CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-atheris

A coverage-guided fuzzer for Python and Python extensions based on libFuzzer

Overall
score

91%

Overview
Eval results
Files

Evaluation results

93%

22%

Counter Registration for Dynamic Instrumentation

Registering counters with UpdateCounterArrays()

Criteria
Without context
With context

Uses _reserve_counter()

100%

100%

Calls UpdateCounterArrays()

100%

100%

Uses instrument_func()

25%

100%

Correct sequencing

86%

100%

Instrumentation verification

0%

50%

Multiple registrations

60%

60%

100%

2%

HTTP Request Parser Fuzzer

FuzzedDataProvider - consuming bytes and strings

Criteria
Without context
With context

FuzzedDataProvider instantiation

100%

100%

ConsumeBytes usage

92%

100%

ConsumeUnicode usage

100%

100%

Proper byte counts

100%

100%

Request construction

100%

100%

Exception handling

100%

100%

100%

JSON Parser Fuzzer

Fuzzer initialization with Setup()

Criteria
Without context
With context

Setup() called

100%

100%

TestOneInput defined

100%

100%

Setup() parameters correct

100%

100%

Fuzz() called

100%

100%

Exception handling

100%

100%

Command-line integration

100%

100%

100%

10%

Custom Branch Coverage Tracker

Manual counter allocation for custom instrumentation

Criteria
Without context
With context

Counter allocation

100%

100%

Counter registration

100%

100%

Branch tracing

100%

100%

Counter-to-name mapping

50%

100%

95%

50%

URL Parser Fuzzing Test

Instrumenting individual functions with instrument_func()

Criteria
Without context
With context

Function instrumentation

0%

100%

Fuzzer initialization

100%

100%

FuzzedDataProvider usage

0%

100%

Fuzzer execution

100%

100%

Test callback

100%

50%

80%

10%

JSON Parser Fuzzer

Instrumenting imports with instrument_imports()

Criteria
Without context
With context

instrument_imports() usage

100%

100%

Selective instrumentation

33%

40%

Import ordering

60%

92%

TestOneInput implementation

100%

100%

100%

String Comparison Fuzzer

Direct C++ level string method hooking

Criteria
Without context
With context

String hook enabled

100%

100%

FuzzedDataProvider usage

100%

100%

Setup() called correctly

100%

100%

Fuzz() called

100%

100%

String comparison operations

100%

100%

Proper data flow

100%

100%

60%

30%

Integer Parser Fuzzer

FuzzedDataProvider - consuming integers

Criteria
Without context
With context

FuzzedDataProvider instantiation

100%

100%

ConsumeInt usage

0%

0%

ConsumeIntInRange usage

100%

100%

ConsumeIntList usage

0%

0%

ConsumeIntListInRange usage

0%

100%

Fuzzer setup

0%

100%

98%

65%

Custom Module Loader Fuzzing

Custom import loader support

Criteria
Without context
With context

instrument_imports usage

0%

100%

enable_loader_override parameter

0%

100%

Setup() initialization

100%

100%

FuzzedDataProvider usage

0%

100%

Fuzz() execution

100%

100%

Custom loader integration

30%

100%

Exception handling

100%

60%

85%

10%

Magic Number Validator

Data flow tracing with _trace_cmp()

Criteria
Without context
With context

Fuzzer initialization

66%

100%

TestOneInput callback

100%

100%

FuzzedDataProvider usage

0%

0%

Function instrumentation

80%

100%

Comparison operations

100%

100%

Fuzzing execution

100%

100%

Integer comparison tracing

100%

100%

String comparison tracing

100%

100%

Install with Tessl CLI

npx tessl i tessl/pypi-atheris
Evaluated
Agent
Codex

Table of Contents

Counter Registration for Dynamic InstrumentationHTTP Request Parser FuzzerJSON Parser FuzzerCustom Branch Coverage TrackerURL Parser Fuzzing TestJSON Parser FuzzerString Comparison FuzzerInteger Parser FuzzerCustom Module Loader FuzzingMagic Number Validator