High level conclusions

Fuzzers reach 61.07% code coverage.

Fuzzers reach 64.58% of cyclomatic complexity.

Fuzzers reach 56.30% of all functions.

Reachability and coverage overview

Functions statically reachable by fuzzers

460 / 817

Cyclomatic complexity statically reachable by fuzzers

3848 / 5958

Runtime code coverage of functions

499 / 817

Warning: The number of runtime covered functions are larger than the number of reachable functions. This means that Fuzz Introspector found there are more functions covered at runtime than what is considered reachable based on the static analysis. This is a limitation in the analysis as anything covered at runtime is by definition reachable by the fuzzers.
This is likely due to a limitation in the static analysis. In this case, the count of functions covered at runtime is the true value, which means this is what should be considered "achieved" by the fuzzer.

Use the project functions table below to query all functions that were not covered at runtime.

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer: fuzz_iolog_legacy

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	24	26.6%
gold	[1:9]	7	7.77%
yellow	[10:29]	4	4.44%
greenyellow	[30:49]	3	3.33%
lawngreen	50+	52	57.7%
All colors	90	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
29	41	2 : View List ['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']	29	41	iolog_parse_loginfo_legacy	call site: 00076	/src/sudo/lib/iolog/./iolog_legacy.c:133
29	41	2 : View List ['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']	29	41	iolog_parse_loginfo_legacy	call site: 00079	/src/sudo/lib/iolog/./iolog_legacy.c:139
10	10	2 : View List ['fputs', 'putc']	12	14	warning	call site: 00025	/src/sudo/lib/util/./fatal.c:192
5	5	1 : View List ['sudo_basename_v1']	14	14	initprogname2	call site: 00003	/src/sudo/lib/util/./progname.c:67
2	2	1 : View List ['strcmp']	9	9	initprogname2	call site: 00004	/src/sudo/lib/util/./progname.c:79
0	0	None	29	41	iolog_parse_loginfo_legacy	call site: 00059	/src/sudo/lib/iolog/./iolog_legacy.c:100
0	0	None	29	41	iolog_parse_loginfo_legacy	call site: 00066	/src/sudo/lib/iolog/./iolog_legacy.c:111
0	0	None	29	41	iolog_parse_loginfo_legacy	call site: 00072	/src/sudo/lib/iolog/./iolog_legacy.c:123
0	0	None	12	16	warning	call site: 00025	/src/sudo/lib/util/./fatal.c:189
0	0	None	6	6	sudo_strtonumx	call site: 00044	/src/sudo/lib/util/./strtonum.c:55
0	0	None	6	6	sudo_strtonumx	call site: 00047	/src/sudo/lib/util/./strtonum.c:110
0	0	None	2	2	sudo_warn_gettext_v1	call site: 00019	/src/sudo/lib/util/./fatal.c:334

Runtime coverage analysis

Covered functions

15

Functions that are reachable but not covered

24

Reachable functions

39

Percentage of reachable functions covered

38.46%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
lib/iolog/./regress/fuzz/fuzz_iolog_legacy.c	3
lib/util/./progname.c	4
lib/util/./basename.c	1
lib/util/./fatal.c	5
lib/iolog/./iolog_legacy.c	1
lib/util/./strtonum.c	2
lib/util/./sudo_debug.c	1
lib/eventlog/./eventlog_free.c	1

Fuzzer: fuzz_iolog_timing

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	86	48.3%
gold	[1:9]	5	2.80%
yellow	[10:29]	8	4.49%
greenyellow	[30:49]	1	0.56%
lawngreen	50+	78	43.8%
All colors	178	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
36	36	1 : View List ['sudo_fatal_nodebug_v1']	36	36	_rs_stir	call site: 00023	/src/sudo/lib/util/./arc4random.c:99
10	89	4 : View List ['__errno_location', 'openat', 'sudo_arc4random_buf', 'mkdirat']	10	89	mktemp_internal	call site: 00052	/src/sudo/lib/util/./mktemp.c:111
10	10	2 : View List ['fputs', 'putc']	12	14	warning	call site: 00028	/src/sudo/lib/util/./fatal.c:192
8	8	3 : View List ['openat', 'iolog_swapids', 'close']	10	10	iolog_openat	call site: 00075	/src/sudo/lib/iolog/./iolog_openat.c:74
6	6	2 : View List ['__errno_location', 'close']	6	6	iolog_open	call site: 00087	/src/sudo/lib/iolog/./iolog_open.c:102
5	5	1 : View List ['sudo_basename_v1']	14	14	initprogname2	call site: 00003	/src/sudo/lib/util/./progname.c:67
4	6	3 : View List ['iolog_get_compress', 'fchown', 'sudo_debug_printf2_v1']	16	18	iolog_open	call site: 00066	/src/sudo/lib/iolog/./iolog_open.c:80
4	4	2 : View List ['fchmodat', 'fstatat']	18	18	iolog_openat	call site: 00071	/src/sudo/lib/iolog/./iolog_openat.c:63
2	2	1 : View List ['strcmp']	9	9	initprogname2	call site: 00004	/src/sudo/lib/util/./progname.c:79
2	2	1 : View List ['unlinkat']	2	2	iolog_open	call site: 00065	/src/sudo/lib/iolog/./iolog_open.c:77
0	35	2 : View List ['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']	0	35	iolog_read_timing_record	call site: 00103	/src/sudo/lib/iolog/./iolog_timing.c:259
0	0	None	12	16	warning	call site: 00028	/src/sudo/lib/util/./fatal.c:189

Runtime coverage analysis

Covered functions

36

Functions that are reachable but not covered

55

Reachable functions

91

Percentage of reachable functions covered

39.56%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
lib/iolog/./regress/fuzz/fuzz_iolog_timing.c	3
lib/util/./progname.c	4
lib/util/./basename.c	1
lib/util/./fatal.c	6
lib/util/./mktemp.c	2
lib/util/./arc4random.c	6
lib/util/./chacha_private.h	3
lib/iolog/./iolog_open.c	1
lib/iolog/./iolog_conf.c	5
lib/util/./sudo_debug.c	1
lib/iolog/./iolog_util.c	1
lib/iolog/./iolog_openat.c	1
lib/iolog/./iolog_timing.c	3
lib/iolog/./iolog_gets.c	1
lib/iolog/./iolog_eof.c	1
lib/util/./strtonum.c	2
lib/util/./str2sig.c	1
lib/iolog/./iolog_close.c	1

Fuzzer: fuzz_iolog_json

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	21	14.8%
gold	[1:9]	22	15.6%
yellow	[10:29]	16	11.3%
greenyellow	[30:49]	2	1.41%
lawngreen	50+	80	56.7%
All colors	141	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
10	10	2 : View List ['fputs', 'putc']	12	14	warning	call site: 00025	/src/sudo/lib/util/./fatal.c:192
2	2	1 : View List ['strcmp']	9	9	initprogname2	call site: 00004	/src/sudo/lib/util/./progname.c:79
0	41	2 : View List ['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']	0	41	json_array_to_strvec	call site: 00000	/src/sudo/lib/eventlog/./parse_json.c:184
0	41	2 : View List ['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']	0	41	new_json_item	call site: 00042	/src/sudo/lib/eventlog/./parse_json.c:499
0	41	2 : View List ['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']	0	41	json_parse_string	call site: 00059	/src/sudo/lib/eventlog/./parse_json.c:530
0	35	2 : View List ['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']	0	35	eventlog_json_parse	call site: 00126	/src/sudo/lib/eventlog/./parse_json.c:644
0	0	None	22	1259	eventlog_json_read	call site: 00077	/src/sudo/lib/eventlog/./parse_json.c:964
0	0	None	22	1259	eventlog_json_read	call site: 00085	/src/sudo/lib/eventlog/./parse_json.c:986
0	0	None	22	1259	eventlog_json_read	call site: 00092	/src/sudo/lib/eventlog/./parse_json.c:1008
0	0	None	22	1259	eventlog_json_read	call site: 00112	/src/sudo/lib/eventlog/./parse_json.c:1038
0	0	None	12	16	warning	call site: 00025	/src/sudo/lib/util/./fatal.c:189
0	0	None	10	10	sudo_strtonumx	call site: 00101	/src/sudo/lib/util/./strtonum.c:89

Runtime coverage analysis

Covered functions

58

Functions that are reachable but not covered

21

Reachable functions

48

Percentage of reachable functions covered

56.25%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
lib/iolog/./regress/fuzz/fuzz_iolog_json.c	3
lib/util/./progname.c	4
lib/util/./basename.c	1
lib/util/./fatal.c	4
lib/iolog/./iolog_json.c	1
lib/eventlog/./parse_json.c	11
lib/util/./hexchar.c	1
lib/util/./strtonum.c	2
lib/util/./sudo_debug.c	1
lib/eventlog/./eventlog_free.c	1

Fuzzer: fuzz_sudo_conf

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	59	42.7%
gold	[1:9]	12	8.69%
yellow	[10:29]	2	1.44%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	65	47.1%
All colors	138	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
36	36	1 : View List ['sudo_fatal_nodebug_v1']	36	36	_rs_stir	call site: 00025	/src/sudo/lib/util/./arc4random.c:99
31	37	2 : View List ['sudo_warn_gettext_v1', 'sudo_warn_nodebug_v1']	37	43	sudo_conf_read_v1	call site: 00079	/src/sudo/lib/util/./sudo_conf.c:734
10	89	4 : View List ['__errno_location', 'openat', 'sudo_arc4random_buf', 'mkdirat']	10	89	mktemp_internal	call site: 00053	/src/sudo/lib/util/./mktemp.c:107
10	10	2 : View List ['fputs', 'putc']	12	14	warning	call site: 00030	/src/sudo/lib/util/./fatal.c:192
5	5	1 : View List ['sudo_basename_v1']	14	14	initprogname2	call site: 00005	/src/sudo/lib/util/./progname.c:67
2	2	1 : View List ['__errno_location']	39	39	sudo_conf_read_v1	call site: 00073	/src/sudo/lib/util/./sudo_conf.c:682
2	2	1 : View List ['strcmp']	9	9	initprogname2	call site: 00006	/src/sudo/lib/util/./progname.c:79
2	2	1 : View List ['close']	4	4	sudo_conf_read_v1	call site: 00097	/src/sudo/lib/util/./sudo_conf.c:781
2	2	1 : View List ['setlocale']	2	2	sudo_conf_read_v1	call site: 00099	/src/sudo/lib/util/./sudo_conf.c:788
0	41	3 : View List ['sudo_warnx_nodebug_v1', 'free', 'sudo_warn_gettext_v1']	0	41	parse_debug	call site: 00000	/src/sudo/lib/util/./sudo_conf.c:298
0	41	2 : View List ['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']	0	41	parse_path	call site: 00000	/src/sudo/lib/util/./sudo_conf.c:217
0	41	3 : View List ['sudo_warnx_nodebug_v1', 'free', 'sudo_warn_gettext_v1']	0	41	parse_plugin	call site: 00000	/src/sudo/lib/util/./sudo_conf.c:373

Runtime coverage analysis

Covered functions

52

Functions that are reachable but not covered

37

Reachable functions

76

Percentage of reachable functions covered

51.32%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
lib/util/./regress/fuzz/fuzz_sudo_conf.c	2
lib/util/./sudo_conf.c	15
lib/util/./progname.c	4
lib/util/./basename.c	1
lib/util/./fatal.c	7
lib/util/./mktemp.c	2
lib/util/./arc4random.c	6
lib/util/./chacha_private.h	3
lib/util/./strlcpy.c	1
lib/util/./parseln.c	1
lib/util/./roundup.c	1
lib/util/./sudo_debug.c	1

Fuzzer: fuzz_logsrvd_conf

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	325	67.7%
gold	[1:9]	10	2.08%
yellow	[10:29]	10	2.08%
greenyellow	[30:49]	2	0.41%
lawngreen	50+	133	27.7%
All colors	480	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
36	36	1 : View List ['sudo_fatal_nodebug_v1']	36	36	_rs_stir	call site: 00023	/src/sudo/lib/util/./arc4random.c:99
33	33	2 : View List ['__errno_location', 'sudo_warn_nodebug_v1']	35	520	logsrvd_conf_read	call site: 00150	/src/sudo/logsrvd/./logsrvd_conf.c:1885
26	26	1 : View List ['sudo_open_conf_path_v1']	63	645	logsrvd_conf_read	call site: 00059	/src/sudo/logsrvd/./logsrvd_conf.c:1874
10	89	4 : View List ['__errno_location', 'openat', 'sudo_arc4random_buf', 'mkdirat']	10	89	mktemp_internal	call site: 00051	/src/sudo/lib/util/./mktemp.c:107
10	10	2 : View List ['fputs', 'putc']	12	14	warning	call site: 00028	/src/sudo/lib/util/./fatal.c:192
10	10	5 : View List ['htons', 'strdup', 'free', 'inet_pton', 'calloc']	10	10	getaddrinfo	call site: 00233	/src/sudo/logsrvd/./regress/fuzz/fuzz_logsrvd_conf.c:110
5	5	1 : View List ['sudo_basename_v1']	14	14	initprogname2	call site: 00003	/src/sudo/lib/util/./progname.c:67
4	33	3 : View List ['sudo_warnx_nodebug_v1', 'malloc', 'sudo_rcstr_addref']	7	56	append_address	call site: 00220	/src/sudo/logsrvd/./logsrvd_conf.c:548
3	3	1 : View List ['freeaddrinfo']	3	3	append_address	call site: 00248	/src/sudo/logsrvd/./logsrvd_conf.c:572
2	2	1 : View List ['strcmp']	9	9	initprogname2	call site: 00004	/src/sudo/lib/util/./progname.c:79
2	2	1 : View List ['SSL_CTX_free']	4	14	logsrvd_conf_free	call site: 00133	/src/sudo/logsrvd/./logsrvd_conf.c:1572
2	2	1 : View List ['fclose']	2	2	logsrvd_conf_free	call site: 00135	/src/sudo/logsrvd/./logsrvd_conf.c:1584

Runtime coverage analysis

Covered functions

89

Functions that are reachable but not covered

126

Reachable functions

183

Percentage of reachable functions covered

31.15%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
logsrvd/./regress/fuzz/fuzz_logsrvd_conf.c	5
lib/util/./progname.c	4
lib/util/./basename.c	1
lib/util/./fatal.c	8
lib/util/./mktemp.c	2
lib/util/./arc4random.c	6
lib/util/./chacha_private.h	3
logsrvd/./logsrvd_conf.c	40
lib/util/./logfac.c	1
lib/util/./logpri.c	1
lib/util/./rcstr.c	4
lib/iolog/./iolog_filter.c	4
lib/util/./strlcpy.c	1
lib/util/./secure_path.c	1
lib/util/./strsplit.c	1
lib/util/./parseln.c	1
lib/util/./roundup.c	1
lib/util/./sudo_debug.c	1
lib/iolog/./host_port.c	1
lib/util/./strtonum.c	2
logsrvd/./tls_init.c	5
lib/iolog/./iolog_conf.c	6
lib/eventlog/./eventlog_conf.c	10

Fuzzer: fuzz_sudoers_ldif

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	145	34.0%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	281	65.9%
All colors	426	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
34	46	2 : View List ['sudo_warn_gettext_v1', 'sudo_fatalx_nodebug_v1']	34	46	ldif_parse_attribute	call site: 00152	/src/sudo/plugins/sudoers/./parse_ldif.c:151
34	46	2 : View List ['sudo_warn_gettext_v1', 'sudo_fatalx_nodebug_v1']	34	46	ldif_store_string	call site: 00185	/src/sudo/plugins/sudoers/./parse_ldif.c:182
34	46	2 : View List ['sudo_warn_gettext_v1', 'sudo_fatalx_nodebug_v1']	34	46	ldif_to_sudoers	call site: 00220	/src/sudo/plugins/sudoers/./parse_ldif.c:483
34	46	2 : View List ['sudo_warn_gettext_v1', 'sudo_fatalx_nodebug_v1']	34	46	role_to_sudoers	call site: 00392	/src/sudo/plugins/sudoers/./parse_ldif.c:425
10	10	2 : View List ['fputs', 'putc']	12	14	warning	call site: 00028	/src/sudo/lib/util/./fatal.c:192
6	47	5 : View List ['strncmp', 'sudo_warn_gettext_v1', 'sudo_warnx_nodebug_v1', 'strndup', 'calloc']	6	47	list_op	call site: 00020	/src/sudo/plugins/sudoers/./defaults.c:1219
5	5	1 : View List ['sudo_ldap_new_member_all']	67	805	sudo_ldap_role_to_priv	call site: 00254	/src/sudo/plugins/sudoers/./ldap_util.c:378
5	5	1 : View List ['sudo_basename_v1']	14	14	initprogname2	call site: 00005	/src/sudo/lib/util/./progname.c:67
2	2	1 : View List ['strcmp']	9	9	initprogname2	call site: 00006	/src/sudo/lib/util/./progname.c:79
0	41	3 : View List ['sudo_warnx_nodebug_v1', 'free', 'sudo_warn_gettext_v1']	0	41	init_passprompt_regex	call site: 00075	/src/sudo/plugins/sudoers/./defaults.c:455
0	41	3 : View List ['sudo_warnx_nodebug_v1', 'free', 'sudo_warn_gettext_v1']	0	41	sudo_ldap_extract_digest	call site: 00370	/src/sudo/plugins/sudoers/./ldap_util.c:299
0	12	1 : View List ['sudo_role_free']	0	12	sudo_role_alloc	call site: 00172	/src/sudo/plugins/sudoers/./parse_ldif.c:90

Runtime coverage analysis

Covered functions

76

Functions that are reachable but not covered

50

Reachable functions

126

Percentage of reachable functions covered

60.32%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
plugins/sudoers/./regress/fuzz/fuzz_sudoers_ldif.c	4
lib/util/./progname.c	4
lib/util/./basename.c	1
plugins/sudoers/./sudoers_debug.c	2
lib/util/./sudo_debug.c	4
lib/util/./fatal.c	6
plugins/sudoers/./defaults.c	8
lib/util/./logfac.c	1
lib/util/./logpri.c	1
plugins/sudoers/./locale.c	1
plugins/sudoers/./regress/fuzz/fuzz_stubs.c	1
plugins/sudoers/gram.y	11
plugins/sudoers/./parse_ldif.c	13
plugins/sudoers/./redblack.c	6
plugins/sudoers/./ldap_util.c	9
plugins/sudoers/./strlist.c	4
plugins/sudoers/./b64_decode.c	1
plugins/sudoers/./gentime.c	1
lib/util/./rcstr.c	3
plugins/sudoers/./timeout.c	1
plugins/sudoers/./fmtsudoers.c	1
plugins/sudoers/./digestname.c	1
plugins/sudoers/./alias.c	2

Fuzzer: fuzz_sudoers

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	1429	84.5%
gold	[1:9]	201	11.8%
yellow	[10:29]	25	1.47%
greenyellow	[30:49]	12	0.71%
lawngreen	50+	23	1.36%
All colors	1690	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
130	130	3 : View List ['sudo_warnx_nodebug_v1', 'sudo_getpwuid', 'sudo_warn_gettext_v1']	1979	1986	sudoers_lookup_pseudo	call site: 01273	/src/sudo/plugins/sudoers/./lookup.c:76
115	145	8 : View List ['sudo_warn_nodebug_v1', '__errno_location', 'strlen', 'sudo_warn_gettext_v1', 'sudo_strlcpy', 'sudo_warnx_nodebug_v1', 'calloc', 'rbinsert']	115	147	sudo_getpwnam	call site: 00869	/src/sudo/plugins/sudoers/./pwutil.c:297
115	145	8 : View List ['sudo_warn_nodebug_v1', '__errno_location', 'strlen', 'sudo_warn_gettext_v1', 'sudo_strlcpy', 'sudo_warnx_nodebug_v1', 'calloc', 'rbinsert']	115	147	sudo_getgrnam	call site: 00893	/src/sudo/plugins/sudoers/./pwutil.c:614
47	98	8 : View List ['strcmp', 'sudoers_strict', 'strdup', 'sudoerserror', 'strrchr', 'sudo_warn_gettext_v1', 'sudo_warnx_nodebug_v1', 'free']	47	138	fill_cmnd	call site: 00384	/src/sudo/plugins/sudoers/./toke_util.c:141
47	47	5 : View List ['strncmp', 'sudo_warn_gettext_v1', 'sudo_warnx_nodebug_v1', 'strndup', 'calloc']	47	47	list_op	call site: 00154	/src/sudo/plugins/sudoers/./defaults.c:1219
41	90	3 : View List ['sudo_warnx_nodebug_v1', 'sudoerserror', 'sudo_warn_gettext_v1']	41	90	fill	call site: 00281	/src/sudo/plugins/sudoers/./toke_util.c:79
41	90	4 : View List ['sudo_warnx_nodebug_v1', 'free', 'sudoerserror', 'sudo_warn_gettext_v1']	41	90	append	call site: 00310	/src/sudo/plugins/sudoers/./toke_util.c:105
41	41	2 : View List ['sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']	41	41	check_aliases	call site: 01609	/src/sudo/plugins/sudoers/./check_aliases.c:127
41	41	3 : View List ['sudo_warnx_nodebug_v1', 'free', 'sudo_warn_gettext_v1']	41	41	init_passprompt_regex	call site: 00192	/src/sudo/plugins/sudoers/./defaults.c:455
35	124	5 : View List ['sudo_warnx_nodebug_v1', 'sudoerserror', 'free', 'parser_leak_remove', 'sudo_warn_gettext_v1']	35	124	fill_args	call site: 00324	/src/sudo/plugins/sudoers/./toke_util.c:217
34	34	2 : View List ['sudo_pwutil_get_max_groups', 'sudo_getgrouplist2_v1']	42	48	sudo_make_gidlist_item	call site: 00000	/src/sudo/plugins/sudoers/./pwutil_impl.c:256
29	29	1 : View List ['sudo_warnx_nodebug_v1']	41	41	sudo_mkpwent	call site: 00095	/src/sudo/plugins/sudoers/./pwutil.c:367

Runtime coverage analysis

Covered functions

129

Functions that are reachable but not covered

257

Reachable functions

383

Percentage of reachable functions covered

32.9%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
plugins/sudoers/./regress/fuzz/fuzz_sudoers.c	9
lib/util/./progname.c	4
lib/util/./basename.c	1
plugins/sudoers/./sudoers_debug.c	2
lib/util/./sudo_debug.c	5
lib/util/./fatal.c	6
plugins/sudoers/./locale.c	3
plugins/sudoers/./pwutil.c	26
plugins/sudoers/./redblack.c	11
lib/util/./strlcpy.c	1
plugins/sudoers/./regress/fuzz/fuzz_stubs.c	6
plugins/sudoers/gram.y	32
plugins/sudoers/./defaults.c	30
lib/util/./logfac.c	1
lib/util/./logpri.c	1
lib/util/./rcstr.c	4
plugins/sudoers/./alias.c	15
plugins/sudoers/toke.l	11
lib/util/./lbuf.c	8
plugins/sudoers/toke.c	16
plugins/sudoers/gram.c	2
plugins/sudoers/./toke_util.c	6
lib/util/./hexchar.c	1
lib/util/./regex.c	3
lib/util/./digest_openssl.c	6
lib/util/./strsplit.c	1
lib/util/./secure_path.c	3
plugins/sudoers/./parser_warnx.c	2
plugins/sudoers/./gentime.c	1
plugins/sudoers/./timeout.c	1
plugins/sudoers/./match.c	19
lib/util/./gethostname.c	1
lib/util/./strtoid.c	3
lib/util/./strtonum.c	2
plugins/sudoers/./match_addr.c	3
plugins/sudoers/./match_command.c	12
plugins/sudoers/./match_digest.c	1
plugins/sudoers/./filedigest.c	1
plugins/sudoers/./b64_decode.c	1
plugins/sudoers/./digestname.c	1
lib/util/./strtomode.c	1
plugins/sudoers/./lookup.c	5
plugins/sudoers/./display.c	10
lib/util/./roundup.c	1
plugins/sudoers/./fmtsudoers.c	6
plugins/sudoers/./exptilde.c	1
plugins/sudoers/./check_aliases.c	4
plugins/sudoers/./sudoers_ctx_free.c	1
plugins/sudoers/./canon_path.c	2

Fuzzer: fuzz_policy

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	75	38.8%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	118	61.1%
All colors	193	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
38	38	1 : View List ['defaults_warnx']	38	38	parse_default_entry	call site: 00000	/src/sudo/plugins/sudoers/./defaults.c:326
36	36	1 : View List ['sudo_fatal_nodebug_v1']	36	36	_rs_stir	call site: 00000	/src/sudo/lib/util/./arc4random.c:99
15	15	2 : View List ['__errno_location', 'sudo_gethostname_v1']	27	68	sudoers_sethost	call site: 00000	/src/sudo/plugins/sudoers/./sethost.c:51
10	12	2 : View List ['sudo_gettime_real_v1', 'sudo_debug_printf2_v1']	10	12	sudo_gettime_awake_v1	call site: 00000	/src/sudo/lib/util/./gettime.c:179
10	10	2 : View List ['fputs', 'putc']	12	14	warning	call site: 00114	/src/sudo/lib/util/./fatal.c:192
8	49	4 : View List ['strncmp', 'sudo_parseln_v2', '__ctype_b_loc', 'feof']	14	97	env_file_next_local	call site: 00000	/src/sudo/plugins/sudoers/./env.c:1302
6	6	4 : View List ['free', 'strcmp', 'strdup', 'setlocale']	6	6	sudoers_setlocale	call site: 00000	/src/sudo/plugins/sudoers/./locale.c:117
4	6	3 : View List ['__errno_location', 'audit_failure', 'log_warning']	4	6	set_cmnd	call site: 00000	/src/sudo/plugins/sudoers/./sudoers.c:1177
4	4	3 : View List ['reallocarray', 'free', 'sysconf']	6	6	sudo_getgrouplist2_v1	call site: 00000	/src/sudo/lib/util/./getgrouplist.c:82
2	44	2 : View List ['reallocarray', 'sudo_strtoid_v2']	8	56	sudo_make_gidlist_item	call site: 00000	/src/sudo/plugins/sudoers/./pwutil_impl.c:257
2	39	3 : View List ['__errno_location', 'sudo_warn_gettext_v1', 'sudo_warn_nodebug_v1']	2	277	sudoers_policy_close	call site: 00000	/src/sudo/plugins/sudoers/./policy.c:1164
2	37	3 : View List ['__errno_location', 'sudo_warnx_nodebug_v1', 'sudo_warn_gettext_v1']	2	77	sudo_setenv2	call site: 00000	/src/sudo/plugins/sudoers/./env.c:471

Runtime coverage analysis

Covered functions

280

Functions that are reachable but not covered

40

Reachable functions

87

Percentage of reachable functions covered

54.02%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
plugins/sudoers/./regress/fuzz/fuzz_policy.c	9
lib/util/./progname.c	4
lib/util/./basename.c	1
plugins/sudoers/./sudoers_debug.c	2
lib/util/./sudo_debug.c	3
lib/util/./fatal.c	4
plugins/sudoers/./sudoers.c	1
plugins/sudoers/gram.y	14
lib/util/./rcstr.c	3
plugins/sudoers/./alias.c	2
plugins/sudoers/./redblack.c	2
plugins/sudoers/toke.l	1
lib/util/./lbuf.c	1
plugins/sudoers/toke.c	2
plugins/sudoers/./sudoers_ctx_free.c	1
plugins/sudoers/./pwutil.c	9
plugins/sudoers/./canon_path.c	3
plugins/sudoers/./env.c	1
plugins/sudoers/./gc.c	2

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name	Functions filename	Arg count	Args	Function depth	hitcount	instr count	bb count	cyclomatic complexity	Reachable functions	Incoming references	total cyclomatic complexity	Unreached complexity
sudoers_policy_check	/src/sudo/plugins/sudoers/./policy.c	7	['int', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A']	13	0	149	21	7	294	0	1982	739
sudoers_policy_open	/src/sudo/plugins/sudoers/./policy.c	8	['int', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A']	12	0	219	37	12	290	0	1730	315
free_cmndspec	/src/sudo/plugins/sudoers/gram.y	2	['N/A', 'N/A']	2	0	581	117	41	2	0	52	41
sudo_lbuf_append_esc_v1	/src/sudo/lib/util/./lbuf.c	3	['N/A', 'int', 'N/A']	2	0	535	77	28	8	0	61	40

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers

553 / 817

Cyclomatic complexity statically reachable by fuzzers

4971 / 5958

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

lib/iolog/./regress/fuzz/fuzz_iolog_legacy.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['warning', 'initprogname2', 'iolog_parse_loginfo_legacy', 'sudo_strtonumx']

lib/iolog/./regress/fuzz/fuzz_iolog_timing.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['iolog_parse_delay', 'iolog_openat', 'warning', 'iolog_read_timing_record', 'LLVMFuzzerTestOneInput', 'initprogname2', '_rs_stir', 'iolog_open', 'mktemp_internal']

lib/iolog/./regress/fuzz/fuzz_iolog_json.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['warning', 'initprogname2', 'json_stack_push', 'json_parse_string', 'eventlog_json_parse', 'sudo_strtonumx', 'free_json_items']

lib/util/./regress/fuzz/fuzz_sudo_conf.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['LLVMFuzzerTestOneInput', 'warning', 'initprogname2', '_rs_stir', 'sudo_conf_read_v1', 'sudo_conf_debug_files_v1', 'mktemp_internal']

logsrvd/./regress/fuzz/fuzz_logsrvd_conf.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['append_address', 'logsrvd_conf_read', 'warning', 'initprogname2', 'getaddrinfo', '_rs_stir', 'logsrvd_conf_free', 'sudo_gai_warn_nodebug_v1']

plugins/sudoers/./regress/fuzz/fuzz_sudoers_ldif.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['append_default', 'LLVMFuzzerTestOneInput', 'sudo_ldap_role_to_priv', 'warning', 'role_to_sudoers', 'initprogname2', 'sudoers_parse_ldif', 'free_defs_val', 'init_passprompt_regex']

plugins/sudoers/./regress/fuzz/fuzz_sudoers.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['sudoerslex', 'sudo_strtoidx_v1', 'display_privs', 'alloc_aliases', 'fill_args', 'sudoers_lookup', 'display_bound_defaults', 'fill_cmnd', 'update_defaults']

plugins/sudoers/./regress/fuzz/fuzz_policy.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['sudoers_cleanup', 'warning', 'rbdestroy_int', 'sudo_warn_gettext_v1', 'sudo_basename_v1', 'env_free', 'LLVMFuzzerTestOneInput', 'sudo_freegrcache', 'initprogname2']

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name	Function total lines	Lines covered at runtime	percentage covered	Reached by fuzzers
iolog_open	68	35	51.47%	['fuzz_iolog_timing']
iolog_openat	35	13	37.14%	['fuzz_iolog_timing']
logsrvd_conf_apply	115	11	9.565%	['fuzz_logsrvd_conf']
list_op	36	19	52.77%	['fuzz_sudoers_ldif', 'fuzz_policy', 'fuzz_sudoers']
sudo_lbuf_append_v1	75	31	41.33%	['fuzz_sudoers']
sudo_lbuf_expand	33	16	48.48%	['fuzz_sudoers']
alias_find_used	51	12	23.52%	['fuzz_sudoers']
check_aliases	66	19	28.78%	['fuzz_sudoers']
display_defaults	32	11	34.37%	['fuzz_sudoers']
display_bound_defaults_by_type	51	22	43.13%	['fuzz_sudoers']
sudoersparse	1573	248	15.76%	['fuzz_sudoers']
sudoerserrorf	55	9	16.36%	['fuzz_sudoers']
parser_leak_add	42	19	45.23%	['fuzz_sudoers']
parser_leak_remove	51	21	41.17%	['fuzz_sudoers']
parser_leak_free	74	23	31.08%	['fuzz_policy', 'fuzz_sudoers']
sudoers_lookup	47	22	46.80%	['fuzz_policy', 'fuzz_sudoers']
sudoers_lookup_pseudo	125	34	27.20%	['fuzz_sudoers']
sudoers_lookup_check	75	10	13.33%	['fuzz_sudoers']
sudo_set_gidlist	39	21	53.84%	['fuzz_policy', 'fuzz_sudoers']
sudoerslex	1143	256	22.39%	['fuzz_sudoers']
pop_include	42	6	14.28%	['fuzz_sudoers']
fill_cmnd	42	16	38.09%	['fuzz_sudoers']
sudo_getgrouplist2_v1	35	11	31.42%	['fuzz_policy']
parse_default_entry	99	53	53.53%	['fuzz_policy', 'fuzz_sudoers']
wordsplit	38	20	52.63%	['fuzz_policy']
env_update_didvar	32	11	34.37%	['fuzz_policy']
sudoers_check_common	213	111	52.11%	['fuzz_policy']

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file	Reached by	Covered by
	[]	[]
/src/sudo/plugins/sudoers/gram.y	['fuzz_sudoers_ldif', 'fuzz_sudoers', 'fuzz_policy']	['fuzz_sudoers_ldif', 'fuzz_sudoers', 'fuzz_policy']
/src/sudo/plugins/sudoers/./iolog_path_escapes.c	[]	[]
/src/sudo/lib/util/./regress/fuzz/fuzz_sudo_conf.c	['fuzz_sudo_conf']	[]
/src/sudo/lib/util/./parseln.c	['fuzz_sudo_conf', 'fuzz_logsrvd_conf']	[]
/src/sudo/lib/util/./rcstr.c	['fuzz_logsrvd_conf', 'fuzz_sudoers_ldif', 'fuzz_sudoers', 'fuzz_policy']	[]
/src/sudo/plugins/sudoers/./alias.c	['fuzz_sudoers_ldif', 'fuzz_sudoers', 'fuzz_policy']	[]
/src/sudo/plugins/sudoers/./filedigest.c	['fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./fmtsudoers.c	['fuzz_sudoers_ldif', 'fuzz_sudoers']	[]
/src/sudo/lib/iolog/./regress/fuzz/fuzz_iolog_timing.c	['fuzz_iolog_timing']	[]
/src/sudo/plugins/sudoers/toke.c	['fuzz_sudoers', 'fuzz_policy']	['fuzz_sudoers']
/src/sudo/lib/util/./strtonum.c	['fuzz_iolog_legacy', 'fuzz_iolog_timing', 'fuzz_iolog_json', 'fuzz_logsrvd_conf', 'fuzz_sudoers']	[]
/src/sudo/lib/eventlog/./eventlog_free.c	['fuzz_iolog_legacy', 'fuzz_iolog_json']	[]
/src/sudo/lib/util/./hexchar.c	['fuzz_iolog_json', 'fuzz_sudoers']	[]
/src/sudo/lib/iolog/./iolog_eof.c	['fuzz_iolog_timing']	[]
/src/sudo/plugins/sudoers/./regress/fuzz/fuzz_policy.c	['fuzz_policy']	[]
/src/sudo/plugins/sudoers/./locale.c	['fuzz_sudoers_ldif', 'fuzz_sudoers']	[]
/src/sudo/lib/util/./strsplit.c	['fuzz_logsrvd_conf', 'fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./env.c	['fuzz_policy']	[]
/src/sudo/plugins/sudoers/./sethost.c	[]	[]
/src/sudo/logsrvd/./regress/fuzz/fuzz_logsrvd_conf.c	['fuzz_logsrvd_conf']	[]
/src/sudo/lib/util/./arc4random.c	['fuzz_iolog_timing', 'fuzz_sudo_conf', 'fuzz_logsrvd_conf']	[]
/src/sudo/plugins/sudoers/./match.c	['fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./check_aliases.c	['fuzz_sudoers']	[]
/src/sudo/lib/util/./strtoid.c	['fuzz_sudoers']	[]
/src/sudo/lib/util/./regex.c	['fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./policy.c	[]	[]
/src/sudo/lib/util/./progname.c	['fuzz_iolog_legacy', 'fuzz_iolog_timing', 'fuzz_iolog_json', 'fuzz_sudo_conf', 'fuzz_logsrvd_conf', 'fuzz_sudoers_ldif', 'fuzz_sudoers', 'fuzz_policy']	[]
/src/sudo/lib/util/./strtomode.c	['fuzz_sudoers']	[]
/src/sudo/lib/iolog/./regress/fuzz/fuzz_iolog_json.c	['fuzz_iolog_json']	[]
/src/sudo/lib/util/./gettime.c	[]	[]
/src/sudo/lib/iolog/./iolog_util.c	['fuzz_iolog_timing']	[]
/src/sudo/lib/util/./gethostname.c	['fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/toke.l	['fuzz_sudoers', 'fuzz_policy']	['fuzz_sudoers', 'fuzz_policy']
/src/sudo/lib/util/./login_max.c	[]	[]
/src/sudo/plugins/sudoers/./exptilde.c	['fuzz_sudoers']	[]
/src/sudo/lib/util/./sudo_debug.c	['fuzz_iolog_legacy', 'fuzz_iolog_timing', 'fuzz_iolog_json', 'fuzz_sudo_conf', 'fuzz_logsrvd_conf', 'fuzz_sudoers_ldif', 'fuzz_sudoers', 'fuzz_policy']	[]
/src/sudo/lib/iolog/./host_port.c	['fuzz_logsrvd_conf']	[]
/src/sudo/plugins/sudoers/./sudoers_ctx_free.c	['fuzz_sudoers', 'fuzz_policy']	[]
/src/sudo/lib/util/./strtobool.c	[]	[]
/src/sudo/plugins/sudoers/gram.c	['fuzz_sudoers']	['fuzz_sudoers']
/src/sudo/lib/util/./lbuf.c	['fuzz_sudoers', 'fuzz_policy']	[]
/src/sudo/lib/util/./basename.c	['fuzz_iolog_legacy', 'fuzz_iolog_timing', 'fuzz_iolog_json', 'fuzz_sudo_conf', 'fuzz_logsrvd_conf', 'fuzz_sudoers_ldif', 'fuzz_sudoers', 'fuzz_policy']	[]
/src/sudo/logsrvd/./tls_init.c	['fuzz_logsrvd_conf']	[]
/src/sudo/plugins/sudoers/./pwutil.c	['fuzz_sudoers', 'fuzz_policy']	[]
/src/sudo/lib/util/./roundup.c	['fuzz_sudo_conf', 'fuzz_logsrvd_conf', 'fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./b64_decode.c	['fuzz_sudoers_ldif', 'fuzz_sudoers']	[]
/src/sudo/lib/util/./uuid.c	[]	[]
/src/sudo/plugins/sudoers/./strlcpy_unesc.c	[]	[]
/src/sudo/logsrvd/./logsrvd_conf.c	['fuzz_logsrvd_conf']	[]
/src/sudo/lib/iolog/./iolog_legacy.c	['fuzz_iolog_legacy']	[]
/src/sudo/plugins/sudoers/./match_digest.c	['fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./toke_util.c	['fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./pwutil_impl.c	[]	[]
/src/sudo/lib/eventlog/./parse_json.c	['fuzz_iolog_json']	[]
/src/sudo/lib/iolog/./regress/fuzz/fuzz_iolog_legacy.c	['fuzz_iolog_legacy']	[]
/src/sudo/plugins/sudoers/./gc.c	['fuzz_policy']	[]
/src/sudo/plugins/sudoers/./sudoers.c	['fuzz_policy']	[]
/src/sudo/lib/util/./strlcat.c	[]	[]
/src/sudo/plugins/sudoers/./serialize_list.c	[]	[]
/src/sudo/plugins/sudoers/./parse_ldif.c	['fuzz_sudoers_ldif']	[]
/src/sudo/plugins/sudoers/./digestname.c	['fuzz_sudoers_ldif', 'fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./regress/fuzz/fuzz_sudoers_ldif.c	['fuzz_sudoers_ldif']	[]
/src/sudo/lib/util/./getgrouplist.c	[]	[]
/src/sudo/lib/util/./fatal.c	['fuzz_iolog_legacy', 'fuzz_iolog_timing', 'fuzz_iolog_json', 'fuzz_sudo_conf', 'fuzz_logsrvd_conf', 'fuzz_sudoers_ldif', 'fuzz_sudoers', 'fuzz_policy']	[]
/src/sudo/lib/iolog/./iolog_open.c	['fuzz_iolog_timing']	[]
/src/sudo/lib/util/./mktemp.c	['fuzz_iolog_timing', 'fuzz_sudo_conf', 'fuzz_logsrvd_conf']	[]
/src/sudo/lib/util/./digest_openssl.c	['fuzz_sudoers']	[]
/src/sudo/lib/iolog/./iolog_conf.c	['fuzz_iolog_timing', 'fuzz_logsrvd_conf']	[]
/src/sudo/plugins/sudoers/./redblack.c	['fuzz_sudoers_ldif', 'fuzz_sudoers', 'fuzz_policy']	[]
/src/sudo/lib/util/./strlcpy.c	['fuzz_sudo_conf', 'fuzz_logsrvd_conf', 'fuzz_sudoers']	[]
/src/sudo/lib/util/./logpri.c	['fuzz_logsrvd_conf', 'fuzz_sudoers_ldif', 'fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./lookup.c	['fuzz_sudoers']	[]
/src/sudo/lib/util/./secure_path.c	['fuzz_logsrvd_conf', 'fuzz_sudoers']	[]
/src/sudo/lib/iolog/./iolog_openat.c	['fuzz_iolog_timing']	[]
/src/sudo/plugins/sudoers/./ldap_util.c	['fuzz_sudoers_ldif']	[]
/src/sudo/lib/eventlog/./eventlog_conf.c	['fuzz_logsrvd_conf']	[]
/src/sudo/plugins/sudoers/./sudoers_cb.c	[]	[]
/src/sudo/lib/util/./chacha_private.h	['fuzz_iolog_timing', 'fuzz_sudo_conf', 'fuzz_logsrvd_conf']	[]
/src/sudo/plugins/sudoers/./regress/fuzz/fuzz_stubs.c	['fuzz_sudoers_ldif', 'fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./sudoers_hooks.c	[]	[]
/src/sudo/plugins/sudoers/./regress/fuzz/fuzz_sudoers.c	['fuzz_sudoers']	[]
/src/sudo/lib/util/./key_val.c	[]	[]
/src/sudo/lib/iolog/./iolog_gets.c	['fuzz_iolog_timing']	[]
/src/sudo/lib/iolog/./iolog_json.c	['fuzz_iolog_json']	[]
/src/sudo/lib/iolog/./iolog_timing.c	['fuzz_iolog_timing']	[]
/src/sudo/plugins/sudoers/./editor.c	[]	[]
/src/sudo/lib/util/./str2sig.c	['fuzz_iolog_timing']	[]
/src/sudo/lib/iolog/./iolog_filter.c	['fuzz_logsrvd_conf']	[]
/src/sudo/plugins/sudoers/./sudoers_debug.c	['fuzz_sudoers_ldif', 'fuzz_sudoers', 'fuzz_policy']	[]
/src/sudo/lib/util/./logfac.c	['fuzz_logsrvd_conf', 'fuzz_sudoers_ldif', 'fuzz_sudoers']	[]
/src/sudo/lib/iolog/./iolog_close.c	['fuzz_iolog_timing']	[]
/src/sudo/plugins/sudoers/./parser_warnx.c	['fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./gentime.c	['fuzz_sudoers_ldif', 'fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./env_pattern.c	[]	[]
/src/sudo/lib/util/./sudo_conf.c	['fuzz_sudo_conf']	[]
/src/sudo/lib/util/./gidlist.c	[]	[]
/src/sudo/plugins/sudoers/./match_addr.c	['fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./strlist.c	['fuzz_sudoers_ldif']	[]
/src/sudo/plugins/sudoers/./strvec_join.c	[]	[]
/src/sudo/plugins/sudoers/./defaults.c	['fuzz_sudoers_ldif', 'fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./display.c	['fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./timeout.c	['fuzz_sudoers_ldif', 'fuzz_sudoers']	[]
/src/sudo/plugins/sudoers/./canon_path.c	['fuzz_sudoers', 'fuzz_policy']	[]
/src/sudo/plugins/sudoers/./match_command.c	['fuzz_sudoers']	[]

Directories in report

Directory
/src/sudo/lib/iolog/./regress/fuzz/
/src/sudo/lib/eventlog/./
/src/sudo/plugins/sudoers/./
/src/sudo/plugins/sudoers/./regress/fuzz/
/src/sudo/plugins/sudoers/
/src/sudo/lib/util/./
/src/sudo/lib/iolog/./
/src/sudo/lib/util/./regress/fuzz/
/src/sudo/logsrvd/./
/src/sudo/logsrvd/./regress/fuzz/