Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: open62541
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: fuzz_base64_decode
Call tree
Runtime coverage analysis
Files reached
Fuzzer: fuzz_tcp_message
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_src_ua_util
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_xml_decode_encode
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_mdns_message
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_binary_decode
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_attributeoperand
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_mdns_xht
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_json_decode_encode
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_base64_encode
Call tree
Runtime coverage analysis
Files reached
Fuzzer: fuzz_json_decode
Call tree
Runtime coverage analysis
Files reached
Fuzzer: fuzz_binary_message
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Fuzz engine guidance
tests/fuzz/fuzz_base64_decode.cc
Dictionary
Fuzzer function priority
tests/fuzz/fuzz_tcp_message.cc
Dictionary
Fuzzer function priority
tests/fuzz/fuzz_src_ua_util.cc
Dictionary
Fuzzer function priority
tests/fuzz/fuzz_xml_decode_encode.cc
Dictionary
Fuzzer function priority
deps/mdnsd/tests/fuzz/fuzz_mdns_message.cc
Dictionary
Fuzzer function priority
tests/fuzz/fuzz_binary_decode.cc
Dictionary
Fuzzer function priority
tests/fuzz/fuzz_attributeoperand.cc
Dictionary
Fuzzer function priority
deps/mdnsd/tests/fuzz/fuzz_mdns_xht.cc
Dictionary
Fuzzer function priority
tests/fuzz/fuzz_json_decode_encode.cc
Dictionary
Fuzzer function priority
tests/fuzz/fuzz_base64_encode.cc
Dictionary
Fuzzer function priority
tests/fuzz/fuzz_json_decode.cc
Dictionary
Fuzzer function priority
tests/fuzz/fuzz_binary_message.cc
Dictionary
Fuzzer function priority
Runtime coverage analysis
Complex functions with low coverage
Fuzz driver synthesis
New fuzzers
client_filter_queries.c
ua_pubsub_ns0.c
ua_pubsub_writergroup.c
Files and Directories in report
Files in report
Directories in report
Function call coverage
Function in each files in report
Metadata section
Sink analyser for CWEs
Sink functions/methods found for CWE22
Report generation date: 2025-07-01

Project overview: open62541

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
10.0%
598 / 5696
Cyclomatic complexity statically reachable by fuzzers
16.0%
2850 / 17560
Runtime code coverage of functions
10.0%
551 / 5696

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
fuzz_base64_decode tests/fuzz/fuzz_base64_decode.cc 5 5695 2 2 12 16 fuzz_base64_decode.cc
fuzz_tcp_message tests/fuzz/fuzz_tcp_message.cc 517 5358 19 47 1178 1249 fuzz_tcp_message.cc
fuzz_src_ua_util tests/fuzz/fuzz_src_ua_util.cc 12 5689 5 3 49 64 fuzz_src_ua_util.cc
fuzz_xml_decode_encode tests/fuzz/fuzz_xml_decode_encode.cc 67 5642 7 4 340 332 fuzz_xml_decode_encode.cc
fuzz_mdns_message deps/mdnsd/tests/fuzz/fuzz_mdns_message.cc 56 5664 7 4 155 198 fuzz_mdns_message.cc
fuzz_binary_decode tests/fuzz/fuzz_binary_decode.cc 27 5681 5 4 40 25 fuzz_binary_decode.cc
fuzz_attributeoperand tests/fuzz/fuzz_attributeoperand.cc 181 5568 18 15 639 723 fuzz_attributeoperand.cc
fuzz_mdns_xht deps/mdnsd/tests/fuzz/fuzz_mdns_xht.cc 20 5686 5 3 35 45 fuzz_mdns_xht.cc
fuzz_json_decode_encode tests/fuzz/fuzz_json_decode_encode.cc 27 5680 6 4 107 142 fuzz_json_decode_encode.cc
fuzz_base64_encode tests/fuzz/fuzz_base64_encode.cc 5 5694 2 2 9 7 fuzz_base64_encode.cc
fuzz_json_decode tests/fuzz/fuzz_json_decode.cc 18 5684 6 4 88 125 fuzz_json_decode.cc
fuzz_binary_message tests/fuzz/fuzz_binary_message.cc 636 5270 27 61 1563 1699 fuzz_binary_message.cc

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: fuzz_base64_decode

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 1 16.6%
yellow [10:29] 0 0.0%
greenyellow [30:49] 1 16.6%
lawngreen 50+ 4 66.6%
All colors 6 100

Runtime coverage analysis

Covered functions
2
Functions that are reachable but not covered
3
Reachable functions
5
Percentage of reachable functions covered
40.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/fuzz/fuzz_base64_decode.cc 3
deps/base64.c 2

Fuzzer: fuzz_tcp_message

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2556 100.%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 0 0.0%
All colors 2556 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
2555 0 EP call site: 00000 UA_Server_newWithConfig

Runtime coverage analysis

Covered functions
0
Functions that are reachable but not covered
517
Reachable functions
517
Percentage of reachable functions covered
0.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/fuzz/fuzz_tcp_message.cc 24
include/open62541/server.h 1
src/server/ua_server_config.c 13
arch/posix/eventloop_posix.c 68
include/open62541/plugin/log.h 3
plugins/ua_log_stdout.c 11
src/ua_types.c 48
arch/freertos/clock_freertos.c 1
deps/mp_printf.c 17
deps/dtoa.c 13
src/util/ua_util.c 16
src/util/ua_util_internal.h 2
deps/itoa.c 2
arch/common/timer.c 16
src/server/ua_discovery_mdns_avahi.c 8
src/server/ua_server.c 89
deps/pcg_basic.c 1
src/server/ua_session.c 34
src/server/ua_subscription.c 37
src/server/ua_server_async.c 18
src/server/ua_server_ns0.c 39
src/server/ua_services_nodemanagement.c 137
examples/access_control/server_access_control.c 1
src/server/ua_nodes.c 64
include/open62541/plugin/nodestore.h 2
src/server/ua_services_view.c 66
src/server/ua_services_attribute.c 62
tests/server/check_nodestore.c 3
src/server/ua_server_internal.h 1
plugins/ua_nodestore_hashmap.c 5
src/server/ua_server_utils.c 16
tests/multithreading/check_mt_writeValueAttribute.c 6
src/server/ua_server_ns0_gds.c 18
src/server/ua_server_binary.c 13
src/server/ua_discovery.c 2
src/pubsub/ua_pubsub_manager.c 6
src/pubsub/ua_pubsub_ns0.c 16
src/server/ua_services_session.c 11
src/ua_securechannel.c 21
src/ua_securechannel_crypto.c 9
plugins/crypto/openssl/securitypolicy_aes256sha256rsapss.c 3
plugins/crypto/openssl/securitypolicy_common.c 17
src/ua_types_encoding_binary.c 5
tools/tpm_keystore/cert_encrypt_tpm.c 35
arch/posix/eventloop_posix_tcp.c 15
src/server/ua_subscription_alarms_conditions.c 8
tests/fuzz/custom_memory_manager.c 1

Fuzzer: fuzz_src_ua_util

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2 11.1%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 16 88.8%
All colors 18 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
1 3 LLVMFuzzerTestOneInput call site: 00003 UA_parseEndpointUrl
1 13 LLVMFuzzerTestOneInput call site: 00013 UA_parseEndpointUrlEthernet

Runtime coverage analysis

Covered functions
8
Functions that are reachable but not covered
6
Reachable functions
12
Percentage of reachable functions covered
50.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/fuzz/fuzz_src_ua_util.cc 6
tests/fuzz/custom_memory_manager.c 1
src/util/ua_util.c 5

Fuzzer: fuzz_xml_decode_encode

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 15 7.10%
gold [1:9] 1 0.47%
yellow [10:29] 3 1.42%
greenyellow [30:49] 2 0.94%
lawngreen 50+ 190 90.0%
All colors 211 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
3 198 LLVMFuzzerTestOneInput call site: 00198
2 6 yxml_init call site: 00006
2 168 UA_decodeXml call site: 00168 UA_STRING
2 184 LLVMFuzzerTestOneInput call site: 00184 UA_calcSizeXml
2 192 LLVMFuzzerTestOneInput call site: 00192
1 9 xml_tokenize call site: 00009
1 166 UA_decodeXml call site: 00166
1 182 UA_ByteString_allocBuffer call site: 00182
1 188 UA_encodeXml call site: 00188

Runtime coverage analysis

Covered functions
112
Functions that are reachable but not covered
21
Reachable functions
67
Percentage of reachable functions covered
68.66%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/fuzz/fuzz_xml_decode_encode.cc 11
src/ua_types_encoding_xml.c 15
deps/yxml.c 43
src/ua_types.c 5

Fuzzer: fuzz_mdns_message

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 144 100.%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 0 0.0%
All colors 144 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
143 0 EP call site: 00000 mdnsd_in

Runtime coverage analysis

Covered functions
0
Functions that are reachable but not covered
56
Reachable functions
56
Percentage of reachable functions covered
0.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
deps/mdnsd/tests/fuzz/fuzz_mdns_message.cc 9
deps/mdnsd/libmdnsd/1035.c 17
deps/mdnsd/libmdnsd/mdnsd.c 31
deps/mdnsd/mdnsd.c 2

Fuzzer: fuzz_binary_decode

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 8 17.0%
gold [1:9] 1 2.12%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 38 80.8%
All colors 47 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
3 29 UA_encodeBinaryInternal call site: 00029 exchangeBuffer
2 39 LLVMFuzzerTestOneInput call site: 00039 UA_calcSizeBinary
1 12 UA_clear call site: 00012
1 37 UA_ByteString_allocBuffer call site: 00037
1 42 UA_encodeBinary call site: 00042

Runtime coverage analysis

Covered functions
132
Functions that are reachable but not covered
11
Reachable functions
27
Percentage of reachable functions covered
59.26%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/fuzz/fuzz_binary_decode.cc 12
tests/fuzz/custom_memory_manager.c 1
src/ua_types.c 7
src/ua_types_encoding_binary.c 13

Fuzzer: fuzz_attributeoperand

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 506 100.%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 0 0.0%
All colors 506 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
505 0 EP call site: 00000 UA_AttributeOperand_parse

Runtime coverage analysis

Covered functions
0
Functions that are reachable but not covered
181
Reachable functions
181
Percentage of reachable functions covered
0.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/fuzz/fuzz_attributeoperand.cc 10
tests/fuzz/custom_memory_manager.c 1
src/util/ua_types_lex.c 40
src/util/ua_util_internal.h 2
src/util/ua_util.c 36
src/ua_types.c 44
deps/base64.c 2
src/server/ua_services_view.c 31
src/server/ua_server.c 5
arch/posix/eventloop_posix.c 2
include/open62541/plugin/nodestore.h 1
src/server/ua_nodes.c 5
src/server/ua_services_attribute.c 50
tests/server/check_nodestore.c 3
deps/itoa.c 2

Fuzzer: fuzz_mdns_xht

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2 4.76%
gold [1:9] 1 2.38%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 39 92.8%
All colors 42 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
2 18 _xht_set call site: 00018

Runtime coverage analysis

Covered functions
14
Functions that are reachable but not covered
9
Reachable functions
20
Percentage of reachable functions covered
55.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
deps/mdnsd/tests/fuzz/fuzz_mdns_xht.cc 9
deps/mdnsd/libmdnsd/sdtxt.c 7
deps/mdnsd/libmdnsd/xht.c 8

Fuzzer: fuzz_json_decode_encode

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 10 15.3%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 55 84.6%
All colors 65 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
3 52 LLVMFuzzerTestOneInput call site: 00052
2 39 LLVMFuzzerTestOneInput call site: 00039 UA_calcSizeJson
2 46 LLVMFuzzerTestOneInput call site: 00046
1 32 UA_calcSizeJson call site: 00032
1 37 UA_ByteString_allocBuffer call site: 00037
1 42 UA_encodeJson call site: 00042

Runtime coverage analysis

Covered functions
201
Functions that are reachable but not covered
12
Reachable functions
27
Percentage of reachable functions covered
55.56%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/fuzz/fuzz_json_decode_encode.cc 11
src/ua_types_encoding_json_105.c 9
deps/cj5.c 9
src/ua_types.c 4

Fuzzer: fuzz_base64_encode

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 5 100.%
All colors 5 100

Runtime coverage analysis

Covered functions
3
Functions that are reachable but not covered
2
Reachable functions
5
Percentage of reachable functions covered
60.0%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/fuzz/fuzz_base64_encode.cc 3
deps/base64.c 2

Fuzzer: fuzz_json_decode

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 0 0.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 32 100.%
All colors 32 100

Runtime coverage analysis

Covered functions
110
Functions that are reachable but not covered
8
Reachable functions
18
Percentage of reachable functions covered
55.56%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/fuzz/fuzz_json_decode.cc 4
src/ua_types_encoding_json_105.c 6
deps/cj5.c 9
src/ua_types.c 1

Fuzzer: fuzz_binary_message

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2225 65.7%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 1157 34.2%
All colors 3382 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
356 3022 UA_EventLoopPOSIX_unlock call site: 03022 FileCertStore_verifyCertificate
290 2731 UA_KeyValueRestriction_validate call site: 02731 TCP_openPassiveConnection
196 2065 UA_Session_dequeuePublishReq call site: 02065 encrypt
185 2442 mp_snprintf call site: 02442 FileCertStore_setTrustList
122 1632 addModellingRules call site: 01632 initNS0PushManagement
68 70 format_string_loop call site: 00070 UA_NodeId_print
49 2681 UA_EventLoopPOSIX_start call site: 02681 TCP_openConnection
44 711 readValueAttributeComplete call site: 00711 UA_Variant_setArrayCopy
40 2263 UA_Subscription_delete call site: 02263 UA_MonitoredItem_delete
39 1956 UA_Server_addMethodNodeEx_finish call site: 01956 addMethodNode
30 141 UA_ByteString_allocBuffer call site: 00141 printNodeIdBody
30 2022 UA_Subscription_delete call site: 02022 UA_EventLoopPOSIX_addTimer

Runtime coverage analysis

Covered functions
2142
Functions that are reachable but not covered
392
Reachable functions
636
Percentage of reachable functions covered
38.36%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
tests/fuzz/fuzz_binary_message.cc 17
include/open62541/server.h 1
src/server/ua_server_config.c 13
arch/posix/eventloop_posix.c 68
include/open62541/plugin/log.h 3
plugins/ua_log_stdout.c 11
src/ua_types.c 53
arch/freertos/clock_freertos.c 1
deps/mp_printf.c 20
deps/dtoa.c 13
src/util/ua_util.c 19
src/util/ua_util_internal.h 2
deps/itoa.c 2
arch/common/timer.c 16
src/server/ua_discovery_mdns_avahi.c 8
src/server/ua_server.c 56
deps/pcg_basic.c 1
src/server/ua_session.c 36
src/server/ua_subscription.c 37
src/server/ua_server_async.c 15
src/server/ua_server_ns0.c 39
src/server/ua_services_nodemanagement.c 137
examples/access_control/server_access_control.c 1
src/server/ua_nodes.c 64
include/open62541/plugin/nodestore.h 2
src/server/ua_services_view.c 66
src/server/ua_services_attribute.c 62
tests/server/check_nodestore.c 3
src/server/ua_server_internal.h 1
plugins/ua_nodestore_hashmap.c 5
src/server/ua_server_utils.c 16
tests/multithreading/check_mt_writeValueAttribute.c 6
src/server/ua_server_ns0_gds.c 23
src/server/ua_server_binary.c 87
src/server/ua_discovery.c 2
src/pubsub/ua_pubsub_manager.c 6
src/pubsub/ua_pubsub_ns0.c 16
src/server/ua_services_session.c 15
src/ua_securechannel.c 65
src/ua_securechannel_crypto.c 40
plugins/crypto/openssl/securitypolicy_aes256sha256rsapss.c 7
plugins/crypto/openssl/securitypolicy_common.c 40
src/ua_types_encoding_binary.c 8
tools/tpm_keystore/cert_encrypt_tpm.c 35
arch/posix/eventloop_posix_tcp.c 54
src/server/ua_subscription_alarms_conditions.c 8
plugins/ua_debug_dump_pkgs.c 3
tests/fuzz/ua_debug_dump_pkgs_file.c 14
plugins/crypto/ua_certificategroup_filestore.c 21
plugins/crypto/ua_filestore_common.c 7
tests/encryption/check_gds_informationmodel.c 10
src/client/ua_client.c 38
src/client/ua_client_connect.c 43
plugins/crypto/openssl/securitypolicy_basic256.c 2
arch/common/eventloop_common.c 3
tests/check_eventloop_eth.c 6
tests/client/check_client_subscriptions.c 3
src/client/ua_client_subscriptions.c 4
plugins/crypto/mbedtls/securitypolicy_common.c 9
src/server/ua_services_securechannel.c 13
src/server/ua_services.c 9

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
create_event_filter_with_monitored_item /src/open62541/examples/events/client_filter_queries.c 4 ['UA_Client*', 'UA_EventFilter*', 'UA_CreateSubscriptionResponse*', 'UA_MonitoredItemCreateResult*'] 22 0 24 4 3 390 0 3248 2373
UA_loadPubSubConfigMethodCallback /src/open62541/src/pubsub/ua_pubsub_ns0.c 11 ['UA_Server*', 'UA_NodeId*', 'void*', 'UA_NodeId*', 'void*', 'UA_NodeId*', 'void*', 'size_t', 'UA_Variant*', 'size_t', 'UA_Variant*'] 26 0 10 3 2 534 0 1788 543
UA_Server_triggerWriterGroupPublish /src/open62541/src/pubsub/ua_pubsub_writergroup.c 2 ['UA_Server*', 'UA_NodeId'] 16 0 11 3 2 201 1 778 368

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
15.0%
847 / 5696
Cyclomatic complexity statically reachable by fuzzers
35.0%
6134 / 17560

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Runtime reached by Fuzzers Combined reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzz engine guidance

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

tests/fuzz/fuzz_base64_decode.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


tests/fuzz/fuzz_tcp_message.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


tests/fuzz/fuzz_src_ua_util.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['LLVMFuzzerTestOneInput']

tests/fuzz/fuzz_xml_decode_encode.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['LLVMFuzzerTestOneInput', 'yxml_init', 'UA_decodeXml', 'xml_tokenize', 'UA_ByteString_allocBuffer', 'UA_encodeXml']

deps/mdnsd/tests/fuzz/fuzz_mdns_message.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


tests/fuzz/fuzz_binary_decode.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['UA_encodeBinaryInternal', 'LLVMFuzzerTestOneInput', 'UA_clear', 'UA_ByteString_allocBuffer', 'UA_encodeBinary']

tests/fuzz/fuzz_attributeoperand.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


deps/mdnsd/tests/fuzz/fuzz_mdns_xht.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['_xht_set']

tests/fuzz/fuzz_json_decode_encode.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['LLVMFuzzerTestOneInput', 'UA_calcSizeJson', 'UA_ByteString_allocBuffer', 'UA_encodeJson']

tests/fuzz/fuzz_base64_encode.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


tests/fuzz/fuzz_json_decode.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


tests/fuzz/fuzz_binary_message.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag


Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name 

-focus_function=['UA_EventLoopPOSIX_unlock', 'UA_KeyValueRestriction_validate', 'UA_Session_dequeuePublishReq', 'mp_snprintf', 'addModellingRules', 'format_string_loop', 'UA_EventLoopPOSIX_start', 'readValueAttributeComplete', 'UA_Subscription_delete', 'UA_Server_addMethodNodeEx_finish']

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
UA_DateTime_parse 109 3 2.752% ['fuzz_xml_decode_encode']
clearStructure 35 19 54.28% ['fuzz_json_decode', 'fuzz_binary_decode', 'fuzz_binary_message', 'fuzz_xml_decode_encode']
decodeMatrixVariant 36 4 11.11% ['fuzz_xml_decode_encode']
structureOrder 51 28 54.90% ['fuzz_binary_decode']
UA_encodeJson 35 18 51.42% ['fuzz_json_decode_encode']
ExtensionObject_encodeJson 36 3 8.333%
DiagnosticInfo_encodeJson 33 14 42.42%
UA_String_unescape 75 3 4.0% ['fuzz_json_decode_encode', 'fuzz_json_decode', 'fuzz_attributeoperand']
UA_KeyValueRestriction_validate 35 10 28.57% ['fuzz_binary_message']
UA_EventLoopPOSIX_pollFDs 41 12 29.26% ['fuzz_binary_message']
format_string_loop 226 57 25.22% ['fuzz_binary_message']
print_integer_finalization 51 18 35.29% ['fuzz_binary_message']
__ZIP_UNZIP 41 10 24.39% ['fuzz_binary_message']
UA_NodePointer_copy 42 11 26.19% ['fuzz_binary_message', 'fuzz_tcp_message']
UA_Node_copy 117 62 52.99% ['fuzz_binary_message']
UA_Node_insertOrUpdateLocale 37 14 37.83% ['fuzz_binary_message', 'fuzz_tcp_message']
serverNetworkCallbackLocked 95 23 24.21% ['fuzz_binary_message']
getAllInterfaceChildNodeIds 91 41 45.05% ['fuzz_binary_message', 'fuzz_tcp_message']
ReadWithNode 210 35 16.66% ['fuzz_attributeoperand', 'fuzz_tcp_message', 'fuzz_binary_message']
compatibleValue 37 11 29.72% ['fuzz_binary_message', 'fuzz_tcp_message']
readValueAttributeComplete 33 18 54.54% ['fuzz_attributeoperand', 'fuzz_tcp_message', 'fuzz_binary_message']
copyAttributeIntoNode 156 47 30.12% ['fuzz_binary_message']
writeNodeValueAttribute 78 40 51.28% ['fuzz_binary_message']
writeInternalValueAttribute 59 16 27.11% ['fuzz_binary_message']
addNode_raw 67 33 49.25% ['fuzz_binary_message', 'fuzz_tcp_message']
checkParentReference 59 29 49.15% ['fuzz_binary_message', 'fuzz_tcp_message']
useVariableTypeAttributes 48 21 43.75% ['fuzz_binary_message', 'fuzz_tcp_message']
typeCheckVariableNode 80 9 11.25% ['fuzz_binary_message', 'fuzz_tcp_message']
recursiveCallConstructors 88 41 46.59% ['fuzz_binary_message', 'fuzz_tcp_message']
deleteNodeOperation 45 8 17.77% ['fuzz_binary_message', 'fuzz_tcp_message']
Operation_addReference 99 50 50.50% ['fuzz_binary_message', 'fuzz_tcp_message']
UA_Server_addMethodNodeEx_finish 89 39 43.82% ['fuzz_binary_message', 'fuzz_tcp_message']
Operation_Browse 94 41 43.61% ['fuzz_binary_message', 'fuzz_tcp_message']
browse 48 26 54.16% ['fuzz_binary_message', 'fuzz_tcp_message']
browseWithNode 66 24 36.36% ['fuzz_binary_message', 'fuzz_tcp_message']

Fuzz driver synthesis

New fuzzers

The below fuzzers are templates and suggestions for how to target the set of optimal functions above

client_filter_queries.c

Target file: /src/open62541/examples/events/client_filter_queries.c
Target functions: create_event_filter_with_monitored_item 
#include "ada_fuzz_header.h"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  af_safe_gb_init(data, size);

  /* target create_event_filter_with_monitored_item */
  UNKNOWN_TYPE unknown_0;
  UNKNOWN_TYPE unknown_1;
  UNKNOWN_TYPE unknown_2;
  UNKNOWN_TYPE unknown_3;
  create_event_filter_with_monitored_item(unknown_0, unknown_1, unknown_2, unknown_3);

  af_safe_gb_cleanup();
}

ua_pubsub_ns0.c

Target file: /src/open62541/src/pubsub/ua_pubsub_ns0.c
Target functions: UA_loadPubSubConfigMethodCallback 
#include "ada_fuzz_header.h"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  af_safe_gb_init(data, size);

  /* target UA_loadPubSubConfigMethodCallback */
  UNKNOWN_TYPE unknown_4;
  UNKNOWN_TYPE unknown_5;
  UNKNOWN_TYPE unknown_6;
  UNKNOWN_TYPE unknown_7;
  UNKNOWN_TYPE unknown_8;
  UNKNOWN_TYPE unknown_9;
  UNKNOWN_TYPE unknown_10;
  UNKNOWN_TYPE unknown_11;
  UNKNOWN_TYPE unknown_12;
  UNKNOWN_TYPE unknown_13;
  UNKNOWN_TYPE unknown_14;
  UA_loadPubSubConfigMethodCallback(unknown_4, unknown_5, unknown_6, unknown_7, unknown_8, unknown_9, unknown_10, unknown_11, unknown_12, unknown_13, unknown_14);

  af_safe_gb_cleanup();
}

ua_pubsub_writergroup.c

Target file: /src/open62541/src/pubsub/ua_pubsub_writergroup.c
Target functions: UA_Server_triggerWriterGroupPublish 
#include "ada_fuzz_header.h"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  af_safe_gb_init(data, size);

  /* target UA_Server_triggerWriterGroupPublish */
  UNKNOWN_TYPE unknown_15;
  UNKNOWN_TYPE unknown_16;
  UA_Server_triggerWriterGroupPublish(unknown_15, unknown_16);

  af_safe_gb_cleanup();
}

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
/src/open62541/tests/fuzz/fuzz_src_ua_util.cc ['fuzz_src_ua_util'] ['fuzz_src_ua_util']
/src/open62541/src/server/ua_services_securechannel.c ['fuzz_binary_message'] []
/src/open62541/deps/nodesetLoader/backends/open62541/tests/testHelper.h [] []
/src/open62541/deps/utf8.c [] []
/src/open62541/tests/server/check_server.c [] []
/src/open62541/plugins/crypto/mbedtls/securitypolicy_pubsub_aes128ctr.c [] []
/src/open62541/src/ua_types_encoding_binary.c ['fuzz_tcp_message', 'fuzz_binary_decode', 'fuzz_binary_message'] ['fuzz_binary_decode']
/src/open62541/tools/ua2json/ua2json.c [] []
/src/open62541/tests/pubsub/check_pubsub_publisherid.c [] []
/src/open62541/src/server/ua_services_attribute.c ['fuzz_tcp_message', 'fuzz_attributeoperand', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/arch/zephyr/eventloop_zephyr.h [] []
/src/open62541/plugins/crypto/ua_filestore_common.c ['fuzz_binary_message'] []
/src/open62541/tests/pubsub/check_pubsub_sks_push.c [] []
/src/open62541/deps/mdnsd/mdnsd.c ['fuzz_mdns_message'] []
/src/open62541/tests/check_eventloop.c [] []
/src/open62541/examples/pubsub_realtime/server_pubsub_publish_rt_state_machine.c [] []
/src/open62541/deps/mqtt-c/examples/reconnect_subscriber.c [] []
/src/open62541/examples/client_async.c [] []
/src/open62541/src/server/ua_discovery_mdns.c [] []
/src/open62541/plugins/crypto/openssl/certificategroup.c [] []
/src/open62541/deps/nodesetLoader/backends/open62541/examples/dataTypeImport.c [] []
/src/open62541/src/pubsub/ua_pubsub_writer.c [] []
/src/open62541/deps/nodesetLoader/backends/open62541/tests/dataTypeImport/compareDITypes.c [] []
/src/open62541/deps/mdnsd/libmdnsd/xht.c ['fuzz_mdns_xht'] ['fuzz_mdns_xht']
/src/open62541/deps/nodesetLoader/backends/open62541/tests/extension.c [] []
/src/open62541/tests/server/check_server_reverseconnect.c [] []
/src/open62541/plugins/include/open62541/plugin/accesscontrol_default.h [] []
/src/open62541/tests/fuzz/corpus_generator.c [] []
/src/open62541/src/pubsub/ua_pubsub_reader.c [] []
/src/open62541/plugins/ua_nodestore_hashmap.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/examples/client.c [] []
/src/open62541/src/ua_types_encoding_xml.c ['fuzz_xml_decode_encode'] ['fuzz_xml_decode_encode']
/src/open62541/src/client/ua_client_highlevel.c [] []
/src/open62541/tests/server/check_server_monitoringspeed.c [] []
/src/open62541/plugins/ua_config_default.c [] []
/src/open62541/tests/server/check_services_view.c [] []
/src/open62541/deps/mqtt-c/src/mqtt.c [] []
/src/open62541/examples/events/client_eventfilter.c [] []
/src/open62541/tests/check_types_builtin.c [] []
/src/open62541/deps/mqtt-c/examples/templates/bio_sockets.h [] []
/src/open62541/deps/nodesetLoader/backends/stdout/examples/dump.c [] []
/src/open62541/deps/libc_time.c [] []
/src/open62541/deps/nodesetLoader/backends/open62541/tests/integration/client/operator_ov.cpp [] []
/src/open62541/deps/yxml.c ['fuzz_xml_decode_encode'] ['fuzz_xml_decode_encode']
/src/open62541/tests/client/check_client_encryption.c [] []
/src/open62541/examples/discovery/server_multicast.c [] []
/src/open62541/deps/dtoa.c ['fuzz_tcp_message', 'fuzz_binary_message'] []
/src/open62541/src/pubsub/ua_pubsub_manager.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/src/util/ua_types_lex.c ['fuzz_attributeoperand'] []
/src/open62541/plugins/crypto/openssl/securitypolicy_basic128rsa15.c [] []
/src/open62541/plugins/crypto/pkcs11/securitypolicy_pubsub_aes256ctr_tpm.c [] []
/src/open62541/arch/lwip/eventloop_lwip_tcp.c [] []
/src/open62541/tests/multithreading/check_mt_readValueAttribute.c [] []
/src/open62541/tests/server/check_server_userspace.c [] []
/src/open62541/examples/tutorial_server_monitoreditems.c [] []
/src/open62541/plugins/crypto/mbedtls/securitypolicy_basic256.c [] []
/src/open62541/src/pubsub/ua_pubsub_internal.h [] []
/src/open62541/src/server/ua_server.c ['fuzz_tcp_message', 'fuzz_attributeoperand', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/tests/testing-plugins/testing_policy.h [] []
/src/open62541/src/util/ua_eventfilter_parser.c [] []
/src/open62541/deps/nodesetLoader/backends/open62541/tests/integration/client/value_utils_mock.cpp [] []
/src/open62541/tests/server/check_subscription_event_filter.c [] []
/src/open62541/deps/tr_dirent.h [] []
/src/open62541/plugins/crypto/openssl/securitypolicy_eccnistp256.c [] []
/src/open62541/deps/mdnsd/libmdnsd/ms_stdint.h [] []
/src/open62541/src/server/ua_session.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/tests/network_replay/check_network_replay.c [] []
/src/open62541/deps/nodesetLoader/backends/open62541/tests/integration/client/browse_utils.cpp [] []
/src/open62541/plugins/ua_accesscontrol_default.c [] []
/src/open62541/deps/yxml.h [] []
/src/open62541/examples/tutorial_server_variabletype.c [] []
/src/open62541/src/server/ua_server_async.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/tests/client/check_activateSession.c [] []
/src/open62541/deps/mdnsd/libmdnsd/mdnsd.h [] []
/src/open62541/src/server/ua_subscription_alarms_conditions.c ['fuzz_tcp_message', 'fuzz_binary_message'] []
/src/open62541/include/open62541/types.h [] []
/src/open62541/deps/nodesetLoader/tests/parser.c [] []
/src/open62541/src/server/ua_session.h [] []
/src/open62541/src/client/ua_client_discovery.c [] []
/src/open62541/src/pubsub/ua_pubsub_config.c [] []
/src/open62541/deps/mdnsd/libmdnsd/mdnsd_debug_dump_pkgs_file.c [] []
/src/open62541/include/open62541/plugin/nodestore.h ['fuzz_tcp_message', 'fuzz_attributeoperand', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/examples/access_control/server_access_control.c ['fuzz_tcp_message', 'fuzz_binary_message'] []
/src/open62541/tests/fuzz/fuzz_attributeoperand.cc ['fuzz_attributeoperand'] []
/src/open62541/arch/common/eventloop_mqtt.c [] []
/src/open62541/src/ua_securechannel.h [] []
/src/open62541/examples/tutorial_server_object.c [] []
/src/open62541/src/server/ua_services_subscription.c [] []
/src/open62541/src/ua_types_encoding_json.h [] []
/src/open62541/deps/mqtt-c/include/mqtt_pal.h [] []
/src/open62541/deps/nodesetLoader/src/Parser.c [] []
/src/open62541/plugins/crypto/pkcs11/securitypolicy_pubsub_aes128ctr_tpm.c [] []
/src/open62541/src/ua_securechannel.c ['fuzz_tcp_message', 'fuzz_binary_message'] []
/src/open62541/examples/client_historical.c [] []
/src/open62541/src/util/ua_util_internal.h ['fuzz_tcp_message', 'fuzz_attributeoperand', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/deps/mqtt-c/include/mqtt.h [] []
/src/open62541/src/pubsub/ua_pubsub_networkmessage_binary.c [] []
/src/open62541/tests/testing-plugins/testing_networklayers.c [] []
/src/open62541/arch/lwip/eventloop_lwip.c [] []
/src/open62541/deps/nodesetLoader/backends/open62541/src/ServerContext.c [] []
/src/open62541/tests/server/check_subscription_events.c [] []
/src/open62541/deps/mqtt-c/examples/templates/bearssl_sockets.h [] []
/src/open62541/deps/nodesetLoader/src/CharAllocator.c [] []
/src/open62541/examples/pubsub/server_pubsub_publisher_on_demand.c [] []
/src/open62541/tests/pubsub/check_pubsub_encoding_json.c [] []
/src/open62541/deps/mdnsd/tests/fuzz/fuzz_mdns_xht.cc ['fuzz_mdns_xht'] ['fuzz_mdns_xht']
/src/open62541/arch/posix/eventloop_posix_interrupt.c [] []
/src/open62541/src/server/ua_server_ns0_diagnostics.c [] []
/src/open62541/include/open62541/plugin/log.h ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/src/ua_types_encoding_json.c [] []
/src/open62541/tests/fuzz/fuzz_json_decode.cc ['fuzz_json_decode'] ['fuzz_json_decode']
/src/open62541/tests/server/check_server_speed_addnodes.c [] []
/src/open62541/tests/check_kvm_utils.c [] []
/src/open62541/tests/check_securechannel.c [] []
/src/open62541/tests/client/check_activateSessionAsync.c [] []
/src/open62541/plugins/crypto/mbedtls/securitypolicy_pubsub_aes256ctr.c [] []
/src/open62541/examples/pubsub/server_pubsub_subscribe_custom_monitoring.c [] []
/src/open62541/plugins/crypto/mbedtls/securitypolicy_aes256sha256rsapss.c [] []
/src/open62541/tests/server/check_server_historical_data_circular.c [] []
/src/open62541/deps/mqtt-c/examples/openssl_publisher.c [] []
/src/open62541/deps/ua-nodeset/AnsiC/opcua_clientapi.c [] []
/src/open62541/arch/lwip/eventloop_lwip_udp.c [] []
/src/open62541/deps/nodesetLoader/backends/open62541/tests/integration/test_server/server.cpp [] []
/src/open62541/examples/custom_datatype/server_types_custom.c [] []
/src/open62541/examples/tutorial_server_reverseconnect.c [] []
/src/open62541/tests/pubsub/check_pubsub_sks_securitygroups.c [] []
/src/open62541/examples/discovery/server_register.c [] []
/src/open62541/examples/tutorial_datatypes.c [] []
/src/open62541/plugins/ua_log_stdout.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/arch/common/timer.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/deps/nodesetLoader/backends/open62541/src/RefServiceImpl.c [] []
/src/open62541/tests/encryption/check_update_trustlist.c [] []
/src/open62541/deps/mdnsd/mquery.c [] []
/src/open62541/tests/fuzz/fuzz_base64_encode.cc ['fuzz_base64_encode'] ['fuzz_base64_encode']
/src/open62541/plugins/crypto/mbedtls/create_certificate.c [] []
/src/open62541/arch/lwip/eventloop_lwip.h [] []
/src/open62541/deps/ua-nodeset/AnsiC/opcua_serverapi.c [] []
/src/open62541/plugins/crypto/mbedtls/securitypolicy_basic128rsa15.c [] []
/src/open62541/plugins/ua_log_syslog.c [] []
/src/open62541/src/server/ua_nodes.c ['fuzz_tcp_message', 'fuzz_attributeoperand', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/tests/check_utils.c [] []
/src/open62541/deps/nodesetLoader/src/InternalRefService.c [] []
/src/open62541/tests/fuzz/fuzz_base64_decode.cc ['fuzz_base64_decode'] ['fuzz_base64_decode']
/src/open62541/tests/check_mp_printf.c [] []
/src/open62541/tests/server/check_discovery.c [] []
/src/open62541/deps/ziptree.h [] []
/src/open62541/src/server/ua_discovery.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/plugins/historydata/ua_history_data_gathering_default.c [] []
/src/open62541/deps/nodesetLoader/src/Node.c [] []
/src/open62541/tests/pubsub/check_pubsub_informationmodel_methods.c [] []
/src/open62541/tests/pubsub/check_pubsub_informationmodel.c [] []
/src/open62541/examples/events/server_random_events.c [] []
/src/open62541/deps/nodesetLoader/backends/open62541/tests/integration/client/sort_utils.cpp [] []
/src/open62541/deps/ua-nodeset/AnsiC/opcua_types.c [] []
/src/open62541/src/server/ua_services_monitoreditem.c [] []
/src/open62541/src/client/ua_client_internal.h [] []
/src/open62541/arch/common/eventloop_common.c ['fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/plugins/crypto/mbedtls/securitypolicy_common.h [] []
/src/open62541/src/util/ua_eventfilter_lex.c [] []
/src/open62541/tests/multithreading/check_mt_addVariableNode.c [] []
/src/open62541/plugins/crypto/mbedtls/certificategroup.c [] []
/src/open62541/arch/posix/eventloop_posix_tcp.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/examples/pubsub/sks/pubsub_subscribe_encrypted_sks.c [] []
/src/open62541/plugins/crypto/ua_securitypolicy_filestore.c [] []
/src/open62541/tests/client/check_client_highlevel.c [] []
/src/open62541/tests/multithreading/check_mt_writeValueAttribute.c ['fuzz_tcp_message', 'fuzz_binary_message'] []
/src/open62541/deps/ziptree.c [] []
/src/open62541/plugins/crypto/openssl/create_certificate.c [] []
/src/open62541/include/open62541/client_highlevel_async.h [] []
/src/open62541/examples/pubsub/sks/pubsub_publish_encrypted_sks.c [] []
/src/open62541/examples/ci_server.c [] []
/src/open62541/tests/fuzz/fuzz_tcp_message.cc ['fuzz_tcp_message'] []
/src/open62541/tests/client/check_client_async.c [] []
/src/open62541/src/pubsub/ua_pubsub_ns0.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/tests/multithreading/check_mt_addVariableTypeNode.c [] []
/src/open62541/plugins/crypto/openssl/securitypolicy_common.c ['fuzz_tcp_message', 'fuzz_binary_message'] []
/src/open62541/plugins/crypto/mbedtls/securitypolicy_common.c ['fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/src/pubsub/ua_pubsub_readergroup.c [] []
/src/open62541/tests/testing-plugins/thread_wrapper.h [] []
/src/open62541/tools/ua-cli/ua.c [] []
/src/open62541/arch/zephyr/eventloop_zephyr.c [] []
/src/open62541/tests/testing-plugins/testing_clock.c [] []
/src/open62541/deps/nodesetLoader/src/PrintfLogger.c [] []
/src/open62541/deps/mdnsd/libmdnsd/mdnsd.c ['fuzz_mdns_message'] []
/src/open62541/plugins/ua_debug_dump_pkgs.c ['fuzz_binary_message'] []
/src/open62541/plugins/crypto/openssl/securitypolicy_common.h [] []
/src/open62541/deps/nodesetLoader/src/AliasList.c [] []
/src/open62541/arch/posix/eventloop_posix.h [] []
/src/open62541/src/client/ua_client_subscriptions.c ['fuzz_binary_message'] []
/src/open62541/plugins/ua_nodestore_ziptree.c [] []
/src/open62541/plugins/crypto/mbedtls/securitypolicy_aes128sha256rsaoaep.c [] []
/src/open62541/tests/server/check_nodestore.c ['fuzz_tcp_message', 'fuzz_attributeoperand', 'fuzz_binary_message'] []
/src/open62541/src/server/ua_services_discovery.c [] []
/src/open62541/plugins/historydata/ua_history_data_backend_memory.c [] []
/src/open62541/tests/fuzz/fuzz_xml_decode_encode.cc ['fuzz_xml_decode_encode'] ['fuzz_xml_decode_encode']
/src/open62541/deps/utf8.h [] []
/src/open62541/deps/nodesetLoader/backends/open62541/src/DataTypeImporter.c [] []
/src/open62541/src/server/ua_subscription.h [] []
/src/open62541/include/open62541/server.h ['fuzz_tcp_message', 'fuzz_binary_message'] []
/src/open62541/arch/zephyr/eventloop_zephyr_tcp.c [] []
/src/open62541/deps/musl_inet_pton.c [] []
/src/open62541/tests/server/randomindextest_backend.h [] []
/src/open62541/deps/nodesetLoader/backends/open62541/tests/namespaceZeroValues.c [] []
/src/open62541/deps/ua-nodeset/AnsiC/opcua_types.h [] []
/src/open62541/tests/fuzz/ua_debug_dump_pkgs_file.c ['fuzz_binary_message'] []
/src/open62541/arch/posix/eventloop_posix.c ['fuzz_tcp_message', 'fuzz_attributeoperand', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/src/server/ua_services.c ['fuzz_binary_message'] []
/src/open62541/tests/pubsub/check_pubsub_sks_keystorage.c [] []
/src/open62541/deps/nodesetLoader/backends/open62541/tests/integration/client/client.cpp [] []
/src/open62541/examples/tutorial_server_events.c [] []
/src/open62541/tests/client/check_client_historical_data.c [] []
/src/open62541/tests/pubsub/check_pubsub_udp_unicast.c [] []
/src/open62541/deps/mdnsd/libmdnsd/1035.c ['fuzz_mdns_message'] []
/src/open62541/tests/fuzz/custom_memory_manager.c ['fuzz_tcp_message', 'fuzz_src_ua_util', 'fuzz_binary_decode', 'fuzz_attributeoperand'] ['fuzz_src_ua_util', 'fuzz_binary_decode']
/src/open62541/tests/server/check_node_inheritance.c [] []
/src/open62541/tests/pubsub/check_pubsub_decryption.c [] []
/src/open62541/examples/common.h [] []
/src/open62541/tests/check_eventloop_interrupt.c [] []
/src/open62541/deps/mqtt-c/tests.c [] []
/src/open62541/tests/pubsub/check_pubsub_connection_mqtt.c [] []
/src/open62541/examples/pubsub/server_pubsub_publisher_iop.c [] []
/src/open62541/include/open62541/client_highlevel.h [] []
/src/open62541/tests/server/check_services_subscriptions.c [] []
/src/open62541/examples/server_inheritance.c [] []
/src/open62541/src/server/ua_services_view.c ['fuzz_tcp_message', 'fuzz_attributeoperand', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/arch/zephyr/clock_zephyr.c [] []
/src/open62541/tests/testing-plugins/testing_networklayers_pcap.c [] []
/src/open62541/src/pubsub/ua_pubsub_keystorage.c [] []
/src/open62541/tests/server/check_services_nodemanagement.c [] []
/src/open62541/tests/check_types_builtin_xml.c [] []
/src/open62541/tests/encryption/check_crl_validation.c [] []
/src/open62541/tests/server/check_session.c [] []
/src/open62541/examples/nodeset/server_testnodeset.c [] []
/src/open62541/src/client/ua_client_connect.c ['fuzz_binary_message'] []
/src/open62541/tests/server/check_server_jobs.c [] []
/src/open62541/deps/cj5.c ['fuzz_json_decode_encode', 'fuzz_json_decode'] ['fuzz_json_decode_encode', 'fuzz_json_decode']
/src/open62541/tests/pubsub/check_pubsub_subscribe.c [] []
/src/open62541/examples/tutorial_server_datasource.c [] []
/src/open62541/src/ua_securechannel_crypto.c ['fuzz_tcp_message', 'fuzz_binary_message'] []
/src/open62541/src/ua_types_encoding_json_105.c ['fuzz_json_decode_encode', 'fuzz_json_decode'] ['fuzz_json_decode_encode', 'fuzz_json_decode']
/src/open62541/tests/multithreading/check_mt_addDeleteObject.c [] []
/src/open62541/plugins/crypto/ua_certificategroup_filestore.c ['fuzz_binary_message'] []
/src/open62541/plugins/crypto/mbedtls/securitypolicy_basic256sha256.c [] []
/src/open62541/src/server/ua_subscription.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/tests/server/check_services_attributes.c [] []
/src/open62541/deps/nodesetLoader/src/NodesetLoader.c [] []
/src/open62541/src/server/ua_discovery_mdns_avahi.c ['fuzz_tcp_message', 'fuzz_binary_message'] []
/src/open62541/deps/open62541_queue.h [] []
/src/open62541/tests/server/check_local_monitored_item.c [] []
/src/open62541/plugins/ua_nodesetloader.c [] []
/src/open62541/tests/fuzz/fuzz_binary_message.cc ['fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/src/server/ua_server_ns0.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/src/server/ua_server_ns0_gds.c ['fuzz_tcp_message', 'fuzz_binary_message'] []
/src/open62541/src/server/ua_subscription_eventfilter.c [] []
/src/open62541/src/server/ua_services_session.c ['fuzz_tcp_message', 'fuzz_binary_message'] []
/src/open62541/examples/tutorial_server_method_async.c [] []
/src/open62541/include/open62541/client_subscriptions.h [] []
/src/open62541/tools/tpm_keystore/cert_encrypt_tpm.c ['fuzz_tcp_message', 'fuzz_binary_message'] []
/src/open62541/examples/encryption/client_encryption_tpm_keystore.c [] []
/src/open62541/src/ua_types.c ['fuzz_tcp_message', 'fuzz_xml_decode_encode', 'fuzz_binary_decode', 'fuzz_attributeoperand', 'fuzz_json_decode_encode', 'fuzz_json_decode', 'fuzz_binary_message'] ['fuzz_xml_decode_encode', 'fuzz_binary_decode', 'fuzz_json_decode_encode', 'fuzz_json_decode', 'fuzz_binary_message']
/src/open62541/deps/mqtt-c/src/mqtt_pal.c [] []
/src/open62541/deps/parse_num.c [] []
/src/open62541/src/server/ua_server_binary.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/tests/testing-plugins/test_helpers.h [] []
/src/open62541/examples/custom_datatype/custom_datatype.h [] []
/src/open62541/deps/nodesetLoader/backends/open62541/src/nodeset_base64.h [] []
/src/open62541/examples/pubsub/sks/server_pubsub_central_sks.c [] []
/src/open62541/tests/pubsub/check_pubsub_custom_state_machine.c [] []
/src/open62541/tests/multithreading/check_mt_addObjectNode.c [] []
/src/open62541/plugins/crypto/openssl/securitypolicy_basic256sha256.c [] []
/src/open62541/deps/nodesetLoader/backends/open62541/src/padding.h [] []
/src/open62541/deps/nodesetLoader/backends/open62541/tests/integration/reference_server/server.cpp [] []
/src/open62541/plugins/crypto/openssl/securitypolicy_aes128sha256rsaoaep.c [] []
/src/open62541/tests/client/check_client_subscriptions.c ['fuzz_binary_message'] []
/src/open62541/src/pubsub/ua_pubsub_dataset.c [] []
/src/open62541/src/server/ua_subscription_datachange.c [] []
/src/open62541/plugins/crypto/openssl/securitypolicy_basic256.c ['fuzz_binary_message'] []
/src/open62541/arch/posix/eventloop_posix_udp.c [] []
/src/open62541/examples/events/client_filter_queries.c [] []
/src/open62541/deps/nodesetLoader/tests/sort.c [] []
/src/open62541/plugins/historydata/ua_history_database_default.c [] []
/src/open62541/tests/pubsub/check_pubsub_publish.c [] []
/src/open62541/deps/nodesetLoader/src/Nodeset.c [] []
/src/open62541/examples/tutorial_server_alarms_conditions.c [] []
/src/open62541/examples/tutorial_server_variable.c [] []
/src/open62541/include/open62541/server_pubsub.h [] []
/src/open62541/deps/mdnsd/libmdnsd/sdtxt.c ['fuzz_mdns_xht'] ['fuzz_mdns_xht']
/src/open62541/tests/pubsub/check_pubsub_subscribe_msgrcvtimeout.c [] []
/src/open62541/tests/check_chunking.c [] []
/src/open62541/src/server/ua_services_nodemanagement.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/arch/posix/eventloop_posix_eth.c [] []
/src/open62541/src/util/ua_eventfilter_grammar.c [] []
/src/open62541/deps/mp_printf.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/plugins/crypto/ua_certificategroup_none.c [] []
/src/open62541/src/ua_types_encoding_binary.h [] []
/src/open62541/examples/pubsub/server_pubsub_file_configuration.c [] []
/src/open62541/tests/server/check_server_asyncop.c [] []
/src/open62541/src/server/ua_server_utils.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/deps/nodesetLoader/backends/open62541/src/customDataType.c [] []
/src/open62541/deps/mdnsd/tests/fuzz/fuzz_mdns_message.cc ['fuzz_mdns_message'] []
/src/open62541/tests/server/check_subscription_events_local.c [] []
/src/open62541/tests/check_cj5.c [] []
/src/open62541/deps/nodesetLoader/backends/open62541/src/import.c [] []
/src/open62541/tests/check_eventloop_tcp.c [] []
/src/open62541/include/open62541/util.h [] []
/src/open62541/deps/nodesetLoader/backends/open62541/src/conversion.h [] []
/src/open62541/tests/server/check_monitoreditem_filter.c [] []
/src/open62541/tests/pubsub/check_pubsub_sks_pull.c [] []
/src/open62541/tests/check_yxml.c [] []
/src/open62541/tests/server/check_server_callbacks.c [] []
/src/open62541/examples/pubsub_realtime/server_pubsub_subscribe_rt_state_machine.c [] []
/src/open62541/tests/check_eventloop_udp.c [] []
/src/open62541/deps/pcg_basic.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/plugins/crypto/openssl/securitypolicy_aes256sha256rsapss.c ['fuzz_tcp_message', 'fuzz_binary_message'] []
/src/open62541/src/server/ua_server_config.c ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/tests/server/check_server_historical_data.c [] []
/src/open62541/src/pubsub/ua_pubsub_connection.c [] []
/src/open62541/tests/fuzz/fuzz_json_decode_encode.cc ['fuzz_json_decode_encode'] ['fuzz_json_decode_encode']
/src/open62541/plugins/ua_config_json.c [] []
/src/open62541/tests/client/check_client_async_connect.c [] []
/src/open62541/deps/mqtt-c/examples/bearssl_publisher.c [] []
/src/open62541/examples/tutorial_client_events.c [] []
/src/open62541/include/open62541/client.h [] []
/src/open62541/examples/client_subscription_loop.c [] []
/src/open62541/src/util/ua_util.c ['fuzz_tcp_message', 'fuzz_src_ua_util', 'fuzz_attributeoperand', 'fuzz_binary_message'] ['fuzz_src_ua_util', 'fuzz_binary_message']
/src/open62541/examples/server_repeated_job.c [] []
/src/open62541/examples/tutorial_server_method.c [] []
/src/open62541/src/client/ua_client.c ['fuzz_binary_message'] []
/src/open62541/src/pubsub/ua_pubsub_securitygroup.c [] []
/src/open62541/examples/pubsub/pubsub_subscribe_standalone_dataset.c [] []
/src/open62541/tests/client/check_client_securechannel.c [] []
/src/open62541/tests/server/check_server_password.c [] []
/src/open62541/src/server/ua_server_internal.h ['fuzz_tcp_message', 'fuzz_binary_message'] ['fuzz_binary_message']
/src/open62541/deps/nodesetLoader/backends/open62541/examples/iterate.c [] []
/src/open62541/examples/client_method_async.c [] []
/src/open62541/tests/pubsub/check_pubsub_sks_client.c [] []
/src/open62541/deps/nodesetLoader/backends/open62541/tests/integration/client/utils.cpp [] []
/src/open62541/tests/testing-plugins/testing_policy.c [] []
/src/open62541/plugins/crypto/ua_securitypolicy_none.c [] []
/src/open62541/deps/mqtt-c/examples/templates/mbedtls_sockets.h [] []
/src/open62541/tests/multithreading/check_mt_readWriteDeleteCallback.c [] []
/src/open62541/src/pubsub/ua_pubsub_networkmessage_json.c [] []
/src/open62541/deps/base64.c ['fuzz_base64_decode', 'fuzz_attributeoperand', 'fuzz_base64_encode'] ['fuzz_base64_decode', 'fuzz_base64_encode']
/src/open62541/src/server/ua_services_method.c [] []
/src/open62541/tests/fuzz/fuzz_binary_decode.cc ['fuzz_binary_decode'] ['fuzz_binary_decode']
/src/open62541/deps/nodesetLoader/src/Sort.c [] []
/src/open62541/examples/client_connect.c [] []
/src/open62541/tests/check_ziptree.c [] []
/src/open62541/deps/itoa.c ['fuzz_tcp_message', 'fuzz_attributeoperand', 'fuzz_binary_message'] []
/src/open62541/tests/multithreading/mt_testing.h [] []
/src/open62541/src/pubsub/ua_pubsub_writergroup.c [] []
/src/open62541/src/server/ua_subscription_event.c [] []

Directories in report

Directory
/src/open62541/tests/encryption/
/src/open62541/examples/pubsub/
/src/open62541/deps/ua-nodeset/AnsiC/
/src/open62541/deps/nodesetLoader/backends/open62541/tests/integration/client/
/src/open62541/deps/
/src/open62541/plugins/crypto/pkcs11/
/src/open62541/deps/mdnsd/tests/fuzz/
/src/open62541/examples/discovery/
/src/open62541/plugins/
/src/open62541/deps/mdnsd/
/src/open62541/tests/client/
/src/open62541/include/open62541/
/src/open62541/deps/mqtt-c/examples/templates/
/src/open62541/tests/network_replay/
/src/open62541/tools/ua-cli/
/src/open62541/plugins/crypto/
/src/open62541/plugins/include/open62541/plugin/
/src/open62541/tools/tpm_keystore/
/src/open62541/deps/mqtt-c/
/src/open62541/deps/mqtt-c/src/
/src/open62541/src/
/src/open62541/arch/zephyr/
/src/open62541/deps/nodesetLoader/src/
/src/open62541/examples/pubsub_realtime/
/src/open62541/examples/custom_datatype/
/src/open62541/tests/multithreading/
/src/open62541/deps/nodesetLoader/backends/open62541/tests/integration/test_server/
/src/open62541/src/pubsub/
/src/open62541/deps/mdnsd/libmdnsd/
/src/open62541/tools/ua2json/
/src/open62541/deps/nodesetLoader/backends/open62541/tests/
/src/open62541/plugins/crypto/openssl/
/src/open62541/deps/nodesetLoader/backends/open62541/examples/
/src/open62541/arch/lwip/
/src/open62541/examples/nodeset/
/src/open62541/src/server/
/src/open62541/tests/server/
/src/open62541/examples/
/src/open62541/deps/mqtt-c/include/
/src/open62541/src/client/
/src/open62541/src/util/
/src/open62541/deps/nodesetLoader/backends/open62541/src/
/src/open62541/examples/events/
/src/open62541/deps/mqtt-c/examples/
/src/open62541/examples/pubsub/sks/
/src/open62541/deps/nodesetLoader/tests/
/src/open62541/tests/testing-plugins/
/src/open62541/arch/posix/
/src/open62541/tests/pubsub/
/src/open62541/tests/
/src/open62541/include/open62541/plugin/
/src/open62541/examples/encryption/
/src/open62541/examples/access_control/
/src/open62541/arch/common/
/src/open62541/deps/nodesetLoader/backends/open62541/tests/dataTypeImport/
/src/open62541/deps/nodesetLoader/backends/stdout/examples/
/src/open62541/plugins/historydata/
/src/open62541/tests/fuzz/
/src/open62541/deps/nodesetLoader/backends/open62541/tests/integration/reference_server/
/src/open62541/plugins/crypto/mbedtls/

Function call coverage

This section shows a list of 3rd party function calls and their relative coverage information. By static analysis of the target project code, all of the 3rd party function call and their caller information, including the source file and line number that initiate the call are captured. The caller source code file and line number are shown in column 2 while column 1 is the function name of the 3rd party function call. Each occurrent of the 3rd party function call will occuply a separate row. Column 3 of each row indicate if the 3rd party call in the source file line is unreachable. Column 4 lists all fuzzers that have covered that particular system call in that specific location (source file and line)during their dynamic fuzzing.

Function in each files in report

Target sink Callsite location Reached by fuzzer Covered by Fuzzers

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
fuzz_base64_decode fuzzerLogFile-fuzz_base64_decode.data fuzzerLogFile-fuzz_base64_decode.data.yaml fuzz_base64_decode.covreport
fuzz_tcp_message fuzzerLogFile-fuzz_tcp_message.data fuzzerLogFile-fuzz_tcp_message.data.yaml fuzz_tcp_message.covreport
fuzz_src_ua_util fuzzerLogFile-fuzz_src_ua_util.data fuzzerLogFile-fuzz_src_ua_util.data.yaml fuzz_src_ua_util.covreport
fuzz_xml_decode_encode fuzzerLogFile-fuzz_xml_decode_encode.data fuzzerLogFile-fuzz_xml_decode_encode.data.yaml fuzz_xml_decode_encode.covreport
fuzz_mdns_message fuzzerLogFile-fuzz_mdns_message.data fuzzerLogFile-fuzz_mdns_message.data.yaml fuzz_mdns_message.covreport
fuzz_binary_decode fuzzerLogFile-fuzz_binary_decode.data fuzzerLogFile-fuzz_binary_decode.data.yaml fuzz_binary_decode.covreport
fuzz_attributeoperand fuzzerLogFile-fuzz_attributeoperand.data fuzzerLogFile-fuzz_attributeoperand.data.yaml fuzz_attributeoperand.covreport
fuzz_mdns_xht fuzzerLogFile-fuzz_mdns_xht.data fuzzerLogFile-fuzz_mdns_xht.data.yaml fuzz_mdns_xht.covreport
fuzz_json_decode_encode fuzzerLogFile-fuzz_json_decode_encode.data fuzzerLogFile-fuzz_json_decode_encode.data.yaml fuzz_json_decode_encode.covreport
fuzz_base64_encode fuzzerLogFile-fuzz_base64_encode.data fuzzerLogFile-fuzz_base64_encode.data.yaml fuzz_base64_encode.covreport
fuzz_json_decode fuzzerLogFile-fuzz_json_decode.data fuzzerLogFile-fuzz_json_decode.data.yaml fuzz_json_decode.covreport
fuzz_binary_message fuzzerLogFile-fuzz_binary_message.data fuzzerLogFile-fuzz_binary_message.data.yaml fuzz_binary_message.covreport

Sink analyser for CWEs

This section contains multiple tables, each table contains a list of sink functions/methods found in the project for one of the CWE supported by the sink analyser, together with information like which fuzzers statically reach the sink functions/methods and possible call path to that sink functions/methods if it is not statically reached by any fuzzers. Column 1 is the function/method name of the sink functions/methods found in the project. Column 2 lists all fuzzers (or no fuzzers at all) that have covered that particular function method statically. Column 3 shows a list of possible call paths to reach the specific function/method call if none of the fuzzers cover the target function/method calls. Lastly, column 4 shows possible fuzzer blockers that prevent an existing fuzzer from reaching the target sink functions/methods dynamically.

Sink functions/methods found for CWE22

Target sink Reached by fuzzer Function call path Possible branch blockers
opendir [] Path 1
Path 2

N/A
readdir [] Path 1
N/A
readdir_r [] Path 1
Path 2

N/A