{"id":28075435,"url":"https://github.com/codeintelligencetesting/embedded-example","last_synced_at":"2025-05-13T00:57:19.196Z","repository":{"id":274964291,"uuid":"924636162","full_name":"CodeIntelligenceTesting/embedded-example","owner":"CodeIntelligenceTesting","description":null,"archived":false,"fork":false,"pushed_at":"2025-02-26T11:00:02.000Z","size":16,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-05-13T00:57:08.489Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CodeIntelligenceTesting.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-30T11:31:38.000Z","updated_at":"2025-02-26T11:00:05.000Z","dependencies_parsed_at":"2025-01-30T12:41:08.493Z","dependency_job_id":null,"html_url":"https://github.com/CodeIntelligenceTesting/embedded-example","commit_stats":null,"previous_names":["codeintelligencetesting/embedded-example"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fembedded-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fembedded-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fembedded-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fembedded-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CodeIntelligenceTesting","download_url":"https://codeload.github.com/CodeIntelligenceTesting/embedded-example/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253850883,"owners_count":21973672,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-13T00:57:18.633Z","updated_at":"2025-05-13T00:57:19.186Z","avatar_url":"https://github.com/CodeIntelligenceTesting.png","language":"C","readme":"# Embedded fuzzing example\n\nThis project is a simple demo on fuzzing a cryptographic library that could be used in embedded systems.\n\n## How to Onboard\n\n### Initialize the repo\nThe very first step you need to do is run the following command in the project root directory to initialize cifuzz:\n```\ncifuzz init\n```\n\nThis command sets up the necessary directory for cifuzz and creates a `cifuzz.yaml` file, which contains the project wide configuration for cifuzz.\n\nNext, you need to enable fuzz testing by adding the following lines to your top level CMake configuration:\n```\nfind_package(cifuzz NO_SYSTEM_ENVIRONMENT_PATH)\nenable_fuzz_testing()\n```\n\n### Create a fuzz test\n\nThe next step is to create a fuzz test. You can do this by running the following command:\n```\ncifuzz create -o fuzztest.cpp\n```\n\nThis will create an empty fuzz test in the current directory named `fuzztest.cpp`\n\nAfter that, you will need to add a new target in CMake by including the following line:\n```\nadd_fuzz_test(fuzztest fuzztest.cpp)\n```\n\n\n### Linking the fuzz test with the software under test\n\nNow that we have an (empty) fuzz test, we want to start fuzzing. Before deciding which function to fuzz, we need to link our target, `fuzztest`, against the library we want to test, `automotive` (as specified in `src/CMakeLists.txt`). To do this, add the following line under the `fuzztest` target in your CMake configuration:\n```\ntarget_link_libraries(fuzztest automotive)\n```\nOnce this is added, we can focus on the fuzz test. In this case, we have multiple modules we could fuzz (located in `src`), but we will focus on the `crypto`    library. First, we need to include the respective header within an extern `C` block to allow us to fuzz the targeted function:\n\n```cpp\nextern \"C\" {\n#include \"crypto_1.h\"\n}\n```\n\nIf you try to run it with:\n\n```\ncifuzz run fuzztest\n```\n\nyou should encounter a linker error. This is likely because some functions are not defined here and would typically come from third-party code or drivers. This situation can occur frequently in embedded projects. A common approach to resolve this is to create dummy implementations of these functions for now. You can create a new file named `mocks.c` and add it to the CMake configuration for the `automotive` library.\n\nFor example, here’s a simple implementation for the undefined function `driver_get_current_time`:\n```c\nint driver_get_current_time() {\n  return 0;\n}\n```\n\n### Fuzzing the project\n\nNow we can finally focus on the fuzz test. Let's say we want to fuzz the `crypto_verify_hmac()` function. We see that it takes three arguments:\n```c\nconst uint8_t *message, int len, crypto_hmac *hmac\n```\n\nThis is a great target for the fuzzer. We want to send fuzz-generated data to this function through these parameters. To do this, we can use the `FuzzDataProvider` helper to obtain data in the exact types we need within the `FUZZ_TEST` body:\n\n```cpp\n// Generate a random length for the message\nint message_len = fuzzed_data.ConsumeIntegralInRange\u003cint\u003e(0, 1024);\n\n// Generate the message based on the length\nstd::vector\u003cuint8_t\u003e message = fuzzed_data.ConsumeBytes\u003cuint8_t\u003e(message_len);\n\n// Create a crypto_hmac struct and fill it with fuzz-generated data\ncrypto_hmac hmac;\nstd::vector\u003cuint8_t\u003e hmac_data = fuzzed_data.ConsumeBytes\u003cuint8_t\u003e(sizeof(hmac.hmac));\nstd::copy(hmac_data.begin(), hmac_data.end(), hmac.hmac);\n```\n\nOnce this is added, we can finally call the function with the variables we created:\n```cpp\ncrypto_verify_hmac(message.data(), message.size(), \u0026hmac);\n```\n\nYou can then fuzz the project using:\n```\ncifuzz run fuzztest\n```\n\n### Coverage \u0026 improvement to the fuzz test\nYou can check the coverage by running:\n```\ncifuzz coverage fuzztest\n```\n\nAs you may notice, we are not able to reach much code, as the fuzzer seems to be stuck (in `src/crypto/crypto_1.c`). This indicates that we need to better understand the code and improve the fuzz test. You can try this on your own or refer to the \"solution\" on the other branch: `fuzzing-setup`\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodeintelligencetesting%2Fembedded-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodeintelligencetesting%2Fembedded-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodeintelligencetesting%2Fembedded-example/lists"}