{"id":13575697,"url":"https://github.com/CodeIntelligenceTesting/jazzer","last_synced_at":"2025-04-04T22:31:54.753Z","repository":{"id":37094596,"uuid":"333867901","full_name":"CodeIntelligenceTesting/jazzer","owner":"CodeIntelligenceTesting","description":"Coverage-guided, in-process fuzzing for the JVM","archived":false,"fork":false,"pushed_at":"2025-02-17T23:44:46.000Z","size":6288,"stargazers_count":1095,"open_issues_count":41,"forks_count":150,"subscribers_count":25,"default_branch":"main","last_synced_at":"2025-03-29T00:02:03.703Z","etag":null,"topics":["clojure","fuzzer","fuzzing","java","jni","jvm","kotlin","security"],"latest_commit_sha":null,"homepage":"https://code-intelligence.com","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CodeIntelligenceTesting.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-28T19:08:19.000Z","updated_at":"2025-03-25T19:53:59.000Z","dependencies_parsed_at":"2023-09-26T17:27:41.273Z","dependency_job_id":"9a4526b4-44bf-45a7-9c7b-690b67225622","html_url":"https://github.com/CodeIntelligenceTesting/jazzer","commit_stats":null,"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fjazzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fjazzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fjazzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fjazzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CodeIntelligenceTesting","download_url":"https://codeload.github.com/CodeIntelligenceTesting/jazzer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247260808,"owners_count":20910078,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clojure","fuzzer","fuzzing","java","jni","jvm","kotlin","security"],"created_at":"2024-08-01T15:01:03.360Z","updated_at":"2025-04-04T22:31:49.741Z","avatar_url":"https://github.com/CodeIntelligenceTesting.png","language":"Java","readme":"\u003cdiv align=\"center\"\u003e\n  \u003ca href=\"https://code-intelligence.com\"\u003e\u003cimg src=\"https://www.code-intelligence.com/hubfs/Logos/CI%20Logos/Jazzer_einfach.png\" height=150px alt=\"Jazzer by Code Intelligence\"\u003e\n\u003c/a\u003e\n  \u003ch1\u003eJazzer\u003c/h1\u003e\n  \u003cp\u003eFuzz Testing for the JVM\u003c/p\u003e\n  \u003ca href=\"https://github.com/CodeIntelligenceTesting/jazzer/releases\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/v/release/CodeIntelligenceTesting/jazzer\" alt=\"Releases\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://search.maven.org/search?q=g:com.code-intelligence%20a:jazzer\"\u003e\n    \u003cimg src=\"https://img.shields.io/maven-central/v/com.code-intelligence/jazzer\" alt=\"Maven Central\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/CodeIntelligenceTesting/jazzer/actions/workflows/run-all-tests.yml?query=branch%3Amain\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/actions/workflow/status/CodeIntelligenceTesting/jazzer/run-all-tests.yml?branch=main\u0026logo=github\" alt=\"CI status\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/CodeIntelligenceTesting/jazzer/blob/main/LICENSE\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/license/CodeIntelligenceTesting/jazzer\" alt=\"License\"\u003e\n  \u003c/a\u003e\n\n  \u003cbr /\u003e\n\n\u003ca href=\"https://www.code-intelligence.com/\" target=\"_blank\"\u003eWebsite\u003c/a\u003e\n|\n\u003ca href=\"https://www.code-intelligence.com/blog\" target=\"_blank\"\u003eBlog\u003c/a\u003e\n|\n\u003ca href=\"https://twitter.com/CI_Fuzz\" target=\"_blank\"\u003eTwitter\u003c/a\u003e\n\u003c/div\u003e\n\nJazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by [Code Intelligence](https://code-intelligence.com).\nIt is based on [libFuzzer](https://llvm.org/docs/LibFuzzer.html) and brings many of its instrumentation-powered mutation features to the JVM.\n\nJazzer currently supports the following platforms:\n* Linux x86_64\n* macOS 12+ x86_64 \u0026 arm64\n* Windows x86_64\n\n## Using Jazzer via...\n\n### JUnit 5\n\nThe following steps assume that JUnit 5.9.0 or higher is set up for your project, for example based on the official [junit5-samples](https://github.com/junit-team/junit5-samples).\n\n1. Add a dependency on `com.code-intelligence:jazzer-junit:\u003clatest version\u003e`.\n   All Jazzer Maven artifacts are signed with [this key](deploy/maven.pub).\n2. Add a new *fuzz test* to a new or existing test class: a method annotated with [`@FuzzTest`](https://codeintelligencetesting.github.io/jazzer-docs/jazzer-junit/com/code_intelligence/jazzer/junit/FuzzTest.html) and at least one parameter.\n   Using a single parameter of type [`FuzzedDataProvider`](https://codeintelligencetesting.github.io/jazzer-docs/jazzer-api/com/code_intelligence/jazzer/api/FuzzedDataProvider.html), which provides utility functions to produce commonly used Java values, or `byte[]` is recommended for optimal performance and reproducibility of findings.\n3. Assuming your test class is called `com.example.MyFuzzTests`, create the *inputs directory* `src/test/resources/com/example/MyFuzzTestsInputs`.\n4. Run a fuzz test with the environment variable `JAZZER_FUZZ` set to `1` to let the fuzzer rapidly try new sets of arguments.\n   If the fuzzer finds arguments that make your fuzz test fail or even trigger a security issue, it will store them in the inputs directory.\n   In this mode, only a single fuzz test is executed per test run (see [#599](https://github.com/CodeIntelligenceTesting/jazzer/issues/599) for details).\n5. Run the fuzz test without `JAZZER_FUZZ` set to execute it only on the inputs in the inputs directory.\n   This mode, which behaves just like a traditional unit test, ensures that issues previously found by the fuzzer remain fixed and can also be used to debug the fuzz test on individual inputs.\n\nA simple property-based fuzz test could look like this (excluding imports):\n\n```java\nclass ParserTests {\n   @Test\n   void unitTest() {\n      assertEquals(\"foobar\", SomeScheme.decode(SomeScheme.encode(\"foobar\")));\n   }\n\n   @FuzzTest\n   void fuzzTest(FuzzedDataProvider data) {\n      String input = data.consumeRemainingAsString();\n      assertEquals(input, SomeScheme.decode(SomeScheme.encode(input)));\n   }\n}\n```\n\nA complete Maven example project can be found in [`examples/junit`](examples/junit).\n\n### GitHub releases\n\nYou can also use GitHub release archives to run a standalone Jazzer binary that starts its own JVM configured for fuzzing:\n\n1. Download and extract the latest release from the [GitHub releases page](https://github.com/CodeIntelligenceTesting/jazzer/releases).\n2. Add a new class to your project with a \u003ccode\u003epublic static void fuzzerTestOneInput(\u003ca href=\"https://codeintelligencetesting.github.io/jazzer-docs/jazzer-api/com/code_intelligence/jazzer/api/FuzzedDataProvider.html\"\u003eFuzzedDataProvider\u003c/a\u003e data)\u003c/code\u003e method.\n3. Compile your fuzz test with `jazzer_standalone.jar` on the classpath.\n4. Run the `jazzer` binary (`jazzer.exe` on Windows), specifying the classpath and fuzz test class:\n\n```shell\n./jazzer --cp=\u003cclasspath\u003e --target_class=\u003cfuzz test class\u003e\n```\n\nIf you see an error saying that `libjvm.so` has not been found, make sure that `JAVA_HOME` points to a JDK.\n\nThe [`examples`](examples/src/main/java/com/example) directory includes both toy and real-world examples of fuzz tests.\n\n### Bazel\n\nSupport for Jazzer is available in [rules_fuzzing](https://github.com/bazelbuild/rules_fuzzing), the official Bazel rules for fuzzing.\nSee [the README](https://github.com/bazelbuild/rules_fuzzing#java-fuzzing) for instructions on how to use Jazzer in a Java Bazel project.\n\n### OSS-Fuzz\n\n[Code Intelligence](https://code-intelligence.com) and Google have teamed up to bring support for Java, Kotlin, and other JVM-based languages to [OSS-Fuzz](https://github.com/google/oss-fuzz), Google's project for large-scale fuzzing of open-source software.\nRead [the OSS-Fuzz guide](https://google.github.io/oss-fuzz/getting-started/new-project-guide/jvm-lang/) to learn how to set up a Java project.\n\n**Note**: Open source projects can use Jazzer for free and benefit from the \nOSS-Fuzz infrastructure, including ClusterFuzzLite and OSS-Fuzz-Gen for\nautomated analysis and continuous integration. There is no risk of accidental \nlicense violation as long as Jazzer is used for testing open-source code.\n\n## Building from source\n\nInformation on building and testing Jazzer for development can be found in [CONTRIBUTING.md](CONTRIBUTING.md)\n\n## Further documentation\n\n* [Common options and workflows](docs/common.md)\n* [Advanced techniques](docs/advanced.md)\n\n## Findings\n\nA list of security issues and bugs found by Jazzer is maintained [here](docs/findings.md).\nIf you found something interesting and the information is public, please send a PR to add it to the list.\n\n## License\nBy using Jazzer, you agree to the Code Intelligence [Terms \u0026 Conditions](LICENSE).\n\nJazzer can only be used for code bases that are released under an OSI-approved open source license, \nor to perform academic research. It cannot be used to fuzz projects for or during automated analysis, \ncontinuous integration or continuous delivery, whether as part of normal software engineering processes or otherwise. \nFor these use cases, get in contact with us via [sales@code-intelligence.com](mailto:sales@code-intelligence.com).\n\nYou can find the latest version released under the Apache 2 license [here](https://github.com/CodeIntelligenceTesting/jazzer/tree/d2cbfdcfc5363593f36cd972b849cc3ab070c90a).\n\n\n## Credit\n\nThe following developers have contributed to Jazzer before its public release:\n\n[Sergej Dechand](https://github.com/serj),\n[Christian Hartlage](https://github.com/dende),\n[Fabian Meumertzheim](https://github.com/fmeum),\n[Sebastian Pöplau](https://github.com/sebastianpoeplau),\n[Mohammed Qasem](https://github.com/mohqas),\n[Simon Resch](https://github.com/simonresch),\n[Henrik Schnor](https://github.com/henrikschnor),\n[Khaled Yakdan](https://github.com/kyakdan)\n\nThe LLVM-style edge coverage instrumentation for JVM bytecode used by Jazzer relies on [JaCoCo](https://github.com/jacoco/jacoco).\nPreviously, Jazzer used AFL-style coverage instrumentation as pioneered by [kelinci](https://github.com/isstac/kelinci).\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://www.code-intelligence.com\"\u003e\u003cimg src=\"https://www.code-intelligence.com/hubfs/Logos/CI%20Logos/CI_Header_GitHub_quer.jpeg\" height=50px alt=\"Code Intelligence logo\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n[`FuzzedDataProvider`]: https://codeintelligencetesting.github.io/jazzer-docs/jazzer-api/com/code_intelligence/jazzer/api/FuzzedDataProvider.html\n","funding_links":[],"categories":["Tools","Java","Running tests","测试","Testing"],"sub_categories":["Misc","`MergeAllOfTransformer`","Binary"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCodeIntelligenceTesting%2Fjazzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FCodeIntelligenceTesting%2Fjazzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCodeIntelligenceTesting%2Fjazzer/lists"}