Bind on the given IP and port, to listen incoming messages.
Connect to a remote server on the given remote IP and port.
Send a critical (level) message to the broker.
Send a debug message to the broker
Send an error (level) message to the broker.
Send an info (level) message to the broker
Register a callback function on a given message type.
Register callback called when data is received. At the moment data are necessarily AlertData messages.
Register a callback called when an input seed is received from the broker. The callback function take 2 parameters seed type and content.
Register a callback that will be called when a start message will be received. The callback should take 11 parameters.
Register a callback called when the broker send a STOP message. The fuzzing has to stop running and sending data.
Send a message on the socket (thus to the broker). Should only be used as a client (fuzzing agent).
Send information related to the coverage or validation of a specific SAST alert.
Send the hello message to the broker. engines parameter is the list of fuzzing engines that “we” as client support. E.g: Pastisd is meant to be an interface for all engines locally, so it will advertise multiple engines.
@@ -395,7 +395,7 @@Log message to be sent and printed by the broker. All logs received by the broker are logged in a client specific logfile.
@@ -411,7 +411,7 @@Send an input seed to the broker. The typ indicates
the type of the seed, namely, input, crash or hang.
Send a message to the broker indicating, the program has been fully covered in accordance to the coverage criteria (metric).
Send a telemetry message to the broker. These data could be used on the broker side to plot statistics.
Send a message to a given client. Only meant to be used when running as a server.
Send a warning (level) message to the broker.
Bases: NetworkAgent
Bind on the given IP and port, to listen incoming messages.
Connect to a remote server on the given remote IP and port.
Register a callback function on a given message type.
Send a message on the socket (thus to the broker). Should only be used as a client (fuzzing agent).
Send the given input to the client id.
Send a START message to a fuzzing agent with all the parameters it is meant to run with.
Send a stop message to the client.
Send a message to a given client. Only meant to be used when running as a server.
Load a configuration object from file.
Parse a string to a configuration object.
Set a specific target (address, index etc), that should be targeted by the fuzzing engine. This will be used when running in a targeted way.
Serialize configuration object to string.
Function called by the broker with all executable files detected in its directory. As an fuzzer developer, you have to implement this function to indicate whether a file is accepted as a target or not.
@@ -245,7 +245,7 @@List of coverage metrics supported by the fuzzer. If it only
support a single one, it should be CoverageMode.AUTO.
Binary Package representing a given target to fuzz along with its shared libraries and additional files required (cmplog, dictionnary etc.). This object is received by fuzzing agents as part of the START message.
@@ -140,7 +140,7 @@Take a file and try creating a BinaryPackage with it. The exe_file is the main executable file. From that the function will look for quokka, cmplog, dictionary files (in the same directory).
@@ -156,7 +156,7 @@Create a BinaryPackage with all files it can find in the given
directory. The difference with BinaryPackage.auto() is
that all additional files in the directory will be added to the
@@ -173,7 +173,7 @@
Path to the callgraph file if provided.
Path to the complog executable file if provided.
Path the to dictionnary file if provided.
Path to the main executable file to fuzz.
Convert the binary blob received as a BinaryPackage object. If its an archive, extract it and return the list of files. Files are extracted in /tmp. If directly an executable save it to a file and return its path. Also ensure @@ -234,14 +234,14 @@
list of file paths
FileNotFoundError – if the mime type of the binary is not recognized
+FileNotFoundError – if the mime type of the binary is not recognized
Check if the package contains a cmplog file.
Check if the package contains a dictionnary.
Check if the package contains a quokka file.
Indicates that this BinaryPackage only contains the program under test and no additional files such as a Quokka database or a cmplog instrumented binary. This is used in pastis-broker when sending the ‘start’ command to agents.
@@ -282,7 +282,7 @@Pack the BinaryPackage in a zip file.
Name of the executable file
Path to the quokka file if provided.
Create a SASTAlert object from the JSON data provided.
Export the alert attribute to a valid JSON dictionnary that can be written to file.
SAST report. Manages a list of SAST alerts taken from a report.
Add an alert in the report. This function is solely meant to be used by the report parser
Checks if all alerts have been validated (and thus covered)
Parse the given file into a SAST report object.
Parse the given string into a SAST report object.
Get stats about the report. The results is a triple with the number of alerts covered, validated and total.
Iterate all the alerts of the report. :return: list of alerts
Export the current state of the alerts within a JSON dictionnary.
Export the current state of the alerts within a JSON dictionary.
Write the report as a csv into the given file.
Bases: object
Bases: object
AlertData is data message that can be sent from fuzzing agents to the broker to indicates that an alert has been covered or validated.
Convert an AlertData in json to an instance.
Serialize the alert to JSON.
Bases: str, Enum
Bases: str, Enum
Coverage metrics to use. Some fuzzing engines do support multiple coverage metrics, thus the enum indicates the one to use.
Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.
@@ -411,7 +411,7 @@Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. @@ -427,7 +427,7 @@
Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.
@@ -436,21 +436,21 @@Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).
Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).
Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.
@@ -640,7 +640,7 @@Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.
@@ -649,7 +649,7 @@Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.
@@ -731,7 +731,7 @@Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. @@ -841,8 +841,8 @@
Bases: object
Bases: object
Class to represent a fuzzing engine metadata. It contains its name, version and the Python module where to load the descriptor and configuration object.