Coverage-guided, in-process fuzzing for the Node.js

Related tags

Learning resource nodejs javascript security typescript fuzzing fuzzer
Overview
Jazzer.js logo

Jazzer.js

NPM GitHub Actions

Jazzer.js is a coverage-guided, in-process fuzzer for the Node.js platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JavaScript ecosystem.

Jazzer.js currently supports the following platforms:

  • Linux x86_64
  • macOS x86_64 and arm64
  • Windows x86_64

Quickstart

To use Jazzer.js in your own project follow these few simple steps:

  1. Add the @jazzer.js/core dev-dependency

    npm install --save-dev @jazzer.js/core

  2. Create a fuzz target invoking your code

    // file "FuzzTarget.js"
module.exports.fuzz = function (data /*: Buffer */) {
	const fuzzerData = data.toString();
	myAwesomeCode(fuzzerData);
};

  3. Start the fuzzer using the fuzz target

    npx jazzer FuzzTarget

  4. Enjoy fuzzing!

Usage

Creating a fuzz target

Jazzer.js requires an entry point for the fuzzer, this is commonly referred to as fuzz target. A simple example is shown below.

module.exports.fuzz = function (data) {
	myAwesomeCode(data.toString());
};

A fuzz target module needs to export a function called fuzz, which takes a Buffer parameter and executes the actual code under test.

The Buffer, a subclass of Uint8Array, can be used to create needed parameters for the actual code under test, so that the fuzzer can detect the usage of parts of the input and mutate them in the next iterations to reach new code paths. In this use-case Buffer is not the nicest abstraction to work with and will be replaced with a more suitable one in the future. An example on how to use the data parameter is shown below, documentation on Buffer can be found in the Node.js documentation.

module.exports.fuzz = function (data) {
	const intParam = data.readInt32BE(0);
	const stringParam = data.toString("utf-8", 4);
	myAwesomeCode(intParam, stringParam);
};

Asynchronous fuzz targets

Jazzer.js supports asynchronous fuzz targets out of the box, no special handling or configuration is needed.

The resolution of a Promise returned by a fuzz target is awaited before the next fuzzing input is provided. This enables the fuzzing of async/await, Promise and callback based code.

Asynchronous code needs careful synchronization between the Node.js Event Loop and the fuzzing thread, hence provides a lower throughput compared to synchronous fuzzing. Even so, asynchronous fuzzing is the default mode of Jazzer.js due to its prevalence in the JavaScript ecosystem and because it works for all fuzz targets.

Solely synchronous code can participate in the enhanced performance of synchronous fuzzing by setting the --sync flag when starting the fuzzer.

An example of a Promise based fuzz target can be found at examples/promise/fuzz.js.

Using TypeScript to write fuzz targets

It is also possible to use TypeScript, or in that matter any other language transpiling to JavaScript, to write fuzz targets, as long as a modules exporting a fuzz function is generated.

An example on how to use TypeScript to fuzz a library can be found at examples/js-yaml/package.json.

Running the fuzzer

After adding @jazzer.js/core as dev-dependency to a project the fuzzer can be executed using the jazzer npm command. To do so use npx:

npx jazzer <fuzzer parameters>

Or add a new script to your package.json:

"scripts": {
"fuzz": "jazzer <fuzzer parameters>"
}

The general command format is:

jazzer <fuzzTarget> <fuzzerFlags> [corpus...] [-- <fuzzingEngineFlags>]

Detailed documentation and some example calls are available using the --help flag, so that only the most important ones are discussed here.

Parameter Description
<fuzzTarget> Import path to the fuzz target module.
[corpus...] Paths to the corpus directories. If not given, no initial seeds are used nor interesting inputs saved.
-- <fuzzingEngineFlags> Parameters after -- are forwarded to the internal fuzzing engine (libFuzzer). Available settings can be found in its options documentation.
-i, --instrumentation_includes / -e, --instrumentation_excludes Part of filepath names to include/exclude in the instrumentation. A tailing / should be used to include directories and prevent confusion with filenames. * can be used to include all files. Can be specified multiple times. Default will include everything outside the node_modules directory.
--sync Enables synchronous fuzzing. May only be used for entirely synchronous code.
--help Detailed help message containing all flags.

Documentation

Further documentation is available at docs/readme.md.

Credit

Jazzer.js is inspired by its namesake Jazzer, also developed by Code Intelligence.

Code Intelligence logo

Comments
  • Bump @babel/core from 7.19.3 to 7.19.6

    Bump @babel/core from 7.19.3 to 7.19.6

    Bumps @babel/core from 7.19.3 to 7.19.6.

    Release notes

    Sourced from @​babel/core's releases.

    v7.19.6 (2022-10-20)

    Thanks @​lomirus for your first PR!

    :eyeglasses: Spec Compliance

    • babel-plugin-proposal-decorators
      • #15059 Ensure non-static decorators are applied when a class is instantiated. (@​JLHwung)

    :bug: Bug Fix

    • babel-parser
    • babel-plugin-transform-runtime, babel-runtime-corejs2, babel-runtime-corejs3
      • #15060 Ensure @babel/runtime-corejs3/core-js/*.js can be imported on Node.js 17+ (@​JLHwung)
    • babel-preset-env, babel-traverse

    :nail_care: Polish

    • babel-generator, babel-plugin-transform-flow-comments

    :memo: Documentation

    :house: Internal

    :running_woman: Performance

    Committers: 4

    v7.19.5 (2022-10-10)

    :bug: Bug Fix

    Committers: 2

    ... (truncated)

    Changelog

    Sourced from @​babel/core's changelog.

    v7.19.6 (2022-10-20)

    :eyeglasses: Spec Compliance

    • babel-plugin-proposal-decorators
      • #15059 Ensure non-static decorators are applied when a class is instantiated. (@​JLHwung)

    :bug: Bug Fix

    • babel-parser
    • babel-plugin-transform-runtime, babel-runtime-corejs2, babel-runtime-corejs3
      • #15060 Ensure @babel/runtime-corejs3/core-js/*.js can be imported on Node.js 17+ (@​JLHwung)
    • babel-preset-env, babel-traverse

    :nail_care: Polish

    • babel-generator, babel-plugin-transform-flow-comments

    :memo: Documentation

    :house: Internal

    :running_woman: Performance

    v7.19.5 (2022-10-10)

    :bug: Bug Fix

    v7.19.4 (2022-10-10)

    :eyeglasses: Spec Compliance

    • babel-plugin-transform-block-scoping
    • babel-helpers, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-object-rest-spread, babel-plugin-transform-destructuring

    :bug: Bug Fix

    • babel-plugin-transform-react-jsx-development, babel-plugin-transform-typescript, babel-types
    • babel-plugin-transform-destructuring, babel-plugin-transform-react-constant-elements, babel-traverse

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 4
  • Initial support for ECMAScript modules

    Initial support for ECMAScript modules

    This is not yet a full solution as full ES6 projects won't get instrumented yet. Loading projects that (partially) rely on ES6 won't crash anymore though

    Note: A follow up PR will attempt to resolve the remaining problems

    opened by 0xricksanchez 3
  • Bump @types/node from 18.11.8 to 18.11.9

    Bump @types/node from 18.11.8 to 18.11.9

    Bumps @types/node from 18.11.8 to 18.11.9.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 3
  • Integrate jazzer.js with novel fuzzing engines

    Integrate jazzer.js with novel fuzzing engines

    Thanks for working on this project! I'm glad to see something like js-fuzz that is more actively developed 👍

    I'm currently exploring using this to fuzz prettier formatter parsers, and I was wondering if y'all could provide any insight into how I might make use of https://github.com/googleprojectzero/fuzzilli/blob/main/Docs/HowFuzzilliWorks.md to generate js programs for prettier's babel parser to format.

    It's pretty extensively used, so I doubt I'll find easy bugs in it but 🤷

    opened by jasikpark 3
  • Bump cmake-js from 6.3.2 to 7.0.0

    Bump cmake-js from 6.3.2 to 7.0.0

    Bumps cmake-js from 6.3.2 to 7.0.0.

    Release notes

    Sourced from cmake-js's releases.

    v7.0.0

    This is a breaking change and will likely require some small changes to your cmake config to keep your project building.

    Summary

    A lot of work has gone into this release, to try and make the general usage of the library smoother. It has better support for building modules with node-api. The on disk footprint of the library is much smaller than before, with various dependencies removed, or updated.

    Upgrading

    We recommend having the following at the top of your cmake file, before the project(...) definition.

    cmake_minimum_required(VERSION 3.15)
cmake_policy(SET CMP0091 NEW)
cmake_policy(SET CMP0042 NEW)

    This will force MSVC to do a MT build, so if you were doing that another way, it should be possible to remove that. If you need to keep it building as MD, you can add set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>DLL") in your cmake file.

    If you are using node-api, make sure that your package.json has the following, but with the correct NAPI_VERSION filled in. We use this to autodetect that your module is building with node-api.

    "binary": {
    "napi_versions": [7]
  },

    You should also add the following to the bottom of your cmake file. This lets us avoid downloading the full nodejs headers, and lets us use bundle a much more lightweight copy instead

    if(MSVC AND CMAKE_JS_NODELIB_DEF AND CMAKE_JS_NODELIB_TARGET)
  # Generate node.lib
  execute_process(COMMAND ${CMAKE_AR} /def:${CMAKE_JS_NODELIB_DEF} /out:${CMAKE_JS_NODELIB_TARGET} ${CMAKE_STATIC_LINKER_FLAGS})
endif()

    If you have something like:

    execute_process(COMMAND node -p "require('node-addon-api').include"
        WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
        OUTPUT_VARIABLE NODE_ADDON_API_DIR
        )
string(REPLACE "\n" "" NODE_ADDON_API_DIR ${NODE_ADDON_API_DIR})
string(REPLACE "\"" "" NODE_ADDON_API_DIR ${NODE_ADDON_API_DIR})
target_include_directories(${PROJECT_NAME} PRIVATE ${NODE_ADDON_API_DIR})

    in your file, it is no longer needed. We will inject the correct include paths for you, similar to what is done for nan.

    That should be everything.
    If we missed something in these steps, or if you are having problems getting your module building again, let us know in an issue.

    All changes:

    • update dependencies
    • replace some dependencies with modern language features

    ... (truncated)

    Changelog

    Sourced from cmake-js's changelog.

    v7.0.0 - 08/10/22

    • update dependencies
    • replace some dependencies with modern language features
    • follow node-gyp behaviour for visual-studio version detection and selection
    • automatically locate node-addon-api and add to include paths
    • avoid downloads when building for node-api
    • encourage use of MT builds with MSVC, rather than MD

    v6.3.1 - 05/06/22

    • add missing bluebird dependency
    • fix platform detection for visual studio 2019 and newer
    • fix platform detection for macos

    v6.3.0 - 26/11/21

    v6.2.1 - 20/07/21

    • EOL hotfix (Thx Windows!)

    v6.2.0 - 19/07/21

    • various fixes

    v6.1.0 - 27/02/20

    • Add support for "-A/--platform" option to make target platform selectable for Visual Studio 2019 generator: cmake-js/cmake-js#201

    v6.0.0 - 30/09/19

    • Dropped compatibility of old Node.js runtimes (<10.0.0)
    • --cc and --cxx flags for overriding compiler detection: cmake-js/cmake-js#191

    v5.3.2 - 21/08/19

    • Visual Studio detection fixes

    ... (truncated)

    Commits
    • 110c563 v7.0.0
    • 46fba95 chore: update dependencies
    • 6712a0f feat: Set CMAKE_MSVC_RUNTIME_LIBRARY to encourage use of MT builds
    • c99e10e fix: Update win_delay_load_hook.cc based on nw.js
    • 2be9d8f v7.0.0-3
    • 261e462 fix: typo
    • b205e13 fix: typo
    • a38fd3a chore: add some more keywords
    • 3e4558f chore: update baseurl for electron mirror (#279)
    • 0e2c948 fix(msvc): node.lib should be generated as part of the configure step
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump @typescript-eslint/eslint-plugin from 5.36.0 to 5.36.1

    Bump @typescript-eslint/eslint-plugin from 5.36.0 to 5.36.1

    Bumps @typescript-eslint/eslint-plugin from 5.36.0 to 5.36.1.

    Release notes

    Sourced from @​typescript-eslint/eslint-plugin's releases.

    v5.36.1

    5.36.1 (2022-08-30)

    Bug Fixes

    • typescript-estree: fix decorator regression for pre TS4.8 (#5574) (a603015)
    Changelog

    Sourced from @​typescript-eslint/eslint-plugin's changelog.

    5.36.1 (2022-08-30)

    Note: Version bump only for package @​typescript-eslint/eslint-plugin

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Connect the instrumentor with the fuzzer

    Connect the instrumentor with the fuzzer

    This commit makes the fuzzer usable from the instrumentor. Since we'll want to add an alternative "fuzzer" implementation later (i.e., the native agent), some code is explicitly marked as shared between implementations of the fuzzer interface.

    opened by sebastianpoeplau 2
  • Bump @babel/generator from 7.20.5 to 7.20.7

    Bump @babel/generator from 7.20.5 to 7.20.7

    Bumps @babel/generator from 7.20.5 to 7.20.7.

    Release notes

    Sourced from @​babel/generator's releases.

    v7.20.7 (2022-12-22)

    Thanks @​wsypower for your first PR!

    :eyeglasses: Spec Compliance

    • babel-helper-member-expression-to-functions, babel-helper-replace-supers, babel-plugin-proposal-class-properties, babel-plugin-transform-classes
    • babel-helpers, babel-plugin-proposal-class-properties, babel-plugin-transform-classes, babel-plugin-transform-object-super

    :bug: Bug Fix

    • babel-parser, babel-plugin-transform-typescript
    • babel-traverse
    • babel-plugin-transform-typescript, babel-traverse
    • babel-plugin-transform-block-scoping
    • babel-plugin-proposal-async-generator-functions, babel-preset-env
    • babel-generator, babel-plugin-proposal-optional-chaining
    • babel-plugin-transform-react-jsx, babel-types
    • babel-core, babel-helpers, babel-plugin-transform-computed-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
    • babel-helper-member-expression-to-functions, babel-helper-replace-supers, babel-plugin-proposal-class-properties, babel-plugin-transform-classes
    • babel-generator

    :nail_care: Polish

    • babel-plugin-transform-block-scoping, babel-traverse

    :house: Internal

    • babel-helper-define-map, babel-plugin-transform-property-mutators
    • babel-core, babel-plugin-proposal-class-properties, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-parameters, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-traverse

    :running_woman: Performance

    Committers: 6

    ... (truncated)

    Changelog

    Sourced from @​babel/generator's changelog.

    v7.20.7 (2022-12-22)

    :eyeglasses: Spec Compliance

    • babel-helper-member-expression-to-functions, babel-helper-replace-supers, babel-plugin-proposal-class-properties, babel-plugin-transform-classes
    • babel-helpers, babel-plugin-proposal-class-properties, babel-plugin-transform-classes, babel-plugin-transform-object-super

    :bug: Bug Fix

    • babel-parser, babel-plugin-transform-typescript
    • babel-traverse
    • babel-plugin-transform-typescript, babel-traverse
    • babel-plugin-transform-block-scoping
    • babel-plugin-proposal-async-generator-functions, babel-preset-env
    • babel-generator, babel-plugin-proposal-optional-chaining
    • babel-plugin-transform-react-jsx, babel-types
    • babel-core, babel-helpers, babel-plugin-transform-computed-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
    • babel-helper-member-expression-to-functions, babel-helper-replace-supers, babel-plugin-proposal-class-properties, babel-plugin-transform-classes
    • babel-generator

    :nail_care: Polish

    • babel-plugin-transform-block-scoping, babel-traverse

    :house: Internal

    • babel-helper-define-map, babel-plugin-transform-property-mutators
    • babel-core, babel-plugin-proposal-class-properties, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-parameters, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-traverse

    :running_woman: Performance

    v7.20.6 (2022-11-28)

    :bug: Bug Fix

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump @typescript-eslint/parser from 5.46.1 to 5.47.0

    Bump @typescript-eslint/parser from 5.46.1 to 5.47.0

    Bumps @typescript-eslint/parser from 5.46.1 to 5.47.0.

    Release notes

    Sourced from @​typescript-eslint/parser's releases.

    v5.47.0

    5.47.0 (2022-12-19)

    Features

    • eslint-plugin: [no-floating-promises] add suggestion fixer to add an 'await' (#5943) (9e35ef9)
    Changelog

    Sourced from @​typescript-eslint/parser's changelog.

    5.47.0 (2022-12-19)

    Note: Version bump only for package @​typescript-eslint/parser

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Add done callback pattern support to fuzzer

    Add done callback pattern support to fuzzer

    Allow a fuzz target to request a done callback as second parameter. If used, the fuzz target has to invoke the done callback to report its finished execution and request the next input.

    opened by bertschneider 1
  • Mark fuzz tests without seed files as skipped

    Mark fuzz tests without seed files as skipped

    Fuzz tests without seed files are marked as skipped in regression test. This prevents Jest from displaying an error that no tests could be found. The input directory structure is still automatically created.

    opened by bertschneider 1
  • Add CONTRIBUTING.md

    Add CONTRIBUTING.md

    We had a docs/development.md already. IMO, having a proper CONTRIBUTING.md is the way to go here. For good measures, I added a badge to the README.md as well.

    opened by 0xricksanchez 0
  • Use `import()` instead of `require()` for commonjs/esmodule support

    Use `import()` instead of `require()` for commonjs/esmodule support

    I'm trying to get a fuzz harness set up for https://github.com/natemoo-re/ultrahtml but I'm running into a problem with the fact that the module is written as an esmodule instead of a commonjs module

    It'd be great if jazzer.js supported es modules natively, ex:

    export function fuzz() {}

    instead of module.exports.fuzz = function() {} or using TS to generate commonjs

    https://github.com/jasikpark/fuzz-ultrahtml

    opened by jasikpark 3
  • Refactor async code

    Refactor async code

    This is an attempt at making the code for asynchronous fuzzing easier to understand.

    Feel free to reject the PR if you think it's not clearer than what we started with. The need to work around the issues we found with Napi::AsyncWorker (i.e., losing stack traces) and Napi::Error (i.e., inability to copy it outside the main thread) have made the code a bit less readable than I had hoped.

    opened by sebastianpoeplau 0
Releases(v1.0.1)

  • v1.0.1(Aug 22, 2022)

    Summary

    This is the first release of Jazzer.js :tada:

    Please have a look at the documentation to get to know all the available features.

    What's Changed

    • Add an example program to fuzz by @sebastianpoeplau in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/1
    • libfuzzer plugin by @sebastianpoeplau in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/3
    • Initial fuzzing instrumentation by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/4
    • Connect the instrumentor with the fuzzer by @sebastianpoeplau in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/6
    • Handle CLI options by @bertschneider in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/5
    • coverage counters by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/8
    • tie all together by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/9
    • Evaluate MVP with real-world projects by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/10
    • Improvements by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/11
    • Enable value profiling by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/23
    • Refactor examples by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/25
    • Add an option to perform a dry run by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/26
    • Access fuzzer only through exported functions by @bertschneider in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/32
    • Expand the fuzzer API to enable more feedback signals to the fuzzer by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/31
    • Document the planned architecture by @bertschneider in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/2
    • Upload prebuild artifacts in CI pipeline by @bertschneider in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/39
    • Async support by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/47
    • Add dependabot automerge action by @bertschneider in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/58
    • Add Jazzer.js logo by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/52
    • Restrict npm build command by @bertschneider in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/59
    • Minor improvements in docs and comments by @sebastianpoeplau in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/64
    • Fix GCC 12 build errors by @bertschneider in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/62
    • Add TypeScript example by @bertschneider in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/63
    • Refactor crash printing by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/60
    • Handle sync response in async fuzzing mode by @bertschneider in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/67
    • Add async documentation and example by @bertschneider in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/61
    • Only build libfuzzer from compiler rt by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/68
    • Minor cpp cleanup by @sebastianpoeplau in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/69
    • Use constant seed for fuzzer tests to make them deterministic by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/72
    • Add Windows to the tests and prebuilds by @kyakdan in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/71
    • Release 1.0 by @bertschneider in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/76
    • Fix release artifact build pipeline by @bertschneider in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/77

    New Contributors

    • @sebastianpoeplau made their first contribution in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/1
    • @bertschneider made their first contribution in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/5
    • @dependabot made their first contribution in https://github.com/CodeIntelligenceTesting/jazzer.js/pull/16

    Full Changelog: https://github.com/CodeIntelligenceTesting/jazzer.js/commits/v1.0.1

    Source code(tar.gz)
    Source code(zip)
    fuzzer-v1.0.1-napi-v4-darwin-arm64.tar.gz(147.44 KB)
    fuzzer-v1.0.1-napi-v4-darwin-x64.tar.gz(164.29 KB)
    fuzzer-v1.0.1-napi-v4-linux-x64.tar.gz(209.15 KB)
    fuzzer-v1.0.1-napi-v4-win32-x64.tar.gz(369.48 KB)
Owner
Code Intelligence
Code Intelligence
GitHub https://code-intelligence.com
Grupprojekt för kurserna 'Javascript med Ramverk' och 'Agil Utveckling'

JavaScript-med-Ramverk-Laboration-3 Grupprojektet för kurserna Javascript med Ramverk och Agil Utveckling. Utvecklingsguide För information om hur utv

Svante Jonsson IT-Högskolan 3 May 18, 2022
Site fast fuzzing with chorme extension.

FastFuzz Chrome Extension Fast fuzzing websites with chrome extension Screenshot Install Add Your Custom Files Open files.txt Paste your file or direc

Ismayil Tahmazov 20 Mar 25, 2022
Hemsida för personer i Sverige som kan och vill erbjuda boende till människor på flykt

Getting Started with Create React App This project was bootstrapped with Create React App. Available Scripts In the project directory, you can run: np

null 4 May 3, 2022
Kurs-repo för kursen Webbserver och Databaser

Webbserver och databaser This repository is meant for CME students to access exercises and codealongs that happen throughout the course. I hope you wi

null 14 Jan 3, 2023
A quick ERC-20 tutorial with testing, fuzzing and more.

ERC-20-tutorial A quick ERC-20 tutorial with testing, fuzzing and more. Our Approach This tutorial will help you learn web3 with three principles in m

Anthony Albertorio 4 Jul 5, 2022
🎩 Coverage for EcmaScript Modules

?? ESCover Coverage for EcmaScript Modules based on ?? Putout and loaders. Why another coverage tool? When you want to use ESM in Node.js without tran

coderaiser 4 Jun 10, 2022
GitHub Action that posts the report in a comment on a GitHub Pull Request from coverage data generated by nyc (istanbul)

GitHub Action: Report NYC coverage GitHub Action that posts the report in a comment on a GitHub Pull Request from coverage data generated by nyc (ista

Sid 16 Nov 23, 2022
👋 Canyon is a JavaScript code coverage platform

Canyon Welcome to the Canyon codebase, we are thrilled to have you here! What is Canyon? Canyon is a JavaScript code coverage platform. Canyon can rea

Canyon 99 Oct 6, 2022
Inter Process Communication Module for node supporting Unix sockets, TCP, TLS, and UDP. Giving lightning speed on Linux, Mac, and Windows. Neural Networking in Node.JS

Inter Process Communication Module for node supporting Unix sockets, TCP, TLS, and UDP. Giving lightning speed on Linux, Mac, and Windows. Neural Networking in Node.JS

Node IPC 43 Dec 9, 2022
Queue is a node.js package to create background jobs in topic-based RabbitMQ exchanges and process them later.

Queue PLG Works Queue helps with managing subscription and publish critical events using RabbitMQ. All events are published through RabbitMQ, using to

PLG Works 23 Sep 21, 2022
This is a project to testing coding habilities, it is part of the recruiting process of Liven.tech company

This is a project to testing coding habilities, it is part of the recruiting process of Liven.tech company

Romualdo 1 Feb 26, 2022
Some process handle JavaScript function parameter.

Function parameter handle or paremeter error control Example 1: Just checking if all arguments were passed / defined. const required = (name) => {

Md. Nazmul Islam 4 Mar 14, 2022
A set of connectors to describe, parse and process the data sources provided by websites and social networks

HUDI-PACKAGE-CONNECTORS What is this repository for? A set of connectors to describe, parse and process the data sources provided by websites and soci

HUDI 8 Aug 5, 2022
A plugin that uses multiple block, Tailwind and is fully integrated into the standard build process

Tailwind CSS Custom Block Plugin This repo leverages the @wordpress/scripts package and it's ability to use PostCSS to introduce TailwindCSS to the bu

Ryan Welcher 3 Dec 31, 2022
Firebase adepter auth process with custom token example in Next Auth

Firebase adepter auth process with custom token example in Next Auth Example of a firebase adapter that works with firebase authentication. A firebase

Low Front 10 Oct 14, 2022
Perform queries on the current graph and batch process on the results.

logseq-plugin-batch-op 对当前库进行查询并对查询结果进行批量操作。 Perform queries on the current graph and batch process on the results. 使用展示 (Usage) 批量删除 (Batch Delete) 批

Seth Yuan 22 Dec 1, 2022
fetch and process data in web worker, store in indexedDB.

Query+ install yarn add query-plus or pnpm add query-plus or npm install query-plus import import { useFetch, usePreFetch } from "query-plus" use

Rod Lewis 5 Aug 29, 2022
Run a command, watch the filesystem, stop the process on file change and then run the command again...

hubmon Run a command, watch the filesystem, stop the process on file change and then run the command again... Install You can install this command lin

Hubert SABLONNIÈRE 7 Jul 30, 2022
A markdown-it plugin that process images through the eleventy-img plugin. Can be used in any projects that uses markdown-it.

markdown-it-eleventy-img A markdown-it plugin that process images through the eleventy-img plugin. Can be used in any projects that use markdown-it. F

null 25 Dec 20, 2022