- Notifications
You must be signed in to change notification settings - Fork32
Coverage-guided, in-process fuzzing for Node.js
License
CodeIntelligenceTesting/jazzer.js
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Important
Hello Jazzer/Jazzer.js users!
We stopped maintaining Jazzer/Jazzer.js as open source. But we'd be happy totry and understand what you're trying to achieve with it, and help you if wecan!
We already added significant new value to our CI Fuzz solution, which includesJazzer and Jazzer.js. You can see more here atcode-intelligence.com, or get in contact withus viasales@code-intelligence.com
Thanks,
The Code Intelligence team
Jazzer.js is a coverage-guided, in-process fuzzer for theNode.js platform developed byCode Intelligence. It is based onlibFuzzer and brings many of itsinstrumentation-powered mutation features to the JavaScript ecosystem.
To use Jazzer.js in your own project follow these few simple steps:
Add the
@jazzer.js/coredev-dependencynpm install --save-dev @jazzer.js/core
Create a fuzz target invoking your code
// file "FuzzTarget.js"module.exports.fuzz=function(data/*: Buffer */){constfuzzerData=data.toString();myAwesomeCode(fuzzerData);};
Start the fuzzer using the fuzz target
npx jazzer FuzzTarget
Enjoy fuzzing!
Jazzer.js can be used in two ways: Creating dedicated fuzz targets, as shown intheQuickstart section, or integrated into theJest test framework.
Note: Using the test framework integration is the easiest and mostconvenient way to fuzz your code, hence, it is recommended to use this approachwhenever possible.
To use fuzzing in your normal development workflow, a tight integration with theJest test framework is provided. This coupling allows theexecution of fuzz tests alongside your normal unit tests and seamlessly detectproblems on your local machine or in your CI, enabling you to check that foundbugs stay resolved forever.
Furthermore, the Jest integration enables great IDE support, so that individualinputs can be run or even debugged, similar to what you would expect from normalJest tests.
Note: Detailed explanation on how to use the Jest integration can be foundatdocs/jest-integration.md.
A Jest fuzz test, in this case written in TypeScript, looks similar to thefollowing example:
// file: "Target.fuzz.ts"import"@jazzer.js/jest-runner";import*astargetfrom"./target";describe("Target",()=>{it.fuzz("executes a method",(data:Buffer)=>{target.fuzzMe(data);});});
Note: Please take a look atEnabling TypeScript in Jest testsfor further information on how to set up Jest fuzz tests written in TypeScript.
Creating fuzz targets and executing those via CLI commands is straightforwardand similar to what you would expect from other fuzzers. This approach offersthe most control and can easily be integrated in your CI pipelines vianpm/npx commands.
Note: Detailed explanation on how to create and use fuzz targets can befound atdocs/fuzz-targets.md.
A fuzz target can look as simple as this example:
// file "FuzzTarget.js"module.exports.fuzz=function(data/*: Buffer */){constfuzzerData=data.toString();myAwesomeCode(fuzzerData);};
Further documentation is available atdocs/readme.md.
We recorded a live demo which shows how to get Jazzer.js up and running for yourown projects. If you are just getting started, this might be helpful.
You can watch the recordinghere.
Jazzer.js supports Node.js LTS versions on the following platforms, otherversions are best effort only:
- Linux x86_64
- macOS x86_64 and arm64
- Windows x86_64
Jazzer.js is inspired by its namesakeJazzer, also developed byCode Intelligence.
About
Coverage-guided, in-process fuzzing for Node.js
Topics
Resources
License
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Contributors13
Uh oh!
There was an error while loading.Please reload this page.