code-intelligence.com/cifuzz@v0.40.0/docs/How-To-Write-A-Fuzz-Test.md

code-intelligence.com/cifuzz@v0.40.0/docs/How-To-Write-A-Fuzz-Test.md (about)

     1  # How to write a fuzz test
     2  
     3  ## Setup
     4  
     5  ### CMake
     6  
     7  When using `cifuzz init` and `cifuzz create` the commands will tell you
     8  which manual steps are necessary to use the cifuzz CMake integration inside
     9  your existing project. Usually you also have to add instructions in your
    10  CMakeLists.txt file to link the fuzz test with the software under test
    11  (e.g. use the `target_link_libraries directive`).
    12  
    13  The `add_fuzz_test` directive can be treated just like `add_executable`:
    14  
    15  ```
    16  add_fuzz_test(my_fuzz_test my_fuzz_test.cpp)
    17  
    18  target_link_libraries(my_fuzz_test my_library)
    19  target_compile_definitions(my_fuzz_test PRIVATE MY_DEFINE=foo)
    20  ```
    21  
    22  More detailed information can be found in the [CMake reference](../cmake/Reference.md).
    23  
    24  ## How to convert/cast the fuzzer data into the data types you need
    25  
    26  You might have to convert/cast the input parameters to other types to call your
    27  functions. A useful tool for this is The
    28  [FuzzedDataProvider](https://github.com/google/fuzzing/blob/master/docs/split-inputs.md#fuzzed-data-provider).
    29  
    30  <details>
    31  <summary>C/C++</summary>
    32  
    33  An example can look like this:
    34  
    35  ```cpp
    36  #include <cifuzz/cifuzz.h>
    37  #include <fuzzer/FuzzedDataProvider.h>
    38  
    39  FUZZ_TEST_SETUP() {}
    40  
    41  FUZZ_TEST(const uint8_t *data, size_t size) {
    42  
    43    FuzzedDataProvider fuzzed_data(data, size);
    44    int my_int = fuzzed_data.ConsumeIntegral<int8_t>();
    45    std::string my_string = fuzzed_data.ConsumeRandomLengthString();
    46  
    47    myFunction(my_int, my_string);
    48  }
    49  ```
    50  
    51  </details>
    52  
    53  <details>
    54  <summary>Java</summary>
    55  For Java, you can use the FuzzedDataProvider which is part of the Jazzer API
    56  package that is automatically downloaded by maven/gradle respectively if set up
    57  properly after cifuzz init.
    58  
    59  An example can look like this:
    60  
    61  ```java
    62  import com.code_intelligence.jazzer.api.FuzzedDataProvider;
    63  import com.code_intelligence.jazzer.junit.FuzzTest;
    64  
    65  public class FuzzTestCase {
    66      @FuzzTest
    67      void myFuzzTest(FuzzedDataProvider data) {
    68          int a = data.consumeInt();
    69          int b = data.consumeInt();
    70          String c = data.consumeRemainingAsString();
    71  
    72          myFunction(a, b, c);
    73      }
    74  }
    75  ```
    76  
    77  </details>
    78  
    79  <details>
    80  <summary>Node.js</summary>
    81  
    82  A javascript example can look like this:
    83  
    84  ```javascript
    85  const { FuzzedDataProvider } = require("@jazzer.js/core");
    86  
    87  test.fuzz("My fuzz test", data => {
    88  	const fuzzed_data = new FuzzedDataProvider(data);
    89  	const a = fuzzed_data.consumeNumber();
    90  	const b = fuzzed_data.consumeNumber();
    91  	const c = fuzzed_data.consumeString(8);
    92  
    93  	myFunction(a, b, c);
    94  });
    95  ```
    96  
    97  A typescript example can look like this:
    98  
    99  ```typescript
   100  import { exploreMe } from "./ExploreMe";
   101  
   102  test.fuzz("My fuzz test", (data: Buffer) => {
   103  	const fuzzed_data: FuzzedDataProvider = new FuzzedDataProvider(data);
   104  	const a: number = fuzzed_data.consumeNumber();
   105  	const b: number = fuzzed_data.consumeNumber();
   106  	const c: string = fuzzed_data.consumeString(8);
   107  
   108  	myFunction(a, b, c);
   109  });
   110  ```
   111  
   112  </details>