Documentation Index
Fetch the complete documentation index at: https://mintlify.com/ispras/casr/llms.txt
Use this file to discover all available pages before exploring further.
casr-dojo uploads CASR crash reports to DefectDojo, an open-source vulnerability management platform. It recursively scans an input directory for .casrep files, deduplicates them against findings already present in DefectDojo, and uploads only genuinely new crashes — along with their GDB supplementary reports and crash seed files — as structured findings with full CASR metadata in the description.
This gives you a single entry point for all crashes analyzed with CASR across multiple targets and fuzzing campaigns.
How It Works
Fill default parameters
casr-dojo reads a TOML configuration file and fills in required DefectDojo
API fields that were not explicitly specified (such as target_start,
target_end, prod_type, engagement_type, and test_type). You can
override any of these defaults in the TOML. The test.test_type field
accepts either an integer ID or a human-readable string name — if a string is
given, casr-dojo will look up or create the corresponding test_type
entity automatically.Get or create product, engagement, and test
Using the names specified in the TOML,
casr-dojo looks up the corresponding
DefectDojo entities. If a product, engagement, or test with the given name
does not yet exist, it is created automatically. This maps naturally to CASR
workflows: the product is the project being fuzzed, the engagement is
the specific fuzz target or CI job, and the test is the fuzzer that found
the crashes.Download existing findings
casr-dojo fetches all active, false-positive, and out-of-scope findings for
the product. This ensures that crashes you have already reviewed (and possibly
marked as false positives or out of scope) are never re-uploaded.Compute report hashes
For each downloaded finding that has an attached CASR report file,
casr-dojo downloads the report and computes its deduplication key:- Non-UBSAN reports — a hash of the filtered stack trace (same algorithm
as
casr-cluster -d) - UBSAN reports — the crash source file and line number
Upload new unique reports
Each local
.casrep file whose hash is not already present in DefectDojo is
uploaded as a new finding. The finding description includes the crash line,
severity classification, command line, OS/architecture info, source fragment,
sanitizer output, and full stack trace. In addition to the .casrep file
itself, casr-dojo uploads:- The
.gdb.casrepfile, if it exists alongside the primary report - The crash seed file (the original fuzzer input that triggered the crash)
TOML Configuration
casr-dojo requires a TOML file that specifies the DefectDojo entities to use.
At minimum, [product] with a name field and [engagement] with a name
field are required. The [test] section is optional and defaults to a test
named "CASR Crash Reports".
[product]
Maps to a DefectDojo product (the project or library being fuzzed).
| Key | Type | Description |
|---|---|---|
name | string | Required. Product name. Used to look up or create the product. |
description | string | Product description. Defaults to the value of name. |
prod_type | integer | Product type ID. Defaults to 1 (R&D). |
[engagement]
Maps to a DefectDojo engagement (a specific fuzzing target or CI job run).
| Key | Type | Description |
|---|---|---|
name | string | Required. Engagement name. Including a timestamp (e.g. from date -Isec) makes each CI run a distinct engagement. |
engagement_type | string | Defaults to "CI/CD". |
target_start | string | Start date (YYYY-MM-DD). Defaults to today. |
target_end | string | End date (YYYY-MM-DD). Defaults to today. |
[test]
Maps to a DefectDojo test (a specific fuzzer or test tool).
| Key | Type | Description |
|---|---|---|
test_type | string or integer | Test type name or ID. If a string is given, casr-dojo looks up or creates the matching test_type. Defaults to "CASR Crash Reports". |
target_start | string | Inherited from [engagement] if not set. |
target_end | string | Inherited from [engagement] if not set. |
environment | integer | Test environment ID. Defaults to 3 (Production). |
Usage
Logging verbosity. Use
debug to see individual finding upload progress and
hash computation details. Possible values: info, debug.Base URL of your DefectDojo instance, e.g.
http://localhost:8080. The tool
appends /api/v2/ automatically.DefectDojo API v2 key. Find or generate this in the DefectDojo web UI under
API v2 Key in your user profile.
Directory to recursively search for
.casrep files. For each .casrep file
found, casr-dojo also looks for a .gdb.casrep file and a crash seed file
(the file with the same name minus the .casrep extension) in the same
location.Deduplication Logic
casr-dojo uses the same deduplication strategy as casr-cluster -d:
- ASAN / MSAN / GDB / Python / Java / JS reports — a filtered stack trace hash is computed. Frames matching CASR’s internal ignore list (standard library internals, fuzzer harness frames, etc.) are stripped before hashing.
- UBSAN reports — the crash source file path and line number are used as the deduplication key.
DefectDojo Quick Start
If you do not already have a DefectDojo instance, spin one up with Docker Compose:http://localhost:8080. Generate an API key
from the admin account’s profile page.
Example Upload
Create the TOML configuration on the fly and upload clustered CASR reports:- A title in the format
[product] [executable] <severity> in <crash line> - A rich description with crash line, severity, ASAN/UBSAN output, stack trace, source fragment, and environment variables
- The
.casrepfile attached asCASR (finding <id>) - The
.gdb.casrepfile attached asCASR GDB (finding <id>), if present - The original crash seed attached as
Crash seed (finding <id>)