Skip to content

CodeIntelligenceTesting/jazzer-clojure-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
src/jazzer_clojure_example
src/jazzer_clojure_example
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.clj
build.clj
 
 
deps.edn
deps.edn
 
 
project.clj
project.clj
 
 

Repository files navigation

Demo project for fuzzing Clojure code

This is a small demo project showcasing how jazzer-clj can be used to fuzz-test Clojure code.

Usage

deps.edn

Build a fuzzing JAR with

clojure "-T:build" "fuzzing-jar"

Then run the fuzzer as follows:

java -cp target/fuzzing.jar  com.code_intelligence.jazzer.Jazzer              \
     --target_class=jazzer_clojure_example.targets.SimpleExample

This will run Jazzer as specified in deps.edn, telling it to fuzz the SimpleExample target defined in core.clj. Alternatively, you can run Jazzer on the JsonistaExample to fuzz Metosin's excellent JSON library (which we've chosen arbitrarily to demonstrate how to test libraries):

mkdir corpus-jsonista
java -cp target/fuzzing.jar  com.code_intelligence.jazzer.Jazzer              \
       --target_class=jazzer_clojure_example.targets.JsonistaExample          \
       corpus-jsonista

Note the additional argument corpus-jsonista at the end. This tells Jazzer to store all generated inputs that it considers useful into the corpus-jsonista directory in this project. Storing a corpus this way is useful if you want to be able to interrupt the fuzzer and resume it later without having to redo a lot of work: it will more or less continue from the state where you stopped it. (Check out the files in the corpus after running the fuzzer for a while! Most of them will contain somewhat creative JSON data that the fuzzer has come up with.)

See the Jazzer homepage for more details about the fuzzer and how to configure it. Happy fuzzing!

Leiningen + Docker

There is also an example leiningen target which builds the project without jazzer as a dependency, for use with the jazzer docker images:

Build a JAR with lein uberjar. Then run the fuzzer on it as follows:

docker run -v $PWD:/fuzzing cifuzz/jazzer                                               \
       --cp=/fuzzing/target/jazzer-clojure-example-0.1.0-SNAPSHOT-standalone.jar        \
       --target-class=jazzer_clojure_example.targets.SimpleExample

Alternatively, you can run Jazzer on the JsonistaExample:

docker run -v $PWD:/fuzzing cifuzz/jazzer                                               \
       --cp=/fuzzing/target/jazzer-clojure-example-0.1.0-SNAPSHOT-standalone.jar        \
       --target-class=jazzer_clojure_example.targets.JsonistaExample                    \
       /fuzzing/corpus-jsonista

License

Copyright © 2022 Code Intelligence GmbH

This program and the accompanying materials are made available under the terms of the Eclipse Public License 2.0 which is available at http://www.eclipse.org/legal/epl-2.0.

This Source Code may also be made available under the following Secondary Licenses when the conditions for such availability set forth in the Eclipse Public License, v. 2.0 are satisfied: GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version, with the GNU Classpath Exception which is available at https://www.gnu.org/software/classpath/license.html.

Code Intelligence logo

About

Demo project for fuzzing Clojure code

Resources

Readme

License

EPL-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

7 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages