tessl/pypi-atheris
A coverage-guided fuzzer for Python and Python extensions based on libFuzzer
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-atheris@2.3.0index.mddocs/
Atheris
A coverage-guided Python fuzzing engine based on libFuzzer. Atheris enables fuzzing of Python code and native extensions, providing feedback-guided testing to discover bugs through automatic input generation and mutation.
Package Information
- Package Name: atheris
- Language: Python
- Installation:
pip install atheris - Supported Platforms: Linux (32-bit, 64-bit), Mac OS X
- Python Versions: 3.6 - 3.11
Core Imports
import atherisFor specific functionality:
from atheris import Setup, Fuzz, FuzzedDataProvider
from atheris import instrument_imports, instrument_func, instrument_allBasic Usage
#!/usr/bin/python3
import atheris
import sys
# Import libraries to fuzz within instrumentation context
with atheris.instrument_imports():
import some_library
def TestOneInput(data):
"""Fuzzer entry point that receives random bytes from libFuzzer."""
some_library.parse(data)
# Configure and start fuzzing
atheris.Setup(sys.argv, TestOneInput)
atheris.Fuzz()Advanced usage with data provider:
import atheris
import sys
with atheris.instrument_imports():
import target_module
def TestOneInput(data):
fdp = atheris.FuzzedDataProvider(data)
# Extract structured data from raw bytes
length = fdp.ConsumeIntInRange(1, 100)
text = fdp.ConsumeUnicodeNoSurrogates(length)
flag = fdp.ConsumeBool()
target_module.process(text, flag)
atheris.Setup(sys.argv, TestOneInput)
atheris.Fuzz()Architecture
Atheris implements coverage-guided fuzzing through several key components:
- libFuzzer Integration: Uses LLVM's libFuzzer engine for input generation, mutation, and coverage feedback
- Bytecode Instrumentation: Dynamically patches Python bytecode to collect branch and comparison coverage
- Import-time Instrumentation: Hooks module imports to automatically instrument loaded code
- Native Extension Support: Instruments C/C++ extensions when built with appropriate compiler flags
- Custom Mutators: Supports user-defined mutation strategies for domain-specific input generation
Capabilities
Core Fuzzing Functions
Essential functions for setting up and running the fuzzer, including configuration and execution control.
def Setup(args, test_one_input, internal_libfuzzer=None, custom_mutator=None, custom_crossover=None):
"""
Configure the fuzzer with test function and options.
Args:
args (list): Command-line arguments (typically sys.argv)
test_one_input (callable): Function that takes bytes and performs testing
internal_libfuzzer (bool, optional): Use internal libfuzzer (auto-detected if None)
custom_mutator (callable, optional): Custom mutation function
custom_crossover (callable, optional): Custom crossover function
Returns:
list: Remaining command-line arguments after fuzzer consumption
"""
def Fuzz():
"""
Start the fuzzing loop. Must call Setup() first.
This function does not return - it runs until the fuzzer stops
due to finding a crash, reaching run limits, or external termination.
"""
def Mutate(data, max_size):
"""
Mutate input data using libFuzzer's built-in mutator.
Args:
data (bytes): Input data to mutate
max_size (int): Maximum size of mutated output
Returns:
bytes: Mutated data
"""Data Provider
Utilities for converting raw fuzzer bytes into structured data types for more effective testing.
class FuzzedDataProvider:
"""Converts raw fuzzer bytes into various data types."""
def __init__(self, input_bytes: bytes):
"""Initialize with raw fuzzer input."""
def ConsumeBytes(self, count: int) -> bytes:
"""Consume count bytes from the input."""
def ConsumeInt(self, byte_size: int) -> int:
"""Consume a signed integer of specified byte size."""
def ConsumeIntInRange(self, min_val: int, max_val: int) -> int:
"""Consume an integer in the range [min_val, max_val]."""
def ConsumeBool(self) -> bool:
"""Consume either True or False."""Code Instrumentation
Functions for adding coverage instrumentation to Python code at import-time, runtime, or globally.
def instrument_imports(include=None, exclude=None, enable_loader_override=True):
"""
Context manager that instruments Python modules imported within the context.
Args:
include (list, optional): Module names to include
exclude (list, optional): Module names to exclude
enable_loader_override (bool): Enable custom loader instrumentation
Returns:
Context manager for instrumented imports
"""
def instrument_func(func):
"""
Decorator that instruments a specific Python function.
Args:
func (callable): Function to instrument
Returns:
callable: Instrumented function
"""
def instrument_all():
"""Instrument all currently loaded Python functions."""Advanced Features
Hook management, custom mutators, and specialized instrumentation for regex and string operations.
# Hook management
enabled_hooks = EnabledHooks() # Global hook manager
def gen_match(pattern):
"""
Generate a string that matches a regex pattern.
Args:
pattern (str or bytes): Regular expression pattern
Returns:
str or bytes: String that matches the pattern
"""
def path() -> str:
"""
Get the path to the Atheris installation directory.
Returns:
str: Path to the directory containing Atheris files
"""
# Constants
ALL_REMAINING: int # Special value for FuzzedDataProvider to consume all remaining bytesTypes
class EnabledHooks:
"""Manages the set of enabled instrumentation hooks."""
def add(self, hook: str) -> None:
"""
Enable a specific hook.
Args:
hook (str): Hook name ('RegEx' or 'str')
"""
def __contains__(self, hook: str) -> bool:
"""
Check if a hook is enabled.
Args:
hook (str): Hook name to check
Returns:
bool: True if the hook is enabled
"""