{"id":21602717,"url":"https://github.com/codeintelligencetesting/c-cpp-example","last_synced_at":"2025-04-11T02:33:50.865Z","repository":{"id":210709454,"uuid":"667750533","full_name":"CodeIntelligenceTesting/c-cpp-example","owner":"CodeIntelligenceTesting","description":null,"archived":false,"fork":false,"pushed_at":"2025-03-17T17:46:02.000Z","size":120,"stargazers_count":7,"open_issues_count":2,"forks_count":2,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-24T23:51:34.805Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CodeIntelligenceTesting.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-07-18T08:12:44.000Z","updated_at":"2025-03-17T17:44:39.000Z","dependencies_parsed_at":"2024-11-12T00:25:05.864Z","dependency_job_id":"b6ff72d2-7bfb-4fae-85e1-a1068f1ca2d8","html_url":"https://github.com/CodeIntelligenceTesting/c-cpp-example","commit_stats":null,"previous_names":["codeintelligencetesting/automotive-example","codeintelligencetesting/c-cpp-example"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fc-cpp-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fc-cpp-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fc-cpp-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fc-cpp-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CodeIntelligenceTesting","download_url":"https://codeload.github.com/CodeIntelligenceTesting/c-cpp-example/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248329901,"owners_count":21085615,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-24T19:14:09.220Z","updated_at":"2025-04-11T02:33:50.854Z","avatar_url":"https://github.com/CodeIntelligenceTesting.png","language":"C++","readme":"\u003ca href=\"https://www.code-intelligence.com/\"\u003e\n\u003cimg src=\"https://www.code-intelligence.com/hubfs/Logos/CI%20Logos/Logo_quer_white.png\" alt=\"Code Intelligence logo\" width=\"450px\"\u003e\n\u003c/a\u003e\n\n# Testing C/C++ for Security and Reliability\nBuilding robust C/C++ applications is a highly challenging endeavor that requires thorough testing. While C/C++ enables us to write high-performance code, the memory-unsafety nature of the language brings a broad spectrum of security risks. Memory corruption issues constitute the vast majority of bugs and security vulnerabilities found in C/C++ projects, and their impact is best demonstrated by the [Heartbleed](https://en.wikipedia.org/wiki/Heartbleed) bug on OpenSSL. Regular unit and integration tests are essential to test that our code functions correctly - they are not enough to uncover memory-corruption bugs. (Whitebox and smart) Fuzz testing on the other hand, has established itself as the best practical method to find these issues in large code bases such as Google Chrome.\n\nThese examples require libssl-dev and libzstd-dev installed on Ubuntu. To install both dependencies you can run:\n```sh\nsudo apt install libssl-dev libzstd-dev -y\n```\nIf you do not want to install both packages, you can use a devcontainer to run the examples, or comment out the include of the simple_examples folder in the main [CMakeLists.txt](CMakeLists.txt#L23) file.\n\nIn this example, we demonstrate how you can use CI Fuzz to integrate fuzz testing into your C/C++ projects. The example project uses [CMake](https://cmake.org/) as the build system and contains the following examples:\n* [Simple Checks Example](src/simple_examples/explore_me.cpp#L10):\nA simple example that triggers a buffer over when the input parameters satisfy certain criteria.\nWe show that CI Fuzz can quickly generate a test case that trigger this bug.\nExecute with:\n```sh\ncifuzz run simple_checks_fuzz_test\n```\n* [Complex Checks Example](src/simple_examples/explore_me.cpp#L22):\nA more complex example that triggers a use-after-free bug when the input parameters satisfy certain criteria. In this example, the checks are more complex and involve Base64 encoding and XORing with constant value, making it more challenging to find the correct combination of input parameters that trigger the bug.\nExecute with:\n```sh\ncifuzz run complex_checks_fuzz_test\n```\n* [Stateful Example](src/state_example):\nAn example that demonstrates the challenges of creating high-quality fuzz tests for complex projects with a large public API. This fuzz test was created with an early version of Code Intelligence auto-generation features, but it is still an excellent example on how to test a large API that keeps state between the calls.\nExecute with:\n```sh\ncifuzz run state_fuzzer\n```\n* [Structure Aware Inputs Example](src/advanced_examples/explore_me.cpp#L8):\nAn example that shows how to fuzz an API that requires structured inputs, with the use of the FuzzedDataProvider helper class.\nExecute with:\n```sh\ncifuzz run structured_input_checks_fuzz_test\n```\n* [Custom Mutator Example](src/advanced_examples/custom_mutator_example_checks_test.cpp#L37):\nAn example that shows how to utilize custom mutators to make sure the fuzzer only creates valid inputs.\nExecute with:\n```sh\ncifuzz run custom_mutator_example_checks_fuzz_test\n```\n* [Slow Input Example](src/advanced_examples/slow_input_checks_test.cpp#L17):\nAn example that shows how the fuzzer can detect inputs that lead to a slow program execution.\nExecute with:\n```sh\ncifuzz run slow_input_checks_fuzz_test\n```\n\n\nTo execute all fuzz tests at the same time, or calculate the code coverage for all, just skip the fuzz target name. Like:\n```sh\ncifuzz run\n```\nor:\n```sh\ncifuzz coverage\n```\n\nTo make use of the devcontainer setup please run ```git submodule update --init --recursive``` and have a look at the [submodule readme](.devcontainer/README.md#L1). The second README will only be available after running the command git submodule update.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodeintelligencetesting%2Fc-cpp-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodeintelligencetesting%2Fc-cpp-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodeintelligencetesting%2Fc-cpp-example/lists"}