Release Notes¶
18.3.1¶
Summary of changes:
Fixed the way package metadata is accessed to ensure wheel compatibility.
18.3¶
Summary of changes:
New features in the framework:
Support for issue (re-)validation with a new job type (validate).
Support for user-defined event listeners.
Numerous new building blocks in the framework:
fuzzinator.EmailListener: support for sending emails about events, e.g., new issues.fuzzinator.tracker.MonorailReport: support for the Monorail issue tracking system.fuzzinator.call.LldbBacktraceDecorator: support for backtrace info via LLDB.fuzzinator.fuzzer.ByteFlipDecorator: support for adding extra random byte flips to fuzzer results.fuzzinator.fuzzer.FileWriterDecorator: support for writing fuzzer results to files.fuzzinator.call.FileReaderDecorator: support for extracting fuzzer results from files.
Building blocks with extended or changed functionality:
fuzzinator.call.SubprocessCalland.StdinSubprocessCallcan accept 0 exit code as an issue.fuzzinator.call.StreamRegexFilterhas been renamed to.RegexFilterto enable arbitrary filtering of issues, and can match multiple patterns.fuzzinator.call.StreamMonitoredSubprocessCallregex patterns are multiline.fuzzinator.fuzzer.AFLRunnersupports AFL’s master and slave concepts.fuzzinator.fuzzer.ListDirectoryworks with a glob pattern instead of a simple directory name to collect test cases.fuzzinator.fuzzer.SubprocessRunnerand.ListDirectorycan work both as file content generators and as file path generators.fuzzinator.update.TimestampUpdateConditionsupports time intervals longer than 24 hours.All Popen-based subprocess-executing building blocks (
fuzzinator.call.StdinSubprocessCall,.StreamMonitoredSubprocessCall,.SubprocessCall,.SubprocessPropertyDecorator,.TestRunnerSubprocessCall,fuzzinator.fuzzer.SubprocessRunner, andfuzzinator.update.SubprocessUpdate) have timeout support and avoid shell invocation.fuzzinator.reduce.Picirehas been updated to use Picire 18.1.fuzzinator.reduce.Picirenyhas been updated to use Picireny 18.2.All reporters (
fuzzinator.tracker.MonorailReport,.BugzillaReport,.GithubReport) have been changed to use format string syntax ({key}) instead of template syntax ($key) in their report templates, and all handle missing keys gracefully.
TUI improvements:
Support for simpler custom color schemes.
More convenient bug report editor.
Support for both text and binary copying of test cases to the clipboard.
Support for declaring bug duplicates manually.
New and improved dialogs (about dialog, closing of dialogs).
Improved event handling (responsivity, updated issues, invalid issues).
General usability improvements:
More flexible configuration format enabling config sections to be split across multiple files, and keys to have no value.
Support for command line arguments specified in list files to help with config file fragments.
Useful command line argument aliases and new arguments (appearance, verbosity, Python interpreter limits, fuzz session length).
Under-the-hood improvements:
Improved logging.
Added testing infrastructure: unit testing of SUT calls, fuzzers, and SUT updaters via tox; continuous testing via Travis and AppVeyor CI services.
Added documentation: out-of-sources tutorial and auto-generated API docs via Sphinx; online documentation hosting on Read-the-Docs.
Various bug fixes and refactorings (in core components, in building blocks, and in user interfaces).
16.10¶
First public release of the Fuzzinator Random Testing Framework.
Summary of main features:
Core scheduler/controller of fuzzing-related jobs (update, fuzz, reduce).
MongoDB-based issue repository.
Extensible framework with predefined building blocks for invoking SUTs, detecting issues, and determining uniqueness; for generating test cases and transporting them to SUTs; for minimizing issue-triggering tests; and for keeping SUTs under development up-to-date.
Configurability via INI files.
CLI and Urwid-based TUI.