CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-atheris

A coverage-guided fuzzer for Python and Python extensions based on libFuzzer

91

1.28x
Overview
Eval results
Files

task.mdevals/scenario-10/

Magic Number Validator

Build a fuzzing test harness that validates inputs against multiple magic numbers and secret strings. The system should efficiently discover the correct values using data flow tracing.

Requirements

Your task is to implement a fuzzer that tests a validation function with complex comparison logic:

  1. Create a validation function validate_input(data: bytes) -> str that:

    • Extracts an integer from the first 4 bytes (big-endian)
    • Checks if it equals the magic number 0x41424344
    • Extracts a string from the next bytes until a null terminator
    • Checks if the string equals "SECRET_KEY"
    • Returns "SUCCESS" if both checks pass, otherwise returns an error message

  2. Implement a fuzzing harness using the target package that:

    • Uses structured input generation to create test data
    • Instruments the validation function to enable data flow tracing
    • Runs the fuzzer to discover the magic number and secret string
    • Captures successful inputs that pass validation

Test Cases

  • When fuzzing with a seed corpus containing random data, the fuzzer discovers inputs that make validate_input return "SUCCESS" @test
  • The validation function correctly rejects inputs with incorrect magic numbers @test
  • The validation function correctly accepts inputs with magic number 0x41424344 followed by "SECRET_KEY\x00" @test

Implementation

@generates

API

def validate_input(data: bytes) -> str:
    """
    Validates input data against magic number and secret key.

    Args:
        data: Input bytes containing magic number and secret string

    Returns:
        "SUCCESS" if validation passes, otherwise an error message
    """
    pass

def fuzz_target(data: bytes) -> None:
    """
    Fuzzing entry point that tests the validation function.

    Args:
        data: Raw fuzzing input bytes
    """
    pass

Dependencies { .dependencies }

atheris { .dependency }

Provides coverage-guided fuzzing with data flow tracing capabilities to help discover magic numbers and strings through comparison tracking.

@satisfied-by

Install with Tessl CLI

npx tessl i tessl/pypi-atheris

evals

scenario-10

rubric.json

task.md

tile.json