Show Findings

If CI Fuzz encountered Findings during a fuzzing run, you can access detailed information about them with the cifuzz finding command:

cifuzz finding [options] [<name>]

The <name> argument is the name of the Finding created during the fuzzing run, for example adventurous_otter. This argument is optional. If you specify a Finding, you can access details like the stack trace, the severity and a description that support you in fixing the issue.

Without a specified Finding, the command prints an overview of all Findings:

Example Findings Overview
➜ cifuzz finding
cifuzz version dev

 DATE     SEVERITY   NAME                DESCRIPTION        FUZZ TEST       LOCATION                   ASSESSMENT
 3m ago   2.0        pragmatic_dove *    shift_exponent     my_fuzz_test1   src/explore_me.cpp:13:11   n/a
 3m ago   4.0        thoughtful_bear *   stack_exhaustion   my_fuzz_test2   src/explore_me.cpp:28:18   n/a

 * = Finding was detected in last fuzzing run

With a specified Finding, the command prints details for the Finding:

Example Finding Details
➜ cifuzz finding thoughtful_bear
cifuzz version dev
┌──────────────────┬──────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Finding          │                                                                                                      │
├──────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Name             │ thoughtful_bear                                                                                      │
│ Date             │ 2024-11-13 12:16:56.83789598 +0100 CET                                                               │
│ Type             │ stack_exhaustion                                                                                     │
│ Severity         │ 4.0 (Medium)                                                                                         │
├──────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Fuzz Test        │ my_fuzz_test2                                                                                        │
│ Location         │ exploreMeToo (src/explore_me.cpp:28:18)                                                              │
├──────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Error Details    │                                                                                                      │
├──────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Name             │ Stack Exhaustion                                                                                     │
│ Description      │ Stack exhaustion is an error that occurs when the call stack grows beyond the maximum allowed size.  │
│                  │ Attackers can use it for denial-of-service attacks. Uncontrolled recursion is a common cause for     │
│                  │ stack exhaustion. Stack exhaustion is also referred to as stack overflow; however, it is not to be   │
│                  │ confused with stack-based buffer overflows.                                                          │
│ Mitigation       │                                                                                                      │
├──────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ CWE Name         │ Uncontrolled Recursion                                                                               │
│ CWE Description  │ The product does not properly control the amount of recursion which takes place, consuming           │
│                  │ excessive resources, such as allocated memory or the program stack.                                  │
├──────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ More Information │ CWE: Uncontrolled Recursion:                                                                         │
│                  │ https://cwe.mitre.org/data/definitions/674.html                                                      │
└──────────────────┴──────────────────────────────────────────────────────────────────────────────────────────────────────┘
Logs:
[…]

Options

The cifuzz finding command supports the following command specific options:

Flag	Description
`--fail`	Exit program with non-zero status code when Findings are present. Can be combined with `--min-severity`.
`-f, --format <format>`	Output format of the Findings report: `csv`, `json` or `sarif`. See Data Export for more information about how to use the SARIF format to generate Code Scanning reports.
`--interactive`	Toggle interactive prompting in the terminal (default `true`).
`--json`	Print output as JSON, short for `--format json`.
`--min-severity <severity>`	Minimum severity of Findings. If a Finding was found with this severity or higher, the process will exit with status code 99. Possible values are: `low`, `medium`, `high` or `critical`. Can only be used together with `--fail`
`-o, --output <filename>`	Specify filename for the output to be written to. If this option is not set, the output will be written to `stdout`.
`--present-findings`	Print only present Findings, i.e., those that were found in the last run.
`--project-dir <dir>`	The project root which is the parent for all the project sources Defaults to the directory containing the `cifuzz.yaml`.

You can find all supported global options on the "Learn CI Fuzz" page.

Options​

Options