Skip to content

Managing Results

Jump to bottom
Tyson Smith edited this page Nov 20, 2024 · 9 revisions

Basic Structure

By default Grizzly will output all fuzzing results to the filesystem. Results can be found in <log_path>/results/ (replay and reduce behave differently). Log path is set via -o and defaults to '.'. The directory structure looks like this:

  • ./results/ <-- base directory
    • 4898abe4c507fae7dd438f5cc343725489723181 <-- bucket directory
      • bbc9e1db_2019-11-26_15-40-04-0 <-- test case directory (containing test files)
        • test_0215.html
        • test_info.json
        • prefs.js
      • bbc9e1db_2019-11-26_15-40-04_logs <-- log directory (containing log files)
        • log_minidump_01.txt
        • log_stderr.txt
        • log_stdout.txt
      • bbc9e1db_2019-11-26_17-33-23-0
        • test_1215.html
        • test_info.json
        • prefs.js
      • bbc9e1db_2019-11-26_17-33-23_logs
        • log_minidump_01.txt
        • log_stderr.txt
        • log_stdout.txt
    • NO_STACK
      • 0_2019-11-26_09-30-21-0
        • cleanup.js
        • prefs.js
        • test_0005.html
        • test_info.json

The base ./results directory contains bucket directories and each bucket contains a test case directory (<HASH>_<DATE>-<#>) and a logs (<HASH>_<DATE>-logs) for each result in the bucket.

The buckets are based on the stack of a result to group reports together. Note the bucketing is not perfect so you may end up with multiple buckets per result sometimes.

In this example we have two buckets 4898abe... and NO_STACK. NO_STACK is a catch-all for reports that don't have a stack. In bucket 4898abe... we have two reports bbc9e1db_2019-11-26_15-40-04* and bbc9e1db_2019-11-26_17-33-23* and each report has a log and a test case directory. The test case can be reduced using Grizzly Reduce.

Reporting

Reporting issues in Firefox is done via Bugzilla. When reporting security bugs be sure to review the security bug bounty program. Of course all bugs are welcome and appreciated.

A standalone test case with the appropriate logs is ideal when logging a bug. If unsure what to include or a standalone test is not available create a zip archive containing the log directory and test case directory of a result and attach it to the bug report.

Bonus: Adding grizzly to the Blocks: field in Bugzilla (click Show Advanced Fields when logging a new issue) will help Grizzly developers plan and improve Grizzly in the future. See here for a list of what has been found so far.

Clone this wiki locally