Show Findings
If CI Fuzz encounters Findings during a fuzzing run, you can access detailed information about them with
the cifuzz finding command:
cifuzz finding [options] [<name>]
The <name> argument is the name of the Finding created during the fuzzing run, for example adventurous_otter.
This argument is optional. If you specify a Finding, you can access details like the stack trace, the severity and a
description that support you in fixing the issue.
Without a specified Finding, the command prints an overview of all Findings:
Example Findings Overview
➜ cifuzz finding
cifuzz version dev
DATE SEVERITY NAME DESCRIPTION FUZZ TEST LOCATION ASSESSMENT
3m ago 2.0 pragmatic_dove * shift_exponent my_fuzz_test1 src/explore_me.cpp:13:11 n/a
3m ago 4.0 thoughtful_bear * stack_exhaustion my_fuzz_test2 src/explore_me.cpp:28:18 n/a
* = Finding was detected in last fuzzing run
With a specified Finding, the command prints details for the Finding:
Example Finding Details
➜ cifuzz finding thoughtful_bear
cifuzz version dev
┌──────────────────┬──────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Finding │ │
├─────────────────�─┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Name │ thoughtful_bear │
│ Date │ 2024-11-13 12:16:56.83789598 +0100 CET │
│ Type │ stack_exhaustion │
│ Severity │ 4.0 (Medium) │
├──────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Fuzz Test │ my_fuzz_test2 │
│ Location │ exploreMeToo (src/explore_me.cpp:28:18) │
├──────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Error Details │ │
├──────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Name │ Stack Exhaustion │
│ Description │ Stack exhaustion is an error that occurs when the call stack grows beyond the maximum allowed size. │
│ │ Attackers can use it for denial-of-service attacks. Uncontrolled recursion is a common cause for │
│ │ stack exhaustion. Stack exhaustion is also referred to as stack overflow; however, it is not to be │
│ │ confused with stack-based buffer overflows. │
│ Mitigation │ │
├──────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ CWE Name │ Uncontrolled Recursion │
│ CWE Description │ The product does not properly control the amount of recursion which takes place, consuming │
│ │ excessive resources, such as allocated memory or the program stack. │
├──────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ More Information │ CWE: Uncontrolled Recursion: │
│ │ https://cwe.mitre.org/data/definitions/674.html │
└──────────────────┴──────────────────────────────────────────────────────────────────────────────────────────────────────┘
Logs:
[…]
Options
The cifuzz finding command supports the following command specific options:
| Flag | Description |
|---|---|
--fail | Exit program with non-zero status code if Findings have been found in the last fuzzing run. Can be combined with --min-severity. |
-f, --format <string> | Output format of the Findings report: "json","sarif","csv". |
--interactive | Toggle interactive prompting in the terminal (default true) |
--json | Print output as JSON. |
--min-severity <string> | Minimum severity of Findings: "low", "medium", "high" or "critical" Command will exit with status code 99 if Finding with matching severity was detected. Findings with lower severity are marked as a warning. |
-o, --output <string> | Output path of the Findings report. |
--present-findings | List only Findings that were found in the last fuzzing run. |
--project-dir <string> | Path to project root. Defaults to the directory containing the cifuzz.yaml. |
You can find documentation on all supported global options on the "Learn CI Fuzz" page.