Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues
Report generation date: 2024-07-27

Project overview: w3lib

High level conclusions

Reachability and coverage overview

Functions statically reachable by fuzzers
9.0%
5 / 55
Cyclomatic complexity statically reachable by fuzzers
12.0%
23 / 190
Runtime code coverage of functions
20.0%
11 / 55

Warning: The number of runtime covered functions are larger than the number of reachable functions. This means that Fuzz Introspector found there are more functions covered at runtime than what is considered reachable based on the static analysis. This is a limitation in the analysis as anything covered at runtime is by definition reachable by the fuzzers.
This is likely due to a limitation in the static analysis. In this case, the count of functions covered at runtime is the true value, which means this is what should be considered "achieved" by the fuzzer.

Use the project functions table below to query all functions that were not covered at runtime.

Fuzzer details

Fuzzer: fuzz_url_safe

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 7 21.2%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 26 78.7%
All colors 33 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
3 6 w3lib.util.to_unicode call site: 00006 .isinstance
2 1 ...fuzz_url_safe.TestOneInput call site: 00001 fdp.ConsumeIntInRange
2 30 w3lib.url.safe_url_string call site: 00030 urllib.parse.urlsplit.fragment.encode

Runtime coverage analysis

Covered functions
16
Functions that are reachable but not covered
20
Reachable functions
23
Percentage of reachable functions covered
13.04%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/ 1
...fuzz_url_safe 4
w3lib.url 15
w3lib.util 3

Fuzzer: fuzz_safe_download_url

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 6 15.0%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 34 85.0%
All colors 40 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
3 7 w3lib.util.to_unicode call site: 00007 .isinstance
2 31 w3lib.url.safe_url_string call site: 00031 urllib.parse.urlsplit.fragment.encode
1 3 ...fuzz_safe_download_url.TestOneInput call site: 00003 w3lib.url.safe_download_url

Runtime coverage analysis

Covered functions
16
Functions that are reachable but not covered
24
Reachable functions
28
Percentage of reachable functions covered
14.29%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/ 1
...fuzz_safe_download_url 4
w3lib.url 20
w3lib.util 3

Fuzzer: fuzz_parse_data_uri

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 5 9.80%
gold [1:9] 0 0.0%
yellow [10:29] 0 0.0%
greenyellow [30:49] 0 0.0%
lawngreen 50+ 46 90.1%
All colors 51 100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
3 8 w3lib.util.to_unicode call site: 00008 .isinstance
2 32 w3lib.url.safe_url_string call site: 00032 urllib.parse.urlsplit.fragment.encode

Runtime coverage analysis

Covered functions
16
Functions that are reachable but not covered
34
Reachable functions
38
Percentage of reachable functions covered
10.53%
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/ 1
...fuzz_parse_data_uri 4
w3lib.url 31
w3lib.util 3