Analyser: Additional parameter for easy-params-far-reach api porting (#…

…2046)

Analyser: Porting easy-params-far-reach from webapp to separate analyser

Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>

src/fuzz_introspector/analyses/far_reach_low_coverage_analyser.py

@@ -70,17 +70,23 @@ def set_json_string_result(self, string):
 
     def set_flags(self, exclude_static_functions: bool,
                   only_referenced_functions: bool, only_header_functions: bool,
-                  only_interesting_functions: bool):
+                  only_interesting_functions: bool,
+                  only_easy_fuzz_params: bool):
         """Configure the flags from the CLI."""
         self.exclude_static_functions = exclude_static_functions
         self.only_referenced_functions = only_referenced_functions
         self.only_header_functions = only_header_functions
         self.only_interesting_functions = only_interesting_functions
+        self.only_easy_fuzz_params = only_easy_fuzz_params
 
     def set_max_functions(self, max_functions: int):
         """Configure the max functions to return from CLI."""
         self.max_functions = max_functions
 
+    def set_min_complexity(self, min_complexity: int):
+        """Configure the min complexity of functions to return from CLI."""
+        self.min_complexity = min_complexity
+
     def set_introspection_project(
             self, introspection_project: analysis.IntrospectionProject):
         """Configure the introspection project wrapper for retrieving
@@ -110,9 +116,12 @@ def standalone_analysis(self,
             'only_referenced_functions: %s, '
             'only_header_functions: %s, '
             'only_interesting_functions: %s, '
-            'max_functions: %d', self.exclude_static_functions,
-            self.only_referenced_functions, self.only_header_functions,
-            self.only_interesting_functions, self.max_functions)
+            'only_easy_fuzz_params: %s, '
+            'min_complexity: %d, max_functions: %d',
+            self.exclude_static_functions, self.only_referenced_functions,
+            self.only_header_functions, self.only_interesting_functions,
+            self.only_easy_fuzz_params, self.min_complexity,
+            self.max_functions)
 
         result_list: List[Dict[str, Any]] = []
 
@@ -156,6 +165,11 @@ def standalone_analysis(self,
                         function)):
                 continue
 
+            # Check for functions with easy fuzz parameters
+            if (self.only_easy_fuzz_params
+                    and not self._is_function_with_easy_fuzz_params(function)):
+                continue
+
             result_list.append(
                 function.to_dict(
                     proj_profile.get_func_hit_percentage(
@@ -201,8 +215,15 @@ def _get_functions_of_interest(
             coverage = proj_profile.get_func_hit_percentage(
                 function.function_name)
 
-            if coverage < 20.0:
-                filtered_functions.append(function)
+            # Skip high coverage
+            if coverage > 20.0:
+                continue
+
+            # Skip low complexity by configured value
+            if function.cyclomatic_complexity < self.min_complexity:
+                continue
+
+            filtered_functions.append(function)
 
         # Sort the filtered functions
         filtered_functions.sort(key=lambda x: (
@@ -236,3 +257,17 @@ def _is_interesting_function_with_fuzz_keywords(
             return True
 
         return False
+
+    def _is_function_with_easy_fuzz_params(
+            self, function: function_profile.FunctionProfile) -> bool:
+        """Internal helper to determine if the function only contains
+        parameters that are easy to fuzz."""
+        if len(function.arg_types) == 2:
+            return ('char *' in function.arg_types[0]
+                    and 'int' in function.arg_types[1])
+
+        if len(function.arg_types) == 1:
+            return ('char *' in function.arg_types[0]
+                    or 'string' in function.arg_types[0])
+
+        return False

src/fuzz_introspector/cli.py

@@ -207,11 +207,21 @@ def get_cmdline_parser() -> argparse.ArgumentParser:
         action='store_true',
         help=('Excluding functions without interesting fuzz keywords, like'
               'parse or deserialise'))
+    far_reach_low_coverage_analyser_parser.add_argument(
+        '--only-easy-fuzz-params',
+        action='store_true',
+        help=('Only include functions with easy fuzz parameters, like char*'
+              'int, or string'))
     far_reach_low_coverage_analyser_parser.add_argument(
         '--max-functions',
         default=30,
         type=int,
         help='The max number of functions returned by this analysis.')
+    far_reach_low_coverage_analyser_parser.add_argument(
+        '--min-complexity',
+        default=0,
+        type=int,
+        help='The min cyclomatic complexity of the functions returned.')
     far_reach_low_coverage_analyser_parser.add_argument(
         '--target-dir',
         type=str,

src/fuzz_introspector/commands.py

@@ -250,15 +250,19 @@ def analyse(args) -> int:
         only_referenced_functions = args.only_referenced_functions
         only_header_functions = args.only_header_functions
         only_interesting_functions = args.only_interesting_functions
+        only_easy_fuzz_params = args.only_easy_fuzz_params
         max_functions = args.max_functions
+        min_complexity = args.min_complexity
 
         introspection_proj.load_debug_report(out_dir)
 
         target_analyser.set_flags(exclude_static_functions,
                                   only_referenced_functions,
                                   only_header_functions,
-                                  only_interesting_functions)
+                                  only_interesting_functions,
+                                  only_easy_fuzz_params)
         target_analyser.set_max_functions(max_functions)
+        target_analyser.set_min_complexity(min_complexity)
         target_analyser.set_introspection_project(introspection_proj)
 
     # Run the analyser