Ronald Eytchison
Ronald Eytchison
Configure the number of context gathering iterations and PoV writing retries to enable more extensive vulnerability discovery. Also potentially add context gathering steps during PoV writing retries.
Add configuration options for when Buttercup is tasked with analyzing a single project (or even a single harness) for an extended time.
When submitting PoVs to the crash queue, there should be metadata to track if the PoV origin is the fuzzer or seed-gen. This would make it easier to understand the...
In seed-gen tasks, the context gathering step occurs a fixed number of times, e.g. for seed-explore it's specified here: https://github.com/trailofbits/buttercup/blob/993fa2241af5eb9b8532b9d5f36b942c5668f4ba/seed-gen/src/buttercup/seed_gen/seed_explore.py#L32 The agent sometimes stops making context gathering tool calls, e.g....
The fuzzer-bot only uses libfuzzer and jazzer. However, there are other standard OSS-Fuzz fuzzers: https://google.github.io/oss-fuzz/getting-started/new-project-guide/#fuzzing_engines. OSS-Fuzz recommends running all of them, Additionally libfuzzer has drawbacks, including it stops on finding...
Seed-gen currently copies seeds to the node-local corpus and remote corpus: https://github.com/trailofbits/buttercup/blob/993fa2241af5eb9b8532b9d5f36b942c5668f4ba/seed-gen/src/buttercup/seed_gen/seed_gen_bot.py#L242 This bypasses the merger-bot, which means that all seed-gen seeds are copied, instead of only the ones which...