Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Project coverage
Per-fuzzer coverage

Table of contents

Project overview: sudoers
High level conclusions
Reachability and coverage overview
Fuzzers overview
Project functions overview
Fuzzer details
Fuzzer: fuzz_iolog_legacy
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_iolog_timing
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_sudo_conf
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_iolog_json
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_logsrvd_conf
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_sudoers
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_sudoers_ldif
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Fuzzer: fuzz_policy
Call tree
Fuzz blockers
Runtime coverage analysis
Files reached
Analyses and suggestions
Optimal target analysis
Remaining optimal interesting functions
All functions overview
Runtime coverage analysis
Complex functions with low coverage
Files and Directories in report
Files in report
Directories in report
Metadata section
Function call coverage
Function in each files in report
Report generation date: 2023-06-07

Project overview: sudoers

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
59.0%
470 / 796
Cyclomatic complexity statically reachable by fuzzers
65.0%
3687 / 5631
Runtime code coverage of functions
69.0%
552 / 796

Warning: The number of runtime covered functions are larger than the number of reachable functions. This means that Fuzz Introspector found there are more functions covered at runtime than what is considered reachable based on the static analysis. This is a limitation in the analysis as anything covered at runtime is by definition reachable by the fuzzers.
This is likely due to a limitation in the static analysis. In this case, the count of functions covered at runtime is the true value, which means this is what should be considered "achieved" by the fuzzer.

Use the project functions table below to query all functions that were not covered at runtime.

Fuzzers overview

Fuzzer Fuzzer filename Functions Reached Functions unreached Fuzzer depth Files reached Basic blocks reached Cyclomatic complexity Details
fuzz_iolog_legacy lib/iolog/./regress/fuzz/fuzz_iolog_legacy.c 41 33 4 8 311 172 fuzz_iolog_legacy.c
fuzz_iolog_timing lib/iolog/./regress/fuzz/fuzz_iolog_timing.c 89 47 9 18 775 380 fuzz_iolog_timing.c
fuzz_sudo_conf lib/util/./regress/fuzz/fuzz_sudo_conf.c 79 56 8 11 618 313 fuzz_sudo_conf.c
fuzz_iolog_json lib/iolog/./regress/fuzz/fuzz_iolog_json.c 53 62 6 10 740 285 fuzz_iolog_json.c
fuzz_logsrvd_conf logsrvd/./regress/fuzz/fuzz_logsrvd_conf.c 187 117 9 22 1641 758 fuzz_logsrvd_conf.c
fuzz_sudoers plugins/sudoers/./regress/fuzz/fuzz_sudoers.c 388 85 10 44 8404 2724 fuzz_sudoers.c
fuzz_sudoers_ldif plugins/sudoers/./regress/fuzz/fuzz_sudoers_ldif.c 133 340 8 23 1917 732 fuzz_sudoers_ldif.c
fuzz_policy plugins/sudoers/./regress/fuzz/fuzz_policy.c 92 568 10 18 875 363 fuzz_policy.c

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Fuzzer details

Fuzzer: fuzz_iolog_legacy

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 11 17.4%
gold [1:9] 5 7.93%
yellow [10:29] 2 3.17%
greenyellow [30:49] 3 4.76%
lawngreen 50+ 42 66.6%
All colors 63 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
26 38 2 :

['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']

26 40 iolog_parse_loginfo_legacy call site: 00048 /src/sudo/lib/iolog/./iolog_legacy.c:132
26 38 2 :

['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']

26 40 iolog_parse_loginfo_legacy call site: 00050 /src/sudo/lib/iolog/./iolog_legacy.c:138
10 10 2 :

['fputs', 'putc']

12 14 warning call site: 00000 /src/sudo/lib/util/./fatal.c:192
5 5 1 :

['sudo_basename_v1']

14 14 initprogname2 call site: 00003 /src/sudo/lib/util/./progname.c:67
2 2 1 :

['strcmp']

9 9 initprogname2 call site: 00004 /src/sudo/lib/util/./progname.c:79
0 0 None 26 40 iolog_parse_loginfo_legacy call site: 00039 /src/sudo/lib/iolog/./iolog_legacy.c:99
0 0 None 26 40 iolog_parse_loginfo_legacy call site: 00042 /src/sudo/lib/iolog/./iolog_legacy.c:110
0 0 None 26 40 iolog_parse_loginfo_legacy call site: 00045 /src/sudo/lib/iolog/./iolog_legacy.c:122
0 0 None 12 16 warning call site: 00000 /src/sudo/lib/util/./fatal.c:189
0 0 None 6 6 sudo_strtonumx call site: 00028 /src/sudo/lib/util/./strtonum.c:56
0 0 None 6 6 sudo_strtonumx call site: 00030 /src/sudo/lib/util/./strtonum.c:111
0 0 None 2 2 sudo_warn_gettext_v1 call site: 00020 /src/sudo/lib/util/./fatal.c:334

Runtime coverage analysis

Covered functions
18
Functions that are reachable but not covered
23
Reachable functions
41
Percentage of reachable functions covered
43.9%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
lib/iolog/./regress/fuzz/fuzz_iolog_legacy.c 3
lib/util/./progname.c 4
lib/util/./basename.c 1
lib/util/./fatal.c 2
lib/iolog/./iolog_legacy.c 1
lib/util/./sudo_debug.c 4
lib/util/./strtonum.c 2
lib/eventlog/./eventlog_free.c 1

Fuzzer: fuzz_iolog_timing

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 62 36.2%
gold [1:9] 7 4.09%
yellow [10:29] 10 5.84%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 92 53.8%
All colors 171 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
33 33 1 :

['sudo_fatal_nodebug_v1']

33 33 _rs_stir call site: 00023 /src/sudo/lib/util/./arc4random.c:99
10 86 4 :

['__errno_location', 'sudo_arc4random_buf', 'mkdirat', 'openat']

10 86 mktemp_internal call site: 00049 /src/sudo/lib/util/./mktemp.c:111
10 10 2 :

['fputs', 'putc']

12 14 warning call site: 00026 /src/sudo/lib/util/./fatal.c:192
8 8 3 :

['close', 'iolog_swapids', 'openat']

10 12 iolog_openat call site: 00075 /src/sudo/lib/iolog/./iolog_openat.c:74
6 6 2 :

['__errno_location', 'close']

6 10 iolog_open call site: 00084 /src/sudo/lib/iolog/./iolog_open.c:102
5 5 1 :

['sudo_basename_v1']

14 14 initprogname2 call site: 00003 /src/sudo/lib/util/./progname.c:67
4 6 3 :

['iolog_get_compress', 'fchown', 'sudo_debug_printf2_v1']

14 20 iolog_open call site: 00066 /src/sudo/lib/iolog/./iolog_open.c:80
4 4 2 :

['fchmodat', 'fstatat']

18 20 iolog_openat call site: 00072 /src/sudo/lib/iolog/./iolog_openat.c:63
4 4 2 :

['__errno_location', 'strerror']

4 6 iolog_close call site: 00166 /src/sudo/lib/iolog/./iolog_close.c:73
2 2 1 :

['strcmp']

9 9 initprogname2 call site: 00004 /src/sudo/lib/util/./progname.c:79
2 2 1 :

['unlinkat']

2 4 iolog_open call site: 00065 /src/sudo/lib/iolog/./iolog_open.c:77
0 32 2 :

['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']

0 34 iolog_read_timing_record call site: 00098 /src/sudo/lib/iolog/./iolog_timing.c:259

Runtime coverage analysis

Covered functions
41
Functions that are reachable but not covered
48
Reachable functions
89
Percentage of reachable functions covered
46.07%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
lib/iolog/./regress/fuzz/fuzz_iolog_timing.c 3
lib/util/./progname.c 4
lib/util/./basename.c 1
lib/util/./fatal.c 5
lib/util/./mktemp.c 2
lib/util/./arc4random.c 6
lib/util/./chacha_private.h 3
lib/iolog/./iolog_open.c 1
lib/iolog/./iolog_conf.c 5
lib/util/./sudo_debug.c 6
lib/iolog/./iolog_util.c 1
lib/iolog/./iolog_openat.c 1
lib/iolog/./iolog_timing.c 3
lib/iolog/./iolog_gets.c 1
lib/iolog/./iolog_eof.c 1
lib/util/./strtonum.c 2
lib/util/./str2sig.c 1
lib/iolog/./iolog_close.c 1

Fuzzer: fuzz_sudo_conf

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 52 37.9%
gold [1:9] 13 9.48%
yellow [10:29] 1 0.72%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 71 51.8%
All colors 137 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
33 33 1 :

['sudo_fatal_nodebug_v1']

33 33 _rs_stir call site: 00025 /src/sudo/lib/util/./arc4random.c:99
28 34 2 :

['sudo_warn_nodebug_v1', 'sudo_warn_gettext_v1']

34 42 sudo_conf_read_v1 call site: 00075 /src/sudo/lib/util/./sudo_conf.c:709
10 86 4 :

['__errno_location', 'sudo_arc4random_buf', 'mkdirat', 'openat']

10 86 mktemp_internal call site: 00038 /src/sudo/lib/util/./mktemp.c:107
10 10 2 :

['fputs', 'putc']

12 14 warning call site: 00052 /src/sudo/lib/util/./fatal.c:192
5 5 1 :

['sudo_basename_v1']

14 14 initprogname2 call site: 00005 /src/sudo/lib/util/./progname.c:67
2 2 1 :

['__errno_location']

36 38 sudo_conf_read_v1 call site: 00070 /src/sudo/lib/util/./sudo_conf.c:657
2 2 1 :

['strcmp']

9 9 initprogname2 call site: 00006 /src/sudo/lib/util/./progname.c:79
2 2 1 :

['close']

4 6 sudo_conf_read_v1 call site: 00092 /src/sudo/lib/util/./sudo_conf.c:756
2 2 1 :

['setlocale']

2 4 sudo_conf_read_v1 call site: 00094 /src/sudo/lib/util/./sudo_conf.c:763
0 38 3 :

['sudo_warn_gettext_v1', 'sudo_warnx_nodebug_v1', 'free']

0 40 parse_debug call site: 00000 /src/sudo/lib/util/./sudo_conf.c:295
0 38 2 :

['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']

0 40 parse_path call site: 00000 /src/sudo/lib/util/./sudo_conf.c:214
0 38 3 :

['sudo_warn_gettext_v1', 'sudo_warnx_nodebug_v1', 'free']

0 40 parse_plugin call site: 00000 /src/sudo/lib/util/./sudo_conf.c:370

Runtime coverage analysis

Covered functions
56
Functions that are reachable but not covered
36
Reachable functions
79
Percentage of reachable functions covered
54.43%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
lib/util/./regress/fuzz/fuzz_sudo_conf.c 2
lib/util/./sudo_conf.c 15
lib/util/./progname.c 4
lib/util/./basename.c 1
lib/util/./fatal.c 7
lib/util/./mktemp.c 2
lib/util/./arc4random.c 6
lib/util/./chacha_private.h 3
lib/util/./sudo_debug.c 6
lib/util/./strlcpy.c 1
lib/util/./parseln.c 1

Fuzzer: fuzz_iolog_json

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 25 14.5%
gold [1:9] 23 13.3%
yellow [10:29] 17 9.88%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 107 62.2%
All colors 172 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
10 10 2 :

['fputs', 'putc']

12 14 warning call site: 00027 /src/sudo/lib/util/./fatal.c:192
2 2 1 :

['strcmp']

9 9 initprogname2 call site: 00004 /src/sudo/lib/util/./progname.c:79
0 38 2 :

['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']

0 40 json_array_to_strvec call site: 00000 /src/sudo/lib/eventlog/./parse_json.c:184
0 38 2 :

['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']

0 40 new_json_item call site: 00046 /src/sudo/lib/eventlog/./parse_json.c:470
0 38 2 :

['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']

0 40 json_parse_string call site: 00067 /src/sudo/lib/eventlog/./parse_json.c:501
0 32 2 :

['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']

0 34 eventlog_json_parse call site: 00154 /src/sudo/lib/eventlog/./parse_json.c:615
0 0 None 22 1147 eventlog_json_read call site: 00093 /src/sudo/lib/eventlog/./parse_json.c:935
0 0 None 22 1147 eventlog_json_read call site: 00104 /src/sudo/lib/eventlog/./parse_json.c:957
0 0 None 22 1147 eventlog_json_read call site: 00111 /src/sudo/lib/eventlog/./parse_json.c:979
0 0 None 22 1147 eventlog_json_read call site: 00133 /src/sudo/lib/eventlog/./parse_json.c:1009
0 0 None 12 16 warning call site: 00027 /src/sudo/lib/util/./fatal.c:189
0 0 None 10 10 sudo_strtonumx call site: 00123 /src/sudo/lib/util/./strtonum.c:90

Runtime coverage analysis

Covered functions
62
Functions that are reachable but not covered
20
Reachable functions
53
Percentage of reachable functions covered
62.26%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
lib/iolog/./regress/fuzz/fuzz_iolog_json.c 3
lib/util/./progname.c 4
lib/util/./basename.c 1
lib/util/./fatal.c 4
lib/iolog/./iolog_json.c 1
lib/util/./sudo_debug.c 7
lib/eventlog/./parse_json.c 11
lib/util/./hexchar.c 1
lib/util/./strtonum.c 2
lib/eventlog/./eventlog_free.c 1

Fuzzer: fuzz_logsrvd_conf

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 303 61.7%
gold [1:9] 9 1.83%
yellow [10:29] 8 1.62%
greenyellow [30:49] 1 0.20%
lawngreen 50+ 170 34.6%
All colors 491 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
33 33 1 :

['sudo_open_conf_path_v1']

67 664 logsrvd_conf_read call site: 00057 /src/sudo/logsrvd/./logsrvd_conf.c:1869
33 33 1 :

['sudo_fatal_nodebug_v1']

33 33 _rs_stir call site: 00023 /src/sudo/lib/util/./arc4random.c:99
30 30 2 :

['__errno_location', 'sudo_warn_nodebug_v1']

32 530 logsrvd_conf_read call site: 00178 /src/sudo/logsrvd/./logsrvd_conf.c:1880
14 40 3 :

['sudo_warnx_nodebug_v1', 'malloc', 'sudo_rcstr_addref']

17 73 append_address call site: 00246 /src/sudo/logsrvd/./logsrvd_conf.c:548
10 86 4 :

['__errno_location', 'sudo_arc4random_buf', 'mkdirat', 'openat']

10 86 mktemp_internal call site: 00049 /src/sudo/lib/util/./mktemp.c:107
10 10 2 :

['fputs', 'putc']

12 14 warning call site: 00027 /src/sudo/lib/util/./fatal.c:192
10 10 5 :

['inet_pton', 'calloc', 'strdup', 'free', 'htons']

10 10 getaddrinfo call site: 00258 /src/sudo/logsrvd/./regress/fuzz/fuzz_logsrvd_conf.c:110
5 5 1 :

['sudo_basename_v1']

14 14 initprogname2 call site: 00003 /src/sudo/lib/util/./progname.c:67
3 3 1 :

['freeaddrinfo']

3 5 append_address call site: 00269 /src/sudo/logsrvd/./logsrvd_conf.c:572
2 2 1 :

['strcmp']

9 9 initprogname2 call site: 00004 /src/sudo/lib/util/./progname.c:79
2 2 1 :

['SSL_CTX_free']

4 20 logsrvd_conf_free call site: 00151 /src/sudo/logsrvd/./logsrvd_conf.c:1567
2 2 1 :

['fclose']

2 4 logsrvd_conf_free call site: 00153 /src/sudo/logsrvd/./logsrvd_conf.c:1579

Runtime coverage analysis

Covered functions
94
Functions that are reachable but not covered
125
Reachable functions
187
Percentage of reachable functions covered
33.16%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
logsrvd/./regress/fuzz/fuzz_logsrvd_conf.c 5
lib/util/./progname.c 4
lib/util/./basename.c 1
lib/util/./fatal.c 7
lib/util/./mktemp.c 2
lib/util/./arc4random.c 6
lib/util/./chacha_private.h 3
logsrvd/./logsrvd_conf.c 40
lib/util/./sudo_debug.c 7
lib/util/./logfac.c 1
lib/util/./logpri.c 1
lib/util/./rcstr.c 4
lib/iolog/./iolog_filter.c 4
lib/util/./strlcpy.c 1
lib/util/./secure_path.c 1
lib/util/./strsplit.c 1
lib/util/./parseln.c 1
lib/iolog/./host_port.c 1
lib/util/./strtonum.c 2
logsrvd/./tls_init.c 5
lib/iolog/./iolog_conf.c 6
lib/eventlog/./eventlog_conf.c 10

Fuzzer: fuzz_sudoers

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 1330 69.7%
gold [1:9] 362 18.9%
yellow [10:29] 77 4.03%
greenyellow [30:49] 65 3.40%
lawngreen 50+ 73 3.82%
All colors 1907 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
819 887 6 :

['command_matches_fnmatch', 'strpbrk', 'command_matches_normal', 'command_matches_glob', 'strcmp', 'command_args_match']

821 893 command_matches call site: 01238 /src/sudo/plugins/sudoers/./match_command.c:849
477 1325 9 :

['alias_put', 'usergr_matches', 'runas_getgroups', 'runaslist_matches', 'sudo_gidlist_delref', 'alias_get', 'group_matches', 'netgr_matches', 'strcmp']

477 1392 runaslist_matches call site: 01150 /src/sudo/plugins/sudoers/./match.c:165
106 144 8 :

['__errno_location', 'calloc', 'sudo_warn_gettext_v1', 'sudo_warn_nodebug_v1', 'sudo_strlcpy', 'strlen', 'sudo_warnx_nodebug_v1', 'rbinsert']

106 150 sudo_getpwnam call site: 00980 /src/sudo/plugins/sudoers/./pwutil.c:277
106 144 8 :

['__errno_location', 'calloc', 'sudo_warn_gettext_v1', 'sudo_warn_nodebug_v1', 'sudo_strlcpy', 'strlen', 'sudo_warnx_nodebug_v1', 'rbinsert']

106 150 sudo_getgrnam call site: 01002 /src/sudo/plugins/sudoers/./pwutil.c:594
104 104 2 :

['sudo_getpwuid', 'log_warningx']

1128 1999 sudoers_lookup_pseudo call site: 01490 /src/sudo/plugins/sudoers/./parse.c:77
42 42 5 :

['calloc', 'free', 'sudo_warn_gettext_v1', 'sudo_warnx_nodebug_v1', 'strndup']

42 46 list_op call site: 00176 /src/sudo/plugins/sudoers/./defaults.c:1169
40 97 6 :

['sudo_warn_gettext_v1', 'free', 'sudoers_strict', 'strdup', 'sudoerserror', 'sudo_warnx_nodebug_v1']

40 142 fill_cmnd call site: 00487 /src/sudo/plugins/sudoers/./toke_util.c:153
40 40 4 :

['sudo_warn_gettext_v1', 'sudo_warnx_nodebug_v1', 'strdup', 'free']

44 68 apply_cmndspec call site: 01549 /src/sudo/plugins/sudoers/./parse.c:380
39 39 1 :

['defaults_warnx']

39 41 parse_default_entry call site: 01464 /src/sudo/plugins/sudoers/./defaults.c:304
38 93 3 :

['sudo_warnx_nodebug_v1', 'sudoerserror', 'sudo_warn_gettext_v1']

38 95 fill call site: 00360 /src/sudo/plugins/sudoers/./toke_util.c:77
38 93 4 :

['free', 'sudo_warnx_nodebug_v1', 'sudoerserror', 'sudo_warn_gettext_v1']

38 95 append call site: 00402 /src/sudo/plugins/sudoers/./toke_util.c:102
38 38 2 :

['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']

38 40 check_aliases call site: 01806 /src/sudo/plugins/sudoers/./check_aliases.c:167

Runtime coverage analysis

Covered functions
203
Functions that are reachable but not covered
188
Reachable functions
388
Percentage of reachable functions covered
51.55%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
plugins/sudoers/./regress/fuzz/fuzz_sudoers.c 11
lib/util/./progname.c 4
lib/util/./basename.c 1
plugins/sudoers/./sudoers_debug.c 2
lib/util/./sudo_debug.c 12
lib/util/./fatal.c 6
plugins/sudoers/./locale.c 3
plugins/sudoers/./pwutil.c 27
plugins/sudoers/./redblack.c 11
lib/util/./strlcpy.c 1
plugins/sudoers/./regress/fuzz/fuzz_stubs.c 8
plugins/sudoers/gram.y 30
plugins/sudoers/./defaults.c 29
lib/util/./logfac.c 1
lib/util/./logpri.c 1
lib/util/./rcstr.c 4
plugins/sudoers/./alias.c 15
plugins/sudoers/toke.l 11
lib/util/./lbuf.c 8
plugins/sudoers/toke.c 16
plugins/sudoers/gram.c 2
plugins/sudoers/./toke_util.c 6
lib/util/./hexchar.c 1
lib/util/./regex.c 3
lib/util/./digest_openssl.c 6
lib/util/./strsplit.c 1
lib/util/./secure_path.c 3
plugins/sudoers/./gentime.c 1
plugins/sudoers/./timeout.c 1
plugins/sudoers/./match.c 17
lib/util/./strtoid.c 3
lib/util/./strtonum.c 2
plugins/sudoers/./match_addr.c 3
plugins/sudoers/./match_command.c 12
plugins/sudoers/./match_digest.c 1
plugins/sudoers/./filedigest.c 1
plugins/sudoers/./b64_decode.c 1
plugins/sudoers/./digestname.c 1
lib/util/./strtomode.c 1
plugins/sudoers/./parse.c 15
lib/util/./roundup.c 1
plugins/sudoers/./fmtsudoers.c 6
plugins/sudoers/./exptilde.c 1
plugins/sudoers/./check_aliases.c 5

Fuzzer: fuzz_sudoers_ldif

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 155 32.2%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 326 67.7%
All colors 481 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
31 43 2 :

['sudo_fatalx_nodebug_v1', 'sudo_warn_gettext_v1']

31 43 ldif_parse_attribute call site: 00228 /src/sudo/plugins/sudoers/./parse_ldif.c:151
31 43 2 :

['sudo_fatalx_nodebug_v1', 'sudo_warn_gettext_v1']

31 43 ldif_store_string call site: 00268 /src/sudo/plugins/sudoers/./parse_ldif.c:182
31 43 2 :

['sudo_fatalx_nodebug_v1', 'sudo_warn_gettext_v1']

31 43 ldif_to_sudoers call site: 00303 /src/sudo/plugins/sudoers/./parse_ldif.c:483
31 43 2 :

['sudo_fatalx_nodebug_v1', 'sudo_warn_gettext_v1']

31 43 role_to_sudoers call site: 00459 /src/sudo/plugins/sudoers/./parse_ldif.c:425
10 10 2 :

['fputs', 'putc']

12 14 warning call site: 00000 /src/sudo/lib/util/./fatal.c:192
9 9 1 :

['sudo_ldap_new_member_all']

55 665 sudo_ldap_role_to_priv call site: 00333 /src/sudo/plugins/sudoers/./ldap_util.c:378
6 44 5 :

['calloc', 'sudo_warn_gettext_v1', 'strncmp', 'sudo_warnx_nodebug_v1', 'strndup']

6 50 list_op call site: 00022 /src/sudo/plugins/sudoers/./defaults.c:1157
5 5 1 :

['sudo_basename_v1']

14 14 initprogname2 call site: 00005 /src/sudo/lib/util/./progname.c:67
2 2 1 :

['strcmp']

9 9 initprogname2 call site: 00006 /src/sudo/lib/util/./progname.c:79
0 69 3 :

['free_members', 'free_privilege', 'free']

0 71 role_to_sudoers call site: 00461 /src/sudo/plugins/sudoers/./parse_ldif.c:430
0 38 3 :

['free', 'sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']

0 40 init_passprompt_regex call site: 00084 /src/sudo/plugins/sudoers/./defaults.c:432
0 38 3 :

['sudo_warn_gettext_v1', 'sudo_warnx_nodebug_v1', 'free']

0 40 sudo_ldap_extract_digest call site: 00441 /src/sudo/plugins/sudoers/./ldap_util.c:299

Runtime coverage analysis

Covered functions
84
Functions that are reachable but not covered
49
Reachable functions
133
Percentage of reachable functions covered
63.16%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
plugins/sudoers/./regress/fuzz/fuzz_sudoers_ldif.c 4
lib/util/./progname.c 4
lib/util/./basename.c 1
plugins/sudoers/./sudoers_debug.c 2
lib/util/./sudo_debug.c 12
lib/util/./fatal.c 2
plugins/sudoers/./defaults.c 8
lib/util/./logfac.c 1
lib/util/./logpri.c 1
plugins/sudoers/./locale.c 1
plugins/sudoers/./regress/fuzz/fuzz_stubs.c 1
plugins/sudoers/gram.y 11
plugins/sudoers/./parse_ldif.c 13
lib/util/./rcstr.c 3
plugins/sudoers/./alias.c 2
plugins/sudoers/./redblack.c 6
plugins/sudoers/./ldap_util.c 9
plugins/sudoers/./strlist.c 4
plugins/sudoers/./b64_decode.c 1
plugins/sudoers/./gentime.c 1
plugins/sudoers/./timeout.c 1
plugins/sudoers/./fmtsudoers.c 1
plugins/sudoers/./digestname.c 1

Fuzzer: fuzz_policy

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 115 41.6%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 161 58.3%
All colors 276 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
39 39 1 :

['defaults_warnx']

39 41 parse_default_entry call site: 00000 /src/sudo/plugins/sudoers/./defaults.c:304
33 33 1 :

['sudo_fatal_nodebug_v1']

33 33 _rs_stir call site: 00000 /src/sudo/lib/util/./arc4random.c:99
30 36 3 :

['__errno_location', 'sudo_warn_nodebug_v1', 'sudo_warn_gettext_v1']

30 342 sudoers_policy_close call site: 00000 /src/sudo/plugins/sudoers/./policy.c:1123
30 30 2 :

['setrlimit', 'sudo_warn_nodebug_v1']

30 32 unlimit_nproc call site: 00000 /src/sudo/plugins/sudoers/./sudoers.c:125
28 28 1 :

['sudo_warn_nodebug_v1']

28 30 restore_nproc call site: 00000 /src/sudo/plugins/sudoers/./sudoers.c:143
10 10 2 :

['fputs', 'putc']

12 14 warning call site: 00144 /src/sudo/lib/util/./fatal.c:192
8 50 4 :

['sudo_parseln_v2', 'strncmp', 'feof', '__ctype_b_loc']

14 101 env_file_next_local call site: 00000 /src/sudo/plugins/sudoers/./env.c:1275
6 6 4 :

['setlocale', 'strdup', 'strcmp', 'free']

6 8 sudoers_setlocale call site: 00000 /src/sudo/plugins/sudoers/./locale.c:117
4 6 3 :

['__errno_location', 'log_warning', 'audit_failure']

4 8 set_cmnd call site: 00000 /src/sudo/plugins/sudoers/./sudoers.c:1190
4 4 3 :

['free', 'getgrouplist', 'reallocarray']

4 10 sudo_getgrouplist2_v1 call site: 00000 /src/sudo/lib/util/./getgrouplist.c:104
2 48 2 :

['sudo_strtoid_v2', 'reallocarray']

8 68 sudo_make_gidlist_item call site: 00000 /src/sudo/plugins/sudoers/./pwutil_impl.c:254
2 34 3 :

['__errno_location', 'sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']

2 77 sudo_setenv2 call site: 00000 /src/sudo/plugins/sudoers/./env.c:454

Runtime coverage analysis

Covered functions
281
Functions that are reachable but not covered
40
Reachable functions
92
Percentage of reachable functions covered
56.52%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
plugins/sudoers/./regress/fuzz/fuzz_policy.c 8
lib/util/./progname.c 4
lib/util/./basename.c 1
plugins/sudoers/./sudoers_debug.c 2
lib/util/./sudo_debug.c 6
lib/util/./fatal.c 4
plugins/sudoers/./sudoers.c 2
plugins/sudoers/gram.y 14
lib/util/./rcstr.c 3
plugins/sudoers/./alias.c 2
plugins/sudoers/./redblack.c 2
plugins/sudoers/toke.l 1
lib/util/./lbuf.c 1
plugins/sudoers/toke.c 2
plugins/sudoers/./pwutil.c 9
plugins/sudoers/./canon_path.c 3
plugins/sudoers/./env.c 1
plugins/sudoers/./gc.c 3

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name Functions filename Arg count Args Function depth hitcount instr count bb count cyclomatic complexity Reachable functions Incoming references total cyclomatic complexity Unreached complexity
sudoers_policy_check /src/sudo/plugins/sudoers/./policy.c 7 ['int ', 'char **', 'char **', 'char ***', 'char ***', 'char ***', 'char **'] 12 0 152 21 7 294 0 1905 688
sudoers_policy_open /src/sudo/plugins/sudoers/./policy.c 8 ['int ', 'func_type *', 'func_type *', 'char **', 'char **', 'char **', 'char **', 'char **'] 11 0 231 37 12 343 0 1796 402
sudo_lbuf_append_esc_v1 /src/sudo/lib/util/./lbuf.c 3 ['struct.sudo_lbuf *', 'int ', 'char *'] 1 0 546 77 28 10 0 64 40

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers
74.0%
589 / 796
Cyclomatic complexity statically reachable by fuzzers
85.0%
4807 / 5631

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name Functions filename Args Function call depth Reached by Fuzzers Fuzzers runtime hit Func lines hit % I Count BB Count Cyclomatic complexity Functions reached Reached by functions Accumulated cyclomatic complexity Undiscovered complexity

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name Function total lines Lines covered at runtime percentage covered Reached by fuzzers
iolog_open 68 35 51.47% ['fuzz_iolog_timing']
iolog_openat 35 13 37.14% ['fuzz_iolog_timing']
logsrvd_conf_apply 115 11 9.565% ['fuzz_logsrvd_conf']
sudo_lbuf_expand 32 15 46.87% ['fuzz_sudoers']
check_pattern 52 12 23.07% ['fuzz_sudoers']
sudoers_format_cmndspec 50 20 40.0% ['fuzz_sudoers']
sudoersparse 1568 433 27.61% ['fuzz_sudoers']
parser_leak_free 74 23 31.08% ['fuzz_sudoers', 'fuzz_policy']
user_matches 36 14 38.88% ['fuzz_sudoers']
runaslist_matches 116 14 12.06% ['fuzz_sudoers']
host_matches 39 16 41.02% ['fuzz_sudoers']
command_matches 94 35 37.23% ['fuzz_sudoers']
set_cmnd_fd 31 8 25.80% ['fuzz_sudoers']
digest_matches 70 11 15.71% ['fuzz_sudoers']
sudoers_lookup_pseudo 95 52 54.73% ['fuzz_sudoers']
apply_cmndspec 84 17 20.23% ['fuzz_sudoers']
display_bound_defaults_by_type 50 23 46.0% ['fuzz_sudoers']
display_priv_long 109 54 49.54% ['fuzz_sudoers']
sudo_set_gidlist 37 19 51.35% ['fuzz_sudoers']
rbdelete 33 16 48.48% ['fuzz_sudoers']
rbrepair 57 7 12.28% ['fuzz_sudoers']
sudoerslex 1145 409 35.72% ['fuzz_sudoers']
pop_include 42 6 14.28% ['fuzz_sudoers']
wordsplit 38 20 52.63% []
egid=runas_gr?(unsignedint)runas_gr->gr_gid 194 101 52.06%

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file Reached by Covered by
[] []
/src/sudo/plugins/sudoers/./timeout.c ['fuzz_sudoers', 'fuzz_sudoers_ldif'] []
/src/sudo/lib/iolog/./iolog_legacy.c ['fuzz_iolog_legacy'] []
/src/sudo/plugins/sudoers/./canon_path.c ['fuzz_policy'] []
/src/sudo/lib/iolog/./regress/fuzz/fuzz_iolog_timing.c ['fuzz_iolog_timing'] []
/src/sudo/plugins/sudoers/./env.c ['fuzz_policy'] []
/src/sudo/lib/eventlog/./eventlog_free.c ['fuzz_iolog_legacy', 'fuzz_iolog_json'] []
/src/sudo/plugins/sudoers/./iolog_path_escapes.c [] []
/src/sudo/lib/util/./gidlist.c [] []
/src/sudo/lib/util/./hexchar.c ['fuzz_iolog_json', 'fuzz_sudoers'] []
/src/sudo/plugins/sudoers/./match.c ['fuzz_sudoers'] []
/src/sudo/lib/iolog/./iolog_gets.c ['fuzz_iolog_timing'] []
/src/sudo/lib/util/./uuid.c [] []
/src/sudo/plugins/sudoers/./match_digest.c ['fuzz_sudoers'] []
/src/sudo/lib/util/./digest_openssl.c ['fuzz_sudoers'] []
/src/sudo/plugins/sudoers/./sudoers.c ['fuzz_policy'] []
/src/sudo/lib/iolog/./iolog_conf.c ['fuzz_iolog_timing', 'fuzz_logsrvd_conf'] []
/src/sudo/lib/util/./roundup.c ['fuzz_sudoers'] []
/src/sudo/lib/util/./logpri.c ['fuzz_logsrvd_conf', 'fuzz_sudoers', 'fuzz_sudoers_ldif'] []
/src/sudo/lib/util/./fatal.c ['fuzz_iolog_legacy', 'fuzz_iolog_timing', 'fuzz_sudo_conf', 'fuzz_iolog_json', 'fuzz_logsrvd_conf', 'fuzz_sudoers', 'fuzz_sudoers_ldif', 'fuzz_policy'] []
/src/sudo/plugins/sudoers/./sudoers_debug.c ['fuzz_sudoers', 'fuzz_sudoers_ldif', 'fuzz_policy'] []
/src/sudo/lib/util/./progname.c ['fuzz_iolog_legacy', 'fuzz_iolog_timing', 'fuzz_sudo_conf', 'fuzz_iolog_json', 'fuzz_logsrvd_conf', 'fuzz_sudoers', 'fuzz_sudoers_ldif', 'fuzz_policy'] []
/src/sudo/logsrvd/./regress/fuzz/fuzz_logsrvd_conf.c ['fuzz_logsrvd_conf'] []
/src/sudo/lib/iolog/./iolog_json.c ['fuzz_iolog_json'] []
/src/sudo/lib/util/./regress/fuzz/fuzz_sudo_conf.c ['fuzz_sudo_conf'] []
/src/sudo/lib/util/./logfac.c ['fuzz_logsrvd_conf', 'fuzz_sudoers', 'fuzz_sudoers_ldif'] []
/src/sudo/plugins/sudoers/./alias.c ['fuzz_sudoers', 'fuzz_sudoers_ldif', 'fuzz_policy'] []
/src/sudo/lib/util/./chacha_private.h ['fuzz_iolog_timing', 'fuzz_sudo_conf', 'fuzz_logsrvd_conf'] []
/src/sudo/plugins/sudoers/./strlcpy_unesc.c [] []
/src/sudo/lib/iolog/./iolog_eof.c ['fuzz_iolog_timing'] []
/src/sudo/lib/util/./sudo_debug.c ['fuzz_iolog_legacy', 'fuzz_iolog_timing', 'fuzz_sudo_conf', 'fuzz_iolog_json', 'fuzz_logsrvd_conf', 'fuzz_sudoers', 'fuzz_sudoers_ldif', 'fuzz_policy'] []
/src/sudo/lib/iolog/./iolog_openat.c ['fuzz_iolog_timing'] []
/src/sudo/lib/util/./basename.c ['fuzz_iolog_legacy', 'fuzz_iolog_timing', 'fuzz_sudo_conf', 'fuzz_iolog_json', 'fuzz_logsrvd_conf', 'fuzz_sudoers', 'fuzz_sudoers_ldif', 'fuzz_policy'] []
/src/sudo/plugins/sudoers/./check_aliases.c ['fuzz_sudoers'] []
/src/sudo/plugins/sudoers/./parse_ldif.c ['fuzz_sudoers_ldif'] []
/src/sudo/plugins/sudoers/./editor.c [] []
/src/sudo/lib/iolog/./regress/fuzz/fuzz_iolog_legacy.c ['fuzz_iolog_legacy'] []
/src/sudo/lib/util/./arc4random.c ['fuzz_iolog_timing', 'fuzz_sudo_conf', 'fuzz_logsrvd_conf'] []
/src/sudo/plugins/sudoers/./pwutil.c ['fuzz_sudoers', 'fuzz_policy'] []
/src/sudo/lib/util/./secure_path.c ['fuzz_logsrvd_conf', 'fuzz_sudoers'] []
/src/sudo/lib/util/./lbuf.c ['fuzz_sudoers', 'fuzz_policy'] []
/src/sudo/lib/util/./regex.c ['fuzz_sudoers'] []
/src/sudo/lib/util/./strtomode.c ['fuzz_sudoers'] []
/src/sudo/plugins/sudoers/./exptilde.c ['fuzz_sudoers'] []
/src/sudo/lib/util/./strsplit.c ['fuzz_logsrvd_conf', 'fuzz_sudoers'] []
/src/sudo/plugins/sudoers/./parse.c ['fuzz_sudoers'] []
/src/sudo/plugins/sudoers/./regress/fuzz/fuzz_stubs.c ['fuzz_sudoers', 'fuzz_sudoers_ldif'] []
/src/sudo/plugins/sudoers/./gc.c ['fuzz_policy'] []
/src/sudo/plugins/sudoers/./policy.c [] []
/src/sudo/lib/util/./str2sig.c ['fuzz_iolog_timing'] []
/src/sudo/lib/iolog/./iolog_close.c ['fuzz_iolog_timing'] []
/src/sudo/lib/iolog/./iolog_util.c ['fuzz_iolog_timing'] []
/src/sudo/lib/util/./rcstr.c ['fuzz_logsrvd_conf', 'fuzz_sudoers', 'fuzz_sudoers_ldif', 'fuzz_policy'] []
/src/sudo/plugins/sudoers/gram.y ['fuzz_sudoers', 'fuzz_sudoers_ldif', 'fuzz_policy'] ['fuzz_sudoers', 'fuzz_sudoers_ldif', 'fuzz_policy']
/src/sudo/plugins/sudoers/./toke_util.c ['fuzz_sudoers'] []
/src/sudo/lib/util/./strtobool.c [] []
/src/sudo/lib/iolog/./regress/fuzz/fuzz_iolog_json.c ['fuzz_iolog_json'] []
/src/sudo/lib/iolog/./iolog_filter.c ['fuzz_logsrvd_conf'] []
/src/sudo/plugins/sudoers/./locale.c ['fuzz_sudoers', 'fuzz_sudoers_ldif'] []
/src/sudo/plugins/sudoers/toke.c ['fuzz_sudoers', 'fuzz_policy'] ['fuzz_sudoers']
/src/sudo/lib/util/./strtoid.c ['fuzz_sudoers'] []
/src/sudo/logsrvd/./logsrvd_conf.c ['fuzz_logsrvd_conf'] []
/src/sudo/logsrvd/./tls_init.c ['fuzz_logsrvd_conf'] []
/src/sudo/plugins/sudoers/toke.l ['fuzz_sudoers', 'fuzz_policy'] ['fuzz_sudoers', 'fuzz_policy']
/src/sudo/plugins/sudoers/./pwutil_impl.c [] []
/src/sudo/plugins/sudoers/./regress/fuzz/fuzz_policy.c ['fuzz_policy'] []
/src/sudo/lib/eventlog/./eventlog_conf.c ['fuzz_logsrvd_conf'] []
/src/sudo/lib/iolog/./iolog_timing.c ['fuzz_iolog_timing'] []
/src/sudo/lib/util/./mktemp.c ['fuzz_iolog_timing', 'fuzz_sudo_conf', 'fuzz_logsrvd_conf'] []
/src/sudo/lib/util/./strlcpy.c ['fuzz_sudo_conf', 'fuzz_logsrvd_conf', 'fuzz_sudoers'] []
/src/sudo/lib/util/./getgrouplist.c [] []
/src/sudo/lib/util/./gettime.c [] []
/src/sudo/plugins/sudoers/./regress/fuzz/fuzz_sudoers_ldif.c ['fuzz_sudoers_ldif'] []
/src/sudo/plugins/sudoers/./strlist.c ['fuzz_sudoers_ldif'] []
/src/sudo/plugins/sudoers/./env_pattern.c [] []
/src/sudo/lib/iolog/./iolog_open.c ['fuzz_iolog_timing'] []
/src/sudo/plugins/sudoers/./b64_decode.c ['fuzz_sudoers', 'fuzz_sudoers_ldif'] []
/src/sudo/lib/util/./key_val.c [] []
/src/sudo/plugins/sudoers/./gentime.c ['fuzz_sudoers', 'fuzz_sudoers_ldif'] []
/src/sudo/plugins/sudoers/./defaults.c ['fuzz_sudoers', 'fuzz_sudoers_ldif'] []
/src/sudo/plugins/sudoers/./filedigest.c ['fuzz_sudoers'] []
/src/sudo/lib/util/./parseln.c ['fuzz_sudo_conf', 'fuzz_logsrvd_conf'] []
/src/sudo/plugins/sudoers/./strvec_join.c [] []
/src/sudo/plugins/sudoers/./fmtsudoers.c ['fuzz_sudoers', 'fuzz_sudoers_ldif'] []
/src/sudo/lib/util/./strtonum.c ['fuzz_iolog_legacy', 'fuzz_iolog_timing', 'fuzz_iolog_json', 'fuzz_logsrvd_conf', 'fuzz_sudoers'] []
/src/sudo/plugins/sudoers/./sudoers_hooks.c [] []
/src/sudo/plugins/sudoers/./match_addr.c ['fuzz_sudoers'] []
/src/sudo/lib/util/./strlcat.c [] []
/src/sudo/lib/iolog/./host_port.c ['fuzz_logsrvd_conf'] []
/src/sudo/lib/util/./sudo_conf.c ['fuzz_sudo_conf'] []
/src/sudo/lib/eventlog/./parse_json.c ['fuzz_iolog_json'] []
/src/sudo/plugins/sudoers/./digestname.c ['fuzz_sudoers', 'fuzz_sudoers_ldif'] []
/src/sudo/plugins/sudoers/./redblack.c ['fuzz_sudoers', 'fuzz_sudoers_ldif', 'fuzz_policy'] []
/src/sudo/plugins/sudoers/./match_command.c ['fuzz_sudoers'] []
/src/sudo/plugins/sudoers/./ldap_util.c ['fuzz_sudoers_ldif'] []
/src/sudo/plugins/sudoers/./regress/fuzz/fuzz_sudoers.c ['fuzz_sudoers'] []
/src/sudo/plugins/sudoers/./serialize_list.c [] []
/src/sudo/plugins/sudoers/gram.c ['fuzz_sudoers'] ['fuzz_sudoers']

Directories in report

Directory
/src/sudo/logsrvd/./regress/fuzz/
/src/sudo/lib/util/./regress/fuzz/
/src/sudo/logsrvd/./
/src/sudo/lib/iolog/./regress/fuzz/
/src/sudo/plugins/sudoers/./
/src/sudo/lib/util/./
/src/sudo/plugins/sudoers/
/src/sudo/plugins/sudoers/./regress/fuzz/
/src/sudo/lib/eventlog/./
/src/sudo/lib/iolog/./

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file
fuzz_iolog_legacy fuzzerLogFile-0-Y1XijHNHyC.data fuzzerLogFile-0-Y1XijHNHyC.data.yaml fuzz_iolog_legacy.covreport
fuzz_iolog_timing fuzzerLogFile-0-np6LxOl86o.data fuzzerLogFile-0-np6LxOl86o.data.yaml fuzz_iolog_timing.covreport
fuzz_sudo_conf fuzzerLogFile-0-XFL4LbK72K.data fuzzerLogFile-0-XFL4LbK72K.data.yaml fuzz_sudo_conf.covreport
fuzz_iolog_json fuzzerLogFile-0-keahwD3ZNP.data fuzzerLogFile-0-keahwD3ZNP.data.yaml fuzz_iolog_json.covreport
fuzz_logsrvd_conf fuzzerLogFile-0-1SkhUvP9ly.data fuzzerLogFile-0-1SkhUvP9ly.data.yaml fuzz_logsrvd_conf.covreport
fuzz_sudoers fuzzerLogFile-0-69juJqKADG.data fuzzerLogFile-0-69juJqKADG.data.yaml fuzz_sudoers.covreport
fuzz_sudoers_ldif fuzzerLogFile-0-ehaIftXX3a.data fuzzerLogFile-0-ehaIftXX3a.data.yaml fuzz_sudoers_ldif.covreport
fuzz_policy fuzzerLogFile-0-t63eePmEL7.data fuzzerLogFile-0-t63eePmEL7.data.yaml fuzz_policy.covreport