[Feature-request] Triaging the crashes #3
Description
The current behavior is to stop on the first crash. A feature that allows the user to capture all crashes could be useful.
A possible workaround is to catch all the exceptions, save them in a set, for example, and do the triage there.
I think it would be interesting to have pythonfuzz the capability to (1) record more than one crash, (2) indicate if the crash falls into the exploitable, probably exploitable, probably not exploitable, or unknown categories, and (3) give a rank of exploitability.
(4) It could be interesting to generate a ready-to-execute python file with the crash.
Example: While fuzzing beautifulsoup, I found the following crash:
File "/usr/lib/python3.6/_markupbase.py", line 160, in parse_marked_section
if not match:
UnboundLocalError: local variable 'match' referenced before assignment
crash was written to crash-f418412614989b460f037a19c290c98712347bfe05b11d98b817baea6d18c431
crash = 3c215b661b00
Here is an example of ready-to-execute python file.
from bs4 import BeautifulSoup
from pythonfuzz.main import PythonFuzz
def execute_crash(payload):
soup = BeautifulSoup(payload, 'html.parser')
if __name__ == '__main__':
hex_payload = "3c215b661b00"
str_payload = bytes.fromhex(hex_payload).decode("ascii")
execute_crash(str_payload)(5) Bonus points could be to have an exploit code generated by pythonfuzz. :)
For your information, the crash has been reported in 2018. It looks like nobody care...