This book and its code use numbered versioning. The version numbers correspond to the version numbers in the Python pip package.
This is the version we are preparing for the next release (e.g. what you get when you check out the latest version from the GitHub repo). Major changes will show up here as we make them.
Coverage
class would prefix covered code with #
, rather than uncovered code as should be. This has been fixed.For announcements, we now use Mastodon (@TheFuzzingBook@mastodon.social) instead of X. Follow us on Mastodon!
We have a new chapter on Fuzzing with Constraints in which we introduce the ISLa constraint language / fuzzer / parser.
We have a new chapter on Compiler Testing in which we use grammars to generate, parse, and evolve Python code.
We now regularly test our code on various Python versions.
For development, we recommend Python 3.10 or 3.11.
We fixed several typos throughout the book, using the awesome LTeX grammar/spell checker
ProbabilisticGrammarMiner
now properly handles empty expansions (Issue #154) - thanks to Martin Eberlein!
The chapter on Fuzzing now has a more detailed computation of the probability of deleting your home directory. Thanks to mhamami-abuomar!
We no longer support fuzzingbook
DockerHub images.
Changes since 1.0:
Changes and fixes since 1.0.7:
Fuzzer.runs()
now returns a list comprehension instead of a list (Issue #106)selenium
has been updated to the latest version.FasterGrammarFuzzer
(Issue #130) - thanks to CuriousGeorgiy!WebFuzzer
constructor now allows using a subclass of HTMLGrammarMiner
.GUIFuzzer
constructor now allows using a subclass of GUIGrammarMiner
.z3-solver
(Issue #115)OptionGrammarMiner
will now capture args from external Python scripts that are protected by if __name__ == '__main__'
AdvancedSymbolicFuzzer
is now named SymbolicFuzzer
plain and simple. (AdvancedSymbolicFuzzer
still works as an alias).Happy new year!
ConcolicTracer.zeval()
method.ExpectTimeout
class is now much more performantAFLGoSchedule
and AFLFastSchedule
classes in the chapter on greybox fuzzing.mypy
static type checks.Coverage
class now supports function_names()
and __repr__()
methods. Its __exit__()
method is no longer included in coverage.astor
and enforce
we depended upon (and now don't anymore).fuzzingbook
pip package (Issue #44 in debuggingbook
) such that pip install fuzzingbook
also installs all the packages it depends upon. Thanks to @TheSilvus for reporting this!numpy.random
rather than Python random
, resulting in, well, random results every time we'd build the book. This is now fixed, and more consistent.bookutils
module is now shared with the debuggingbook
project; some (hopefully neutral) fixes.fuzzingbook_utils
module used by notebooks is now renamed to bookutils
. Code and notebooks using fuzzingbook_utils
may still work, but will issue a deprecation warning.First numbered fuzzingbook release.
Before switching to numbered releases, new chapters were coming out every Tuesday.
After all chapters were out, we switched to a release-based schedule, with numbered minor and major releases coming out when they are ready.