Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for afl-fuzz testing #207

Merged
merged 1 commit into from
Feb 14, 2016
Merged

Add support for afl-fuzz testing #207

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Add support for afl-fuzz testing 
"make fuzz" creates a simple executable that de-serialises stdin
and re-serialises to stdout.
"make fuzz_testcases" extracts the smaller json test cases into
a testcases directory.

The library can then be fuzzed as follows:
    CC=afl-clang-fast make fuzz
    make fuzz_testcases
    mkdir out
    afl-fuzz -i testcases -o out ./fuzz
  • Loading branch information
@mykter
mykter committed Feb 12, 2016
commit 9e500b49ace31f53cab94ca426cde5998b3b91fd
14 changes: 12 additions & 2 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ all: json_unit

# clean up
clean:
rm -f json_unit json_benchmarks
rm -f json_unit json_benchmarks fuzz


##########################################################################
Expand All @@ -24,6 +24,16 @@ json_unit: test/unit.cpp src/json.hpp test/catch.hpp
$(CXX) -std=c++11 $(CXXFLAGS) $(FLAGS) $(CPPFLAGS) -I src -I test $< $(LDFLAGS) -o $@


##########################################################################
# fuzzing
##########################################################################

fuzz: test/fuzz.cpp src/json.hpp
$(CXX) -std=c++11 $(CXXFLAGS) $(FLAGS) $(CPPFLAGS) -I src -I test $< $(LDFLAGS) -lstdc++ -lm -o $@
fuzz_testcases:
mkdir -p testcases && find test/ -size -5k -name *json | xargs -I{} cp "{}" testcases
@echo "Test cases suitable for fuzzing have been copied into the testcases directory"

##########################################################################
# static analyzer
##########################################################################
Expand All @@ -48,7 +58,7 @@ pretty:
--indent-col1-comments --pad-oper --pad-header --align-pointer=type \
--align-reference=type --add-brackets --convert-tabs --close-templates \
--lineend=linux --preserve-date --suffix=none \
src/json.hpp src/json.hpp.re2c test/unit.cpp benchmarks/benchmarks.cpp doc/examples/*.cpp
src/json.hpp src/json.hpp.re2c test/unit.cpp test/fuzz.cpp benchmarks/benchmarks.cpp doc/examples/*.cpp


##########################################################################
Expand Down
42 changes: 42 additions & 0 deletions test/fuzz.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
/*
__ _____ _____ _____
__| | __| | | | JSON for Modern C++ (fuzz test support)
| | |__ | | | | | | version 2.0.0
|_____|_____|_____|_|___| https://github.com/nlohmann/json

To run under afl:
afl-fuzz -i testcases -o output ./fuzz

Licensed under the MIT License <http://opensource.org/licenses/MIT>.
*/

#include <json.hpp>

using json = nlohmann::json;

int main()
{
json *jp;

#ifdef __AFL_HAVE_MANUAL_CONTROL
while (__AFL_LOOP(1000)) {
#endif
jp = new json();
json j = *jp;
try {
j << std::cin;
} catch (std::invalid_argument e) {
std::cout << "Invalid argument in parsing" << e.what() << '\n';
}

if (j.find("foo") != j.end()) {
std::cout << "Found a foo";
}

std::cout << j.type() << j << std::endl;

delete jp;
#ifdef __AFL_HAVE_MANUAL_CONTROL
}
#endif
}