Fuzz introspector: fuzz_libinjection
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 174 1 :

['h5_state_data']

0 174 h5_state_tag_open call site: 00116 /src/ndpi/src/lib/third_party/src/libinjection_html5.c:209
0 0 None 0 0 libinjection_sqli_tokenize call site: 00033 /src/ndpi/src/lib/third_party/src/libinjection_sqli.c:1222
0 0 None 0 0 libinjection_sqli_not_whitelist call site: 00012 /src/ndpi/src/lib/third_party/src/libinjection_sqli.c:2146
0 0 None 0 0 libinjection_is_sqli call site: 00027 /src/ndpi/src/lib/third_party/src/libinjection_sqli.c:2262
0 0 None 0 0 flag2delim call site: 00035 /src/ndpi/src/lib/third_party/src/libinjection_sqli.c:89
0 0 None 0 0 is_black_url call site: 00210 /src/ndpi/src/lib/third_party/src/libinjection_xss.c:404
0 0 None 0 0 is_black_url call site: 00212 /src/ndpi/src/lib/third_party/src/libinjection_xss.c:412
0 0 None 0 0 html_decode_char_at call site: 00209 /src/ndpi/src/lib/third_party/src/libinjection_xss.c:63

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 libinjection_sqli_init [function] [call site] 00001
2 libinjection_sqli_lookup_word [function] [call site] 00002
3 libinjection_sqli_check_fingerprint [function] [call site] 00003
4 libinjection_sqli_blacklist [function] [call site] 00004
5 strlen [call site] 00005
5 is_keyword [function] [call site] 00006
6 bsearch_keyword_type [function] [call site] 00007
7 cstrcasecmp [function] [call site] 00008
7 cstrcasecmp [function] [call site] 00009
4 libinjection_sqli_not_whitelist [function] [call site] 00010
5 strlen [call site] 00011
5 my_memmem [function] [call site] 00012
6 __assert_fail [call site] 00013
6 __assert_fail [call site] 00014
6 __assert_fail [call site] 00015
6 memcmp [call site] 00016
5 streq [function] [call site] 00017
6 strcmp [call site] 00018
5 streq [function] [call site] 00019
5 streq [function] [call site] 00020
5 streq [function] [call site] 00021
5 streq [function] [call site] 00022
5 streq [function] [call site] 00023
5 streq [function] [call site] 00024
5 cstrcasecmp [function] [call site] 00025
3 bsearch_keyword_type [function] [call site] 00026
1 libinjection_is_sqli [function] [call site] 00027
2 libinjection_sqli_fingerprint [function] [call site] 00028
3 libinjection_sqli_reset [function] [call site] 00029
4 libinjection_sqli_init [function] [call site] 00030
3 libinjection_sqli_fold [function] [call site] 00031
4 st_clear [function] [call site] 00032
4 libinjection_sqli_tokenize [function] [call site] 00033
5 st_clear [function] [call site] 00034
5 flag2delim [function] [call site] 00035
4 st_is_unary_op [function] [call site] 00036
5 cstrcasecmp [function] [call site] 00037
4 st_copy [function] [call site] 00038
4 libinjection_sqli_tokenize [function] [call site] 00039
4 st_copy [function] [call site] 00040
4 st_is_unary_op [function] [call site] 00041
4 st_is_unary_op [function] [call site] 00042
4 syntax_merge_words [function] [call site] 00043
5 st_assign [function] [call site] 00044
4 cstrcasecmp [function] [call site] 00045
4 cstrcasecmp [function] [call site] 00046
4 cstrcasecmp [function] [call site] 00047
4 cstrcasecmp [function] [call site] 00048
4 cstrcasecmp [function] [call site] 00049
4 cstrcasecmp [function] [call site] 00050
4 cstrcasecmp [function] [call site] 00051
4 cstrcasecmp [function] [call site] 00052
4 cstrcasecmp [function] [call site] 00053
4 cstrcasecmp [function] [call site] 00054
4 cstrcasecmp [function] [call site] 00055
4 cstrcasecmp [function] [call site] 00056
4 cstrcasecmp [function] [call site] 00057
4 cstrcasecmp [function] [call site] 00058
4 cstrcasecmp [function] [call site] 00059
4 st_copy [function] [call site] 00060
4 strchr [call site] 00061
4 st_is_arithmetic_op [function] [call site] 00062
4 st_copy [function] [call site] 00063
4 libinjection_sqli_tokenize [function] [call site] 00064
4 st_copy [function] [call site] 00065
4 streq [function] [call site] 00066
4 st_is_unary_op [function] [call site] 00067
4 st_copy [function] [call site] 00068
4 st_is_unary_op [function] [call site] 00069
4 st_copy [function] [call site] 00070
4 st_is_unary_op [function] [call site] 00071
4 st_copy [function] [call site] 00072
4 __assert_fail [call site] 00073
4 st_is_unary_op [function] [call site] 00074
4 st_copy [function] [call site] 00075
4 __assert_fail [call site] 00076
4 st_copy [function] [call site] 00077
4 cstrcasecmp [function] [call site] 00078
4 st_copy [function] [call site] 00079
3 strchr [call site] 00080
2 strlen [call site] 00081
2 reparse_as_mysql [function] [call site] 00082
2 libinjection_sqli_fingerprint [function] [call site] 00083
2 strlen [call site] 00084
2 memchr [call site] 00085
2 libinjection_sqli_fingerprint [function] [call site] 00086
2 strlen [call site] 00087
2 reparse_as_mysql [function] [call site] 00088
2 libinjection_sqli_fingerprint [function] [call site] 00089
2 strlen [call site] 00090
2 memchr [call site] 00091
2 libinjection_sqli_fingerprint [function] [call site] 00092
2 strlen [call site] 00093
1 libinjection_sqli_init [function] [call site] 00094
1 libinjection_is_sqli [function] [call site] 00095
1 libinjection_sqli_init [function] [call site] 00096
1 libinjection_is_sqli [function] [call site] 00097
1 libinjection_sqli_init [function] [call site] 00098
1 libinjection_is_sqli [function] [call site] 00099
1 libinjection_sqli_init [function] [call site] 00100
1 libinjection_is_sqli [function] [call site] 00101
1 libinjection_sqli_init [function] [call site] 00102
1 libinjection_is_sqli [function] [call site] 00103
1 libinjection_sqli [function] [call site] 00104
2 libinjection_sqli_init [function] [call site] 00105
2 libinjection_is_sqli [function] [call site] 00106
2 strcpy [call site] 00107
1 libinjection_xss [function] [call site] 00108
2 libinjection_is_xss [function] [call site] 00109
3 libinjection_h5_init [function] [call site] 00110
4 h5_state_data [function] [call site] 00111
5 __assert_fail [call site] 00112
5 memchr [call site] 00113
5 h5_state_eof [function] [call site] 00114
5 h5_state_tag_open [function] [call site] 00115
6 h5_state_markup_declaration_open [function] [call site] 00116
7 h5_state_doctype [function] [call site] 00117
8 memchr [call site] 00118
8 h5_state_eof [function] [call site] 00119
8 h5_state_data [function] [call site] 00120
9 h5_state_tag_open [function] [call site] 00121
10 h5_state_end_tag_open [function] [call site] 00122
11 h5_state_data [function] [call site] 00123
11 h5_state_tag_name [function] [call site] 00124
12 h5_is_white [function] [call site] 00125
13 strchr [call site] 00126
12 h5_state_before_attribute_name [function] [call site] 00127
13 h5_skip_white [function] [call site] 00128
13 h5_state_self_closing_start_tag [function] [call site] 00129
14 __assert_fail [call site] 00130
14 h5_state_data [function] [call site] 00131
14 h5_state_before_attribute_name [function] [call site] 00132
15 h5_state_data [function] [call site] 00133
15 h5_state_attribute_name [function] [call site] 00134
16 h5_is_white [function] [call site] 00135
16 h5_state_after_attribute_name [function] [call site] 00136
17 h5_state_self_closing_start_tag [function] [call site] 00137
17 h5_state_before_attribute_value [function] [call site] 00138
18 h5_skip_white [function] [call site] 00139
18 h5_state_eof [function] [call site] 00140
18 h5_state_attribute_value_double_quote [function] [call site] 00141
19 h5_state_attribute_value_quote [function] [call site] 00142
20 memchr [call site] 00143
20 h5_state_eof [function] [call site] 00144
20 h5_state_after_attribute_value_quoted_state [function] [call site] 00145
21 h5_is_white [function] [call site] 00146
21 h5_state_before_attribute_name [function] [call site] 00147
21 h5_state_self_closing_start_tag [function] [call site] 00148
21 h5_state_data [function] [call site] 00149
21 h5_state_before_attribute_name [function] [call site] 00150
18 h5_state_attribute_value_single_quote [function] [call site] 00151
19 h5_state_attribute_value_quote [function] [call site] 00152
18 h5_state_attribute_value_back_quote [function] [call site] 00153
19 h5_state_attribute_value_quote [function] [call site] 00154
18 h5_state_attribute_value_no_quote [function] [call site] 00155
19 h5_is_white [function] [call site] 00156
19 h5_state_before_attribute_name [function] [call site] 00157
19 h5_state_tag_name_close [function] [call site] 00158
20 h5_state_data [function] [call site] 00159
20 h5_state_eof [function] [call site] 00160
19 h5_state_eof [function] [call site] 00161
17 h5_state_tag_name_close [function] [call site] 00162
17 h5_state_attribute_name [function] [call site] 00163
18 h5_state_self_closing_start_tag [function] [call site] 00164
18 h5_state_before_attribute_value [function] [call site] 00165
18 h5_state_tag_name_close [function] [call site] 00166
18 h5_state_eof [function] [call site] 00167
12 h5_state_self_closing_start_tag [function] [call site] 00168
12 h5_state_data [function] [call site] 00169
12 h5_state_tag_name_close [function] [call site] 00170
12 h5_state_eof [function] [call site] 00171
11 h5_state_bogus_comment [function] [call site] 00172
12 memchr [call site] 00173
12 h5_state_eof [function] [call site] 00174
12 h5_state_data [function] [call site] 00175
10 h5_state_bogus_comment [function] [call site] 00176
10 h5_state_bogus_comment2 [function] [call site] 00177
11 memchr [call site] 00178
11 h5_state_eof [function] [call site] 00179
11 h5_state_data [function] [call site] 00180
10 h5_state_tag_name [function] [call site] 00181
10 h5_state_tag_name [function] [call site] 00182
10 h5_state_data [function] [call site] 00183
10 h5_state_data [function] [call site] 00184
7 h5_state_cdata [function] [call site] 00185
8 memchr [call site] 00186
8 h5_state_eof [function] [call site] 00187
8 h5_state_data [function] [call site] 00188
7 h5_state_comment [function] [call site] 00189
8 memchr [call site] 00190
8 h5_state_eof [function] [call site] 00191
8 h5_state_eof [function] [call site] 00192
8 h5_state_eof [function] [call site] 00193
8 h5_state_data [function] [call site] 00194
7 h5_state_bogus_comment [function] [call site] 00195
4 h5_state_before_attribute_name [function] [call site] 00196
4 h5_state_attribute_value_single_quote [function] [call site] 00197
4 h5_state_attribute_value_double_quote [function] [call site] 00198
4 h5_state_attribute_value_back_quote [function] [call site] 00199
3 libinjection_h5_next [function] [call site] 00200
4 __assert_fail [call site] 00201
3 is_black_tag [function] [call site] 00202
4 cstrcasecmp_with_null [function] [call site] 00203
3 is_black_attr [function] [call site] 00204
4 cstrcasecmp_with_null [function] [call site] 00205
4 cstrcasecmp_with_null [function] [call site] 00206
3 is_black_url [function] [call site] 00207
4 htmlencode_startswith [function] [call site] 00208
5 html_decode_char_at [function] [call site] 00209
4 htmlencode_startswith [function] [call site] 00210
4 htmlencode_startswith [function] [call site] 00211
4 htmlencode_startswith [function] [call site] 00212
3 is_black_attr [function] [call site] 00213
3 memchr [call site] 00214
3 cstrcasecmp_with_null [function] [call site] 00215
3 cstrcasecmp_with_null [function] [call site] 00216
2 libinjection_is_xss [function] [call site] 00217
2 libinjection_is_xss [function] [call site] 00218
2 libinjection_is_xss [function] [call site] 00219
2 libinjection_is_xss [function] [call site] 00220
1 libinjection_version [function] [call site] 00221