Struct libafl_bolts::cli::FuzzerOptions

source · 
pub struct FuzzerOptions {
Show 31 fields
    pub timeout: Duration,
    pub verbose: bool,
    pub stdout: String,
    pub configuration: String,
    pub asan: bool,
    pub asan_cores: Cores,
    pub iterations: usize,
    pub harness: Option<PathBuf>,
    pub harness_function: String,
    pub libs_to_instrument: Vec<String>,
    pub cmplog: bool,
    pub cmplog_cores: Cores,
    pub detect_leaks: bool,
    pub continue_on_error: bool,
    pub allocation_backtraces: bool,
    pub max_allocation: usize,
    pub max_total_allocation: usize,
    pub max_allocation_panics: bool,
    pub disable_coverage: bool,
    pub drcov: bool,
    pub disable_excludes: bool,
    pub dont_instrument: Vec<(String, usize)>,
    pub qemu_args: Vec<String>,
    pub tokens: Vec<PathBuf>,
    pub input: Vec<PathBuf>,
    pub output: PathBuf,
    pub cores: Cores,
    pub broker_port: u16,
    pub remote_broker_addr: Option<SocketAddr>,
    pub replay: Option<PathBuf>,
    pub repeat: Option<usize>,

}
Expand description

Top-level container for cli options/arguments/subcommands

Fields§

§timeout: Duration

Timeout for each target execution (milliseconds)

§verbose: bool

Whether or not to print debug info

§stdout: String

File to which all client output should be written

§configuration: String

The name of the configuration to use

§asan: bool

Enable Address Sanitizer (ASan)

§asan_cores: Cores

Enable ASan on each of the provided cores. Use ‘all’ to select all available cores. ‘none’ to run a client without binding to any core. ex: ‘1,2-4,6’ selects the cores 1, 2, 3, 4, and 6.

§iterations: usize

Number of fuzz iterations to perform

§harness: Option<PathBuf>

Path to the harness

§harness_function: String

Harness function to call

§libs_to_instrument: Vec<String>

Additional libraries to instrument

§cmplog: bool

Enable CmpLog instrumentation

§cmplog_cores: Cores

Enable CmpLog on each of the provided cores. Use ‘all’ to select all available cores. ‘none’ to run a client without binding to any core. ex: ‘1,2-4,6’ selects the cores 1, 2, 3, 4, and 6.

§detect_leaks: bool

Enable ASan leak detection

§continue_on_error: bool

Instruct ASan to continue after a memory error is detected

§allocation_backtraces: bool

Instruct ASan to gather (and report) allocation-/free-site backtraces

§max_allocation: usize

The maximum size that the ASan allocator should allocate

§max_total_allocation: usize

The maximum total allocation size that the ASan allocator should allocate

§max_allocation_panics: bool

Instruct ASan to panic if the max ASan allocation size is exceeded

§disable_coverage: bool

Disable coverage

§drcov: bool

Enable DrCov (aarch64 only)

§disable_excludes: bool

Disable stalker.exclude() if true It’s better to disable this on Windows or your harness uses c++ exception handling See https://github.com/AFLplusplus/LibAFL/issues/830

§dont_instrument: Vec<(String, usize)>

Locations which will not be instrumented for ASan or coverage purposes (ex: mod_name@0x12345)

§qemu_args: Vec<String>

Trailing arguments (after “--”); can be passed directly to QEMU

§tokens: Vec<PathBuf>

Paths to fuzzer token files (aka ‘dictionaries’)

§input: Vec<PathBuf>

Input corpus directories

§output: PathBuf

Output solutions directory

§cores: Cores

Spawn a client in each of the provided cores. Use ‘all’ to select all available cores. ‘none’ to run a client without binding to any core. ex: ‘1,2-4,6’ selects the cores 1, 2, 3, 4, and 6.

§broker_port: u16

Port on which the broker should listen

§remote_broker_addr: Option<SocketAddr>

ip:port where a remote broker is already listening

§replay: Option<PathBuf>

Path to file that should be sent to the harness for crash reproduction

§repeat: Option<usize>

Run the same replay input multiple times

Implementations§

source§

impl FuzzerOptions

source

pub fn with_subcommand(mode: Command) -> Command

Given an App, add it to FuzzerOptions as a subcommand and return the resulting App

Examples
use clap::{App, IntoApp, Parser};
use libafl_bolts::cli::FuzzerOptions;

fn custom_func(_: &str) {}  // not relevant; just for illustrative purposes

#[derive(Parser, Debug)]
#[arg(name = "custom")]  // the name of the new subcommand
struct CustomFooParser {
    /// a very cromulent option
    #[arg(short, long)]
    bar: String,
}

fn main() {
    // example command line invocation:
    // ./path-to-bin custom --bar stuff

    // clap's builder syntax to define the parser would be fine as well, but here we
    // show the derive option
    let cmd: App = CustomFooParser::into_app();

    // `with_subcommand` takes an `App`, and returns an `App`
    let parser = FuzzerOptions::with_subcommand(cmd);

    // use the `App` to parse everything
    let matches = parser.get_matches();

    // process the results
    if let Some(("custom", sub_matches)) = matches.subcommand() {
        custom_func(sub_matches.get_one::<String>("bar").unwrap())
    }

    log::info!("{:?}", matches);
}

Trait Implementations§

source§

impl Args for FuzzerOptions

source§

fn group_id() -> Option<Id>

Report the [ArgGroup::id][crate::ArgGroup::id] for this set of arguments
source§

fn augment_args<'b>(__clap_app: Command) -> Command

Append to [Command] so it can instantiate Self. Read more
source§

fn augment_args_for_update<'b>(__clap_app: Command) -> Command

Append to [Command] so it can update self. Read more
source§

impl Clone for FuzzerOptions

source§

fn clone(&self) -> FuzzerOptions

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl CommandFactory for FuzzerOptions

source§

fn command<'b>() -> Command

Build a [Command] that can instantiate Self. Read more
source§

fn command_for_update<'b>() -> Command

Build a [Command] that can update self. Read more
source§

impl Debug for FuzzerOptions

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl<'de> Deserialize<'de> for FuzzerOptions

source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
source§

impl FromArgMatches for FuzzerOptions

source§

fn from_arg_matches(__clap_arg_matches: &ArgMatches) -> Result<Self, Error>

Instantiate Self from [ArgMatches], parsing the arguments as needed. Read more
source§

fn from_arg_matches_mut( __clap_arg_matches: &mut ArgMatches ) -> Result<Self, Error>

Instantiate Self from [ArgMatches], parsing the arguments as needed. Read more
source§

fn update_from_arg_matches( &mut self, __clap_arg_matches: &ArgMatches ) -> Result<(), Error>

Assign values from ArgMatches to self.
source§

fn update_from_arg_matches_mut( &mut self, __clap_arg_matches: &mut ArgMatches ) -> Result<(), Error>

Assign values from ArgMatches to self.
source§

impl Parser for FuzzerOptions

§

fn parse() -> Self

Parse from std::env::args_os(), exit on error
§

fn try_parse() -> Result<Self, Error>

Parse from std::env::args_os(), return Err on error.
§

fn parse_from<I, T>(itr: I) -> Self
where I: IntoIterator<Item = T>, T: Into<OsString> + Clone,

Parse from iterator, exit on error
§

fn try_parse_from<I, T>(itr: I) -> Result<Self, Error>
where I: IntoIterator<Item = T>, T: Into<OsString> + Clone,

Parse from iterator, return Err on error.
§

fn update_from<I, T>(&mut self, itr: I)
where I: IntoIterator<Item = T>, T: Into<OsString> + Clone,

Update from iterator, exit on error
§

fn try_update_from<I, T>(&mut self, itr: I) -> Result<(), Error>
where I: IntoIterator<Item = T>, T: Into<OsString> + Clone,

Update from iterator, return Err on error.
source§

impl Serialize for FuzzerOptions

source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<Tail, T> Prepend<T> for Tail

§

type PreprendResult = Tail

The Resulting TupleList, of an Prepend::prepend() call, including the prepended entry.
source§

fn prepend(self, value: T) -> (T, <Tail as Prepend<T>>::PreprendResult)

Prepend a value to this tuple, returning a new tuple with prepended value.
source§

impl<T> Serialize for T
where T: Serialize + ?Sized,

source§

fn erased_serialize(&self, serializer: &mut dyn Serializer) -> Result<Ok, Error>

source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

source§

impl<T> Ungil for T
where T: Send,