Documentation
¶
Overview ¶
Package dranzer parses the plain-text report produced by the CERT/CC dranzer tool (https://github.com/CERTCC/dranzer), which fuzz-tests ActiveX/COM controls. Dranzer has no machine-readable output mode and its format is undocumented, so the parser is intentionally tolerant: it extracts the structure it recognizes (the run summary, per-object metadata and error findings) and always preserves the full original text in Raw so a policy can fall back to string matching.
Real dranzer reports are emitted in the system's ANSI code page rather than UTF-8, so the parser sanitizes invalid byte sequences instead of rejecting them.
Index ¶
Constants ¶
const ToolName = "dranzer"
ToolName is the canonical tool name recorded for dranzer materials.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Finding ¶
type Finding struct {
CLSID string `json:"clsid,omitempty"`
ClassName string `json:"class_name,omitempty"`
Method string `json:"method,omitempty"`
ErrorCode string `json:"error_code,omitempty"`
ErrorMessage string `json:"error_message,omitempty"`
Address string `json:"address,omitempty"`
AccessType string `json:"access_type,omitempty"`
}
Finding is a single error reported against a COM object during the run. The header failure blocks populate CLSID/ClassName/ErrorCode/ErrorMessage; the inline access-violation and exception blocks additionally populate Method, Address and AccessType.
type Object ¶
type Object struct {
CLSID string `json:"clsid,omitempty"`
Description string `json:"description,omitempty"`
Metadata map[string]string `json:"metadata,omitempty"`
}
Object is a single COM/ActiveX control described in the report, with its version/identity metadata. Only the per-object test modes (e.g. -t) emit these blocks; summary-only modes (-b/-p/-s) leave Objects empty.
type Report ¶
type Report struct {
Tool Tool `json:"tool"`
Objects []Object `json:"objects"`
Findings []Finding `json:"findings"`
Summary Summary `json:"summary"`
Raw string `json:"raw"`
}
Report is the structured projection of a dranzer run.
func Parse ¶
Parse converts a dranzer text report into a Report. Real reports are emitted in the system ANSI code page, so invalid UTF-8 byte sequences are sanitized rather than rejected; parsing therefore never fails on well-formed reports. Unrecognized content is preserved in the top-level Raw field.
func (*Report) LooksLikeDranzer ¶
LooksLikeDranzer reports whether the parsed report resembles genuine dranzer output. It is deliberately lenient: the test-engine version banner, a parsed object or finding, or the recognizable run-summary line is enough.
type Summary ¶
type Summary struct {
ObjectCount int `json:"object_count"`
KillBit int `json:"kill_bit_count"`
Passed int `json:"passed_count"`
Failed int `json:"failed_count"`
Hung int `json:"hung_count"`
Counters map[string]int `json:"counters,omitempty"`
}
Summary holds the run-level counters dranzer prints in every report. The well-known counters are exposed as explicit fields for convenient policy access; every "Number of ..." line is also recorded verbatim (normalized to a snake_case key) in Counters so mode-specific counters are not lost.
Source Files