ffd55e8d76
There's no misbehavior as a result of this bug due to default argument handling. |
||
---|---|---|
.allstar | ||
.github | ||
bot | ||
configs/test | ||
docker | ||
docs | ||
infra | ||
local | ||
resources | ||
src | ||
.bowerrc | ||
.coveragerc | ||
.gitignore | ||
.pylintrc | ||
.style.yapf | ||
bower.json | ||
butler.py | ||
CHANGELOG.md | ||
cloudbuild.yaml | ||
CONTRIBUTING.md | ||
isort | ||
LICENSE | ||
Pipfile | ||
Pipfile.lock | ||
pyrightconfig.json | ||
README.md |
ClusterFuzz
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software.
Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz.
ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project's development process:
- Highly scalable. Can run on any size cluster (e.g. OSS-Fuzz instance runs on 100,000 VMs).
- Accurate deduplication of crashes.
- Fully automatic bug filing, triage and closing for various issue trackers (e.g. Monorail, Jira).
- Supports multiple coverage guided fuzzing engines (libFuzzer, AFL, AFL++ and Honggfuzz) for optimal results (with ensemble fuzzing and fuzzing strategies).
- Support for blackbox fuzzing.
- Testcase minimization.
- Regression finding through bisection.
- Statistics for analyzing fuzzer performance, and crash rates.
- Easy to use web interface for management and viewing crashes.
- Support for various authentication providers using Firebase.
Overview
Documentation
You can find detailed documentation here.
Trophies
As of February 2023, ClusterFuzz has found ~27,000 bugs in Google (e.g. Chrome). Additionally, ClusterFuzz has helped identify and fix over 8,900 vulnerabilities and 28,000 bugs across 850 projects integrated with OSS-Fuzz.
Getting Help
You can file an issue to ask questions, request features, or ask for help.
Staying Up to Date
We will use clusterfuzz-announce(#)googlegroups.com to make announcements about ClusterFuzz.
ClusterFuzzLite
For a more lightweight version of ClusterFuzz that runs on CI/CD systems, check out ClusterFuzzLite.