups.c:236

Runtime coverage analysis

Covered functions
66
Functions that are reachable but not covered
348
Reachable functions
415
Percentage of reachable functions covered
16.14%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
fuzzing/plugins/dynamic-security/dynsec_fuzz_load.cpp 2
src/logging.c 5
plugins/dynamic-security/../../common/misc_mosq.c 2
src/database.c 20
src/../lib/memory_mosq.c 5
src/../lib/property_mosq.c 8
src/memory_public.c 4
src/subs.c 9
src/topic_tok.c 2
src/plugin_acl_check.c 3
src/../lib/util_topic.c 3
src/../lib/util_mosq.c 6
src/../lib/net_mosq.c 5
src/sys_tree.c 2
src/plugin_persist.c 9
src/../lib/send_publish.c 2
src/plugin_message.c 2
src/../lib/alias_mosq.c 5
src/../lib/packet_datatypes.c 7
src/../lib/packet_mosq.c 6
src/../lib/net_ws.c 1
src/mux.c 3
src/mux_epoll.c 3
src/../lib/send_mosq.c 2
src/retain.c 3
plugins/dynamic-security/plugin.c 2
src/plugin_public.c 10
plugins/dynamic-security/config.c 8
plugins/dynamic-security/config_init.c 14
plugins/dynamic-security/../../common/password_mosq.c 1
plugins/dynamic-security/../../common/base64_mosq.c 2
plugins/dynamic-security/../../common/json_help.c 4
plugins/dynamic-security/roles.c 23
plugins/dynamic-security/clients.c 25
plugins/dynamic-security/rolelist.c 11
plugins/dynamic-security/clientlist.c 6
plugins/dynamic-security/groups.c 24
plugins/dynamic-security/grouplist.c 5
src/plugin_callbacks.c 6
src/control.c 2
plugins/dynamic-security/control.c 2
src/control_common.c 4
src/loop.c 2
plugins/dynamic-security/default_acl.c 2
src/../lib/utf8_mosq.c 1
plugins/dynamic-security/hash.c 1
plugins/dynamic-security/kicklist.c 3
src/../lib/send_disconnect.c 1
src/../lib/strings_mosq.c 1
src/context.c 4
src/plugin_disconnect.c 2
src/plugin_client_offline.c 2
src/will_delay.c 2
src/../lib/will_mosq.c 1
src/session_expiry.c 3
src/keepalive.c 2
plugins/dynamic-security/auth.c 2
plugins/dynamic-security/acl.c 2
plugins/dynamic-security/tick.c 1

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
93.0%
772 / 829
Cyclomatic complexity statically reachable by fuzzers
94.0%
8405 / 8954

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
mosquitto_passwd_fuzz_main 234 85 36.32% ['mosquitto_passwd_fuzz_load']
packet__write 62 8 12.90% ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load']
property__get_length 32 7 21.87% ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load']
mosquitto_property_copy_all 74 3 4.054% ['broker_fuzz_read_handle', 'broker_fuzz_test_config']
property__write 35 11 31.42% ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load']
bridge__on_connect 83 16 19.27% ['broker_fuzz_read_handle', 'broker_fuzz_test_config']
bridge__remap_topic_in 46 9 19.56% ['broker_fuzz_read_handle', 'broker_fuzz_test_config']
context__disconnect 34 16 47.05% ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load']
db__message_delete_outgoing 52 14 26.92% ['broker_fuzz_read_handle', 'broker_fuzz_test_config']
db__message_release_incoming 47 15 31.91% ['broker_fuzz_read_handle', 'broker_fuzz_test_config']
db__message_reconnect_reset_outgoing 53 15 28.30% ['broker_fuzz_read_handle', 'broker_fuzz_test_config']
db__message_reconnect_reset_incoming 43 15 34.88% ['broker_fuzz_read_handle', 'broker_fuzz_test_config']
handle__auth 102 13 12.74% ['broker_fuzz_read_handle', 'broker_fuzz_test_config']
handle__publish 321 171 53.27% ['broker_fuzz_read_handle', 'broker_fuzz_test_config']
do_disconnect 101 9 8.910% ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load']
mosquitto_acl_check 43 6 13.95% ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load']
mosquitto_basic_auth 39 13 33.33% ['broker_fuzz_read_handle', 'broker_fuzz_test_config']
sub__clean_session 50 10 20.0% ['broker_fuzz_read_handle', 'broker_fuzz_test_config']
config__parse_args 84 35 41.66% ['broker_fuzz_test_config']
config__read_file_core 1250 485 38.80% ['broker_fuzz_test_config']
config__check_bridges 45 10 22.22% ['broker_fuzz_test_config']
config__get_dir_files 42 23 54.76% ['broker_fuzz_test_config']
mosquitto_fuzz_main 128 29 22.65% ['broker_fuzz_test_config']
dynsec__config_load 46 22 47.82% ['dynsec_fuzz_load']
mosquitto_plugin_init 69 32 46.37% ['dynsec_fuzz_load']
mosquitto_callback_register 43 20 46.51% ['broker_fuzz_test_config', 'dynsec_fuzz_load']
get_event_name 60 10 16.66% ['broker_fuzz_test_config', 'dynsec_fuzz_load']

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/usr/include/openssl/x509.h ['broker_fuzz_test_config'] []
/src/mosquitto/src/plugin_disconnect.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/src/plugin_message.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/src/../lib/net_ws.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/src/plugin_connect.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] []
/src/mosquitto/src/plugin_client_offline.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/src/../lib/packet_mosq.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/plugins/dynamic-security/rolelist.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/src/mosquitto.c ['broker_fuzz_test_config'] ['broker_fuzz_test_config']
/src/mosquitto/fuzzing/apps/db_dump/db_dump_fuzz_load_stats.cpp ['db_dump_fuzz_load_stats'] ['db_dump_fuzz_load_stats']
/src/mosquitto/fuzzing/lib/lib_fuzz_utf8.cpp ['lib_fuzz_utf8'] ['lib_fuzz_utf8']
/src/mosquitto/apps/mosquitto_passwd/get_password.c ['mosquitto_passwd_fuzz_load'] []
/src/mosquitto/src/plugin_cleanup.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/bridge.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/src/plugin_v4.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/control_common.c ['broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/src/security_default.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] []
/src/mosquitto/src/plugin_basic_auth.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/src/plugin_v3.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/../common/time_mosq.c ['broker_fuzz_test_config'] []
/src/mosquitto/plugins/dynamic-security/tick.c ['dynsec_fuzz_load'] []
/src/mosquitto/lib/util_topic.c ['lib_fuzz_pub_topic_check2', 'lib_fuzz_sub_topic_check2'] ['lib_fuzz_pub_topic_check2', 'lib_fuzz_sub_topic_check2']
/src/mosquitto/src/database.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/fuzzing/lib/lib_fuzz_pub_topic_check2.cpp ['lib_fuzz_pub_topic_check2'] ['lib_fuzz_pub_topic_check2']
/src/mosquitto/apps/db_dump/stubs.c ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats'] ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats']
/src/mosquitto/src/handle_connect.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/src/plugin_acl_check.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/apps/db_dump/print.c ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats'] ['db_dump_fuzz_load']
/src/mosquitto/src/../lib/send_publish.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/src/../lib/alias_mosq.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/src/will_delay.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/fuzzing/plugins/dynamic-security/dynsec_fuzz_load.cpp ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/src/read_handle.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/src/persist_read_v234.c ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats', 'broker_fuzz_test_config'] ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats']
/src/mosquitto/src/../lib/util_topic.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['lib_fuzz_pub_topic_check2', 'lib_fuzz_sub_topic_check2']
/src/mosquitto/src/../lib/utf8_mosq.c ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats', 'broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['lib_fuzz_utf8']
/src/mosquitto/plugins/dynamic-security/../../common/base64_mosq.c ['dynsec_fuzz_load'] []
/src/mosquitto/fuzzing/apps/mosquitto_passwd/mosquitto_passwd_fuzz_load.cpp ['mosquitto_passwd_fuzz_load'] ['mosquitto_passwd_fuzz_load']
/src/mosquitto/src/../lib/net_mosq_ocsp.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/send_connack.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/src/plugin_persist.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/src/plugin_extended_auth.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/src/bridge_topic.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/plugins/dynamic-security/../../common/password_mosq.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/handle_connack.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/fuzzing/apps/db_dump/db_dump_fuzz_load_client_stats.cpp ['db_dump_fuzz_load_client_stats'] ['db_dump_fuzz_load_client_stats']
/src/mosquitto/src/plugin_tick.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/handle_disconnect.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/src/topic_tok.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/plugins/dynamic-security/hash.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/plugin_init.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/persist_read_v5.c ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats', 'broker_fuzz_test_config'] ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats']
/src/mosquitto/src/plugin_callbacks.c ['broker_fuzz_test_config', 'dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/src/../lib/send_subscribe.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] []
/src/mosquitto/src/plugin_psk_key.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/plugin_unsubscribe.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] []
/src/mosquitto/plugins/dynamic-security/control.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/../lib/handle_suback.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] []
/src/mosquitto/lib/../deps/picohttpparser/picohttpparser.c ['broker_fuzz_test_config'] []
/src/mosquitto/plugins/dynamic-security/../../common/misc_mosq.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/mux_epoll.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/src/subs.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/plugins/dynamic-security/default_acl.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/net.c ['broker_fuzz_test_config'] ['broker_fuzz_test_config']
/src/mosquitto/plugins/dynamic-security/clientlist.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/plugins/dynamic-security/config.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/src/../lib/handle_pubrec.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] []
/src/mosquitto/apps/mosquitto_passwd/../../common/misc_mosq.c ['mosquitto_passwd_fuzz_load'] []
/src/mosquitto/src/logging.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load']
/src/mosquitto/src/../lib/strings_mosq.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/src/persist_read.c ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats', 'broker_fuzz_test_config'] ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats']
/src/mosquitto/plugins/dynamic-security/plugin.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/plugins/dynamic-security/acl.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/../lib/send_connect.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/memory_public.c ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats', 'broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats', 'broker_fuzz_test_config', 'dynsec_fuzz_load']
/src/mosquitto/src/../lib/tls_mosq.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/context.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/src/session_expiry.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/lib/utf8_mosq.c ['lib_fuzz_utf8'] ['lib_fuzz_utf8']
/src/mosquitto/src/mux.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/plugins/dynamic-security/auth.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/plugin_v5.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/../lib/util_mosq.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/plugins/dynamic-security/groups.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/plugins/dynamic-security/roles.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/src/property_broker.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/src/../lib/will_mosq.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/src/sys_tree.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/src/signals.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/plugin_subscribe.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] []
/src/mosquitto/src/loop.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/src/plugin_v2.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/send_auth.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] []
/src/mosquitto/src/../common/misc_mosq.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] []
/src/mosquitto/src/../lib/handle_ping.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] []
/src/mosquitto/fuzzing/broker/broker_fuzz_test_config.cpp ['broker_fuzz_test_config'] ['broker_fuzz_test_config']
/src/mosquitto/src/conf.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_test_config']
/src/mosquitto/src/../lib/handle_pubackcomp.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] []
/src/mosquitto/plugins/dynamic-security/kicklist.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/plugins/dynamic-security/grouplist.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/plugins/dynamic-security/config_init.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/persist_write_v5.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/send_unsuback.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/src/persist_write.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/handle_subscribe.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/src/send_suback.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/fuzzing/broker/broker_fuzz_read_handle.cpp ['broker_fuzz_read_handle'] ['broker_fuzz_read_handle']
/src/mosquitto/apps/mosquitto_passwd/../../common/password_mosq.c ['mosquitto_passwd_fuzz_load'] []
/src/mosquitto/src/handle_publish.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/plugins/dynamic-security/clients.c ['dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/src/../lib/memory_mosq.c ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats', 'broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/usr/include/openssl/x509v3.h ['broker_fuzz_test_config'] []
/src/mosquitto/src/conf_includedir.c ['broker_fuzz_test_config'] ['broker_fuzz_test_config']
/src/mosquitto/plugins/dynamic-security/../../common/json_help.c ['dynsec_fuzz_load'] []
/src/mosquitto/src/../lib/handle_pubrel.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] []
/src/mosquitto/src/retain.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/apps/mosquitto_passwd/../../common/base64_mosq.c ['mosquitto_passwd_fuzz_load'] []
/src/mosquitto/src/../lib/net_mosq.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/fuzzing/lib/lib_fuzz_sub_topic_check2.cpp ['lib_fuzz_sub_topic_check2'] ['lib_fuzz_sub_topic_check2']
/src/mosquitto/src/http_serv.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/../lib/packet_datatypes.c ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats', 'broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/apps/mosquitto_passwd/mosquitto_passwd.c ['mosquitto_passwd_fuzz_load'] ['mosquitto_passwd_fuzz_load']
/src/mosquitto/src/../lib/handle_unsuback.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] []
/src/mosquitto/src/../lib/send_disconnect.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/src/../lib/send_mosq.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []
/src/mosquitto/src/plugin_public.c ['broker_fuzz_test_config', 'dynsec_fuzz_load'] ['broker_fuzz_test_config', 'dynsec_fuzz_load']
/src/mosquitto/src/handle_auth.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/src/../common/base64_mosq.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/handle_unsubscribe.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] ['broker_fuzz_read_handle']
/src/mosquitto/apps/db_dump/db_dump.c ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats'] ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats']
/src/mosquitto/src/keepalive.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['broker_fuzz_read_handle']
/src/mosquitto/src/broker_control.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/control.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] ['dynsec_fuzz_load']
/src/mosquitto/fuzzing/apps/db_dump/db_dump_fuzz_load.cpp ['db_dump_fuzz_load'] ['db_dump_fuzz_load']
/src/mosquitto/src/../lib/send_unsubscribe.c ['broker_fuzz_read_handle', 'broker_fuzz_test_config'] []
/src/mosquitto/src/listeners.c ['broker_fuzz_test_config'] ['broker_fuzz_test_config']
/src/mosquitto/src/../common/password_mosq.c ['broker_fuzz_test_config'] []
/src/mosquitto/src/../lib/property_mosq.c ['db_dump_fuzz_load_client_stats', 'db_dump_fuzz_load', 'db_dump_fuzz_load_stats', 'broker_fuzz_read_handle', 'broker_fuzz_test_config', 'dynsec_fuzz_load'] []

Directories in report

Directory
/src/mosquitto/fuzzing/apps/db_dump/
/src/mosquitto/apps/mosquitto_passwd/../../common/
/src/mosquitto/lib/../deps/picohttpparser/
/usr/include/openssl/
/src/mosquitto/fuzzing/lib/
/src/mosquitto/src/
/src/mosquitto/fuzzing/broker/
/src/mosquitto/fuzzing/plugins/dynamic-security/
/src/mosquitto/src/../lib/
/src/mosquitto/apps/mosquitto_passwd/
/src/mosquitto/apps/db_dump/
/src/mosquitto/plugins/dynamic-security/../../common/
/src/mosquitto/lib/
/src/mosquitto/src/../common/
/src/mosquitto/plugins/dynamic-security/
/src/mosquitto/fuzzing/apps/mosquitto_passwd/

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
lib_fuzz_utf8 fuzzerLogFile-0-kgYtcHovkN.data fuzzerLogFile-0-kgYtcHovkN.data.yaml lib_fuzz_utf8.covreport
lib_fuzz_pub_topic_check2 fuzzerLogFile-0-P3wg5aXhRf.data fuzzerLogFile-0-P3wg5aXhRf.data.yaml lib_fuzz_pub_topic_check2.covreport
lib_fuzz_sub_topic_check2 fuzzerLogFile-0-FIpo2HrwN8.data fuzzerLogFile-0-FIpo2HrwN8.data.yaml lib_fuzz_sub_topic_check2.covreport
mosquitto_passwd_fuzz_load fuzzerLogFile-0-dYTtc4Uqav.data fuzzerLogFile-0-dYTtc4Uqav.data.yaml mosquitto_passwd_fuzz_load.covreport
db_dump_fuzz_load_client_stats fuzzerLogFile-0-QpyMRNgUAG.data fuzzerLogFile-0-QpyMRNgUAG.data.yaml db_dump_fuzz_load_client_stats.covreport
db_dump_fuzz_load fuzzerLogFile-0-fMiHt0xuSZ.data fuzzerLogFile-0-fMiHt0xuSZ.data.yaml db_dump_fuzz_load.covreport
db_dump_fuzz_load_stats fuzzerLogFile-0-KgmJI02kkw.data fuzzerLogFile-0-KgmJI02kkw.data.yaml db_dump_fuzz_load_stats.covreport
broker_fuzz_read_handle fuzzerLogFile-0-9hHTApipFv.data fuzzerLogFile-0-9hHTApipFv.data.yaml broker_fuzz_read_handle.covreport
broker_fuzz_test_config fuzzerLogFile-0-Mg64BUkBFn.data fuzzerLogFile-0-Mg64BUkBFn.data.yaml broker_fuzz_test_config.covreport
dynsec_fuzz_load fuzzerLogFile-0-BtrE61QMdu.data fuzzerLogFile-0-BtrE61QMdu.data.yaml dynsec_fuzz_load.covreport