'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
tessl/pypi-atheris
tessl install tessl/pypi-atheris@2.3.0A coverage-guided fuzzer for Python and Python extensions based on libFuzzer
Agent Success
Agent success rate when using this tile
91%
Improvement
Agent success rate improvement when using this tile compared to baseline
1.28x
Baseline
Agent success rate without this tile
71%
task.mdevals/scenario-10/
Magic Number Validator
Build a fuzzing test harness that validates inputs against multiple magic numbers and secret strings. The system should efficiently discover the correct values using data flow tracing.
Requirements
Your task is to implement a fuzzer that tests a validation function with complex comparison logic:
-
Create a validation function
validate_input(data: bytes) -> strthat:- Extracts an integer from the first 4 bytes (big-endian)
- Checks if it equals the magic number
0x41424344 - Extracts a string from the next bytes until a null terminator
- Checks if the string equals "SECRET_KEY"
- Returns "SUCCESS" if both checks pass, otherwise returns an error message
-
Implement a fuzzing harness using the target package that:
- Uses structured input generation to create test data
- Instruments the validation function to enable data flow tracing
- Runs the fuzzer to discover the magic number and secret string
- Captures successful inputs that pass validation
Test Cases
- When fuzzing with a seed corpus containing random data, the fuzzer discovers inputs that make
validate_inputreturn "SUCCESS" @test - The validation function correctly rejects inputs with incorrect magic numbers @test
- The validation function correctly accepts inputs with magic number
0x41424344followed by "SECRET_KEY\x00" @test
Implementation
@generates
API
def validate_input(data: bytes) -> str:
"""
Validates input data against magic number and secret key.
Args:
data: Input bytes containing magic number and secret string
Returns:
"SUCCESS" if validation passes, otherwise an error message
"""
pass
def fuzz_target(data: bytes) -> None:
"""
Fuzzing entry point that tests the validation function.
Args:
data: Raw fuzzing input bytes
"""
passDependencies { .dependencies }
atheris { .dependency }
Provides coverage-guided fuzzing with data flow tracing capabilities to help discover magic numbers and strings through comparison tracking.
@satisfied-by