| Hasnain Lakhani | d274300 | 2025-08-25 14:22:15 -0700 | [diff] [blame] | 1 | # Python Fuzzing README |
| 2 | |
| 3 | The Python Thrift implementation uses Atheris for fuzzing. Atheris is a coverage-guided, in-process fuzzer for Python that integrates with libFuzzer. |
| 4 | |
| 5 | Unlike the C++ implementation, the Python fuzzers are not directly runnable in a local environment. Instead, Atheris generates Python programs that need to be executed through the appropriate build system. |
| 6 | |
| 7 | We currently have several fuzz targets that test different aspects of the Thrift implementation: |
| 8 | |
| 9 | * FuzzParseBinary -- fuzzes the deserialization of the Binary protocol |
| 10 | * FuzzParseBinaryAccelerated -- fuzzes the deserialization of the accelerated Binary protocol |
| 11 | * FuzzParseCompact -- fuzzes the deserialization of the Compact protocol |
| 12 | * FuzzParseCompactAccelerated -- fuzzes the deserialization of the accelerated Compact protocol |
| 13 | * FuzzRoundtripBinary -- fuzzes the roundtrip of the Binary protocol (i.e. serializes then deserializes and compares the result) |
| 14 | * FuzzRoundtripBinaryAccelerated -- fuzzes the roundtrip of the accelerated Binary protocol |
| 15 | * FuzzRoundtripCompact -- fuzzes the roundtrip of the Compact protocol |
| 16 | * FuzzRoundtripCompactAccelerated -- fuzzes the roundtrip of the accelerated Compact protocol |
| 17 | |
| 18 | The fuzzers use Atheris's mutation engine to generate test cases. Each fuzzer implements the standard Atheris interface and uses common testing code from the fuzz test utilities in `fuzz_common.py`. |
| 19 | |
| 20 | For more information about Atheris and its options, see the [Atheris documentation](https://github.com/google/atheris). |
| 21 | |
| 22 | You can also use the corpus generator from the Rust implementation to generate initial corpus files that can be used with these Python fuzzers, since the wire formats are identical between implementations. |