Skip to content

Commit

Permalink
webapp: add target oracle page (#1304)
Browse files Browse the repository at this point in the history 
Signed-off-by: David Korczynski <[email protected]>
  • Loading branch information
@DavidKorczynski
DavidKorczynski authored Nov 8, 2023
1 parent 9075d10 commit 4736a60
Show file tree
Hide file tree
Showing 3 changed files with 141 additions and 0 deletions.
54 changes: 54 additions & 0 deletions tools/web-fuzzing-introspection/app/webapp/routes.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,60 @@ def projects_overview():
all_projects=projects_to_use)


def oracle_1(all_functions, all_projects):
tmp_list = []
project_count = dict()
for function in all_functions:
if "parse" not in function.name:
continue

if (function.runtime_code_coverage == 0.0
and project_count.get(function.project, 0) < 5
and function.accummulated_cyclomatic_complexity > 200):

to_continue = False
for proj in all_projects:
if proj.name == function.project and proj.language in {
'c', 'c++'
}:
to_continue = True
if not to_continue:
continue
tmp_list.append(function)
current_count = project_count.get(function.project, 0)
current_count += 1
project_count[function.project] = current_count

functions_to_display = tmp_list
funcs_max_to_display = 4000
total_matches = len(functions_to_display)
if total_matches >= funcs_max_to_display:
functions_to_display = functions_to_display[:funcs_max_to_display]

return functions_to_display


@blueprint.route('/target_oracle')
def target_oracle():
all_projects = data_storage.get_projects()
all_functions = data_storage.get_functions()
functions_to_display = oracle_1(all_functions, all_projects)

func_to_lang = dict()
for func in functions_to_display:
language = 'c'
for proj in all_projects:
if proj.name == func.project:
language = proj.language
break

func_to_lang[func.name] = language
return render_template('target-oracle.html',
gtag=gtag,
functions_to_display=functions_to_display,
func_to_lang=func_to_lang)


@blueprint.route('/indexing-overview')
def indexing_overview():
build_status = data_storage.get_build_status()
Expand Down
1 change: 1 addition & 0 deletions tools/web-fuzzing-introspection/app/webapp/templates/base.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@
<ul class="menu">
<li><a href="{{ url_for('site.projects_overview') }}">Project Overview</a></li>
<li><a href="{{ url_for('site.function_search') }}">Function Database</a></li>
<li><a href="{{ url_for('site.target_oracle') }}">Target Oracle</a></li>
<li><a href="{{ url_for('site.indexing_overview')}}">Indexing status</a></li>
<li><a href="{{ url_for('site.api')}}">API</a></li>
</ul>
Expand Down
86 changes: 86 additions & 0 deletions tools/web-fuzzing-introspection/app/webapp/templates/target-oracle.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
{% extends "base.html" %}
{% block content %}
<!-- main content -->
<main>
<!-- hero area -->
<section class="search__hero overview__hero">
<div class="container">
<div class="search__hero-wrapper">
<h1 class="section__title">
Target oracle
</h1>
</div>
<div class="alert alert-info" role="alert">
This page shows functions across the entire OSS-Fuzz database that are determined to be likely interesting targets. This suggestion comes from various heuristics that often encapsulate functions that are likely good to fuzz or are, perhaps, easy to fuzz. For each suggestion a justification is included as to why this target is interesting, by way of referencing a given heuristic.
</div>
<div class="database overviewBody">
<div class="database__header">
<div class="database__header-right">
<button type="button" class="btn__table" onclick="location.href='https://github.com/ossf/fuzz-introspector'">
Fuzz Introspector
</button>
<button type="button" class="btn__table" onclick="location.href='https://github.com/ossf/fuzz-introspector/issues'">Suggest ideas</button>
<button type="button" class="btn__table" onclick="location.href='https://github.com/ossf/fuzz-introspector/issues'">Report issues</button>
</div>
</div>
<div class="database__body">
<table id="projectOverviewTable">
<thead>
<tr>
<td>Function name</td>
<td>Project</td>
<td>Language</td>
<td>Reason</td>
<td>Coverage link</td>
</tr>
</thead>
<tbody>
{% for target_func in functions_to_display %}
<tr>
<td> <a href="/function-profile?function={{target_func.name | urlencode}}&project={{target_func.project | urlencode}}">{{ target_func.name }}</a> </td>
<td> {{ target_func.project }} </td>
<td> {{func_to_lang[target_func.name]}} </td>
<td> <a href="#heuristic-1">heuristic 1</a></td>
<td> <a href="{{target_func.code_coverage_url}}">coverage link</a></td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
</section>
<!-- end hero area -->
<section class="overview">
<div class="container">
<div class="overview__wrapper">
<h2 class="section__title">Heuristics</h2>
<!-- /api/annotated-cfg -->
</div>
<div style="padding-top: 25px; margin-left: 35px; margin-right: 35px">
<p>
<left>
<h3 id="heuristic-1">Heuristic 1</h3>
<p>
This is the heuristic highlights functions that has all of the following attributes:
<ul>
<li>- Has "parse" in its function name.</li>
<li>- Has zero percentage code coverage.</li>
<li>- Has accummulated cyclomatic complexity larger than 200.</li>
<li>- Is in a project written in C or C++.</li>
</ul>
</p>
</left>
</p>
</div>
</div>
</section>

</main>
<!-- end main content -->
<script>
$( document ).ready(function() {
$('#projectOverviewTable').dataTable({'pageLength': 1000})
});
</script>
{% endblock %}

0 comments on commit 4736a60

Please sign in to comment.