{"id":15010387,"url":"https://github.com/codeintelligencetesting/jazzer","last_synced_at":"2025-05-14T09:09:27.819Z","repository":{"id":37094596,"uuid":"333867901","full_name":"CodeIntelligenceTesting/jazzer","owner":"CodeIntelligenceTesting","description":"Coverage-guided, in-process fuzzing for the JVM","archived":false,"fork":false,"pushed_at":"2025-04-05T09:49:13.000Z","size":6315,"stargazers_count":1099,"open_issues_count":41,"forks_count":150,"subscribers_count":25,"default_branch":"main","last_synced_at":"2025-04-12T03:43:59.912Z","etag":null,"topics":["clojure","fuzzer","fuzzing","java","jni","jvm","kotlin","security"],"latest_commit_sha":null,"homepage":"https://code-intelligence.com","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CodeIntelligenceTesting.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-28T19:08:19.000Z","updated_at":"2025-04-07T18:09:01.000Z","dependencies_parsed_at":"2023-09-26T17:27:41.273Z","dependency_job_id":"9a4526b4-44bf-45a7-9c7b-690b67225622","html_url":"https://github.com/CodeIntelligenceTesting/jazzer","commit_stats":null,"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fjazzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fjazzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fjazzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fjazzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CodeIntelligenceTesting","download_url":"https://codeload.github.com/CodeIntelligenceTesting/jazzer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248514214,"owners_count":21116899,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clojure","fuzzer","fuzzing","java","jni","jvm","kotlin","security"],"created_at":"2024-09-24T19:33:56.753Z","updated_at":"2025-04-12T03:44:05.936Z","avatar_url":"https://github.com/CodeIntelligenceTesting.png","language":"Java","readme":"\u003cdiv align=\"center\"\u003e\n  \u003ca href=\"https://code-intelligence.com\"\u003e\u003cimg src=\"https://www.code-intelligence.com/hubfs/Logos/CI%20Logos/Jazzer_einfach.png\" height=150px alt=\"Jazzer by Code Intelligence\"\u003e\n\u003c/a\u003e\n  \u003ch1\u003eJazzer\u003c/h1\u003e\n  \u003cp\u003eFuzz Testing for the JVM\u003c/p\u003e\n  \u003ca href=\"https://github.com/CodeIntelligenceTesting/jazzer/releases\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/v/release/CodeIntelligenceTesting/jazzer\" alt=\"Releases\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://search.maven.org/search?q=g:com.code-intelligence%20a:jazzer\"\u003e\n    \u003cimg src=\"https://img.shields.io/maven-central/v/com.code-intelligence/jazzer\" alt=\"Maven Central\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/CodeIntelligenceTesting/jazzer/actions/workflows/run-all-tests-main.yml?query=branch%3Amain\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/actions/workflow/status/CodeIntelligenceTesting/jazzer/run-all-tests-main.yml?branch=main\u0026logo=github\" alt=\"CI status\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/CodeIntelligenceTesting/jazzer/blob/main/LICENSE\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/license/CodeIntelligenceTesting/jazzer\" alt=\"License\"\u003e\n  \u003c/a\u003e\n\n  \u003cbr /\u003e\n\n\u003ca href=\"https://www.code-intelligence.com/\" target=\"_blank\"\u003eWebsite\u003c/a\u003e\n|\n\u003ca href=\"https://www.code-intelligence.com/blog\" target=\"_blank\"\u003eBlog\u003c/a\u003e\n|\n\u003ca href=\"https://twitter.com/CI_Fuzz\" target=\"_blank\"\u003eTwitter\u003c/a\u003e\n\u003c/div\u003e\n\n\u003e [!IMPORTANT]\n\u003e Hello users!\n\u003e\n\u003e We are thrilled to announce that **Jazzer** is now back under the **Apache 2.0 license**!\n\u003e\n\u003e A year ago, we temporarily stopped maintaining Jazzer as open source. \n\u003e During this time, we received incredible feedback, support, and ideas from\n\u003e the community, which motivated us to find a way to bring Jazzer back to the\n\u003e open-source world.\n\u003e\n\u003e Thanks to your enthusiasm and contributions, and a special callout to the \n\u003e [OSS-Fuzz](https://github.com/google/oss-fuzz) team 🚀.\n\u003e \n\u003e Visit [code-intelligence.com](https://code-intelligence.com) for more \n\u003e information.\n\u003e\n\u003e The Code Intelligence team\n\nJazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by [Code Intelligence](https://code-intelligence.com).\nIt is based on [libFuzzer](https://llvm.org/docs/LibFuzzer.html) and brings many of its instrumentation-powered mutation features to the JVM.\n\nJazzer currently supports the following platforms:\n* Linux x86_64\n* macOS 12+ x86_64 \u0026 arm64\n* Windows x86_64\n\n## Using Jazzer via...\n\n### JUnit 5\n\nThe following steps assume that JUnit 5.9.0 or higher is set up for your project, for example based on the official [junit5-samples](https://github.com/junit-team/junit5-samples).\n\n1. Add a dependency on `com.code-intelligence:jazzer-junit:\u003clatest version\u003e`.\n   All Jazzer Maven artifacts are signed with [this key](deploy/maven.pub).\n2. Add a new *fuzz test* to a new or existing test class: a method annotated with [`@FuzzTest`](https://codeintelligencetesting.github.io/jazzer-docs/jazzer-junit/com/code_intelligence/jazzer/junit/FuzzTest.html) and at least one parameter.\n   Using a single parameter of type [`FuzzedDataProvider`](https://codeintelligencetesting.github.io/jazzer-docs/jazzer-api/com/code_intelligence/jazzer/api/FuzzedDataProvider.html), which provides utility functions to produce commonly used Java values, or `byte[]` is recommended for optimal performance and reproducibility of findings.\n3. Assuming your test class is called `com.example.MyFuzzTests`, create the *inputs directory* `src/test/resources/com/example/MyFuzzTestsInputs`.\n4. Run a fuzz test with the environment variable `JAZZER_FUZZ` set to `1` to let the fuzzer rapidly try new sets of arguments.\n   If the fuzzer finds arguments that make your fuzz test fail or even trigger a security issue, it will store them in the inputs directory.\n   In this mode, only a single fuzz test is executed per test run (see [#599](https://github.com/CodeIntelligenceTesting/jazzer/issues/599) for details).\n5. Run the fuzz test without `JAZZER_FUZZ` set to execute it only on the inputs in the inputs directory.\n   This mode, which behaves just like a traditional unit test, ensures that issues previously found by the fuzzer remain fixed and can also be used to debug the fuzz test on individual inputs.\n\nA simple property-based fuzz test could look like this (excluding imports):\n\n```java\nclass ParserTests {\n   @Test\n   void unitTest() {\n      assertEquals(\"foobar\", SomeScheme.decode(SomeScheme.encode(\"foobar\")));\n   }\n\n   @FuzzTest\n   void fuzzTest(FuzzedDataProvider data) {\n      String input = data.consumeRemainingAsString();\n      assertEquals(input, SomeScheme.decode(SomeScheme.encode(input)));\n   }\n}\n```\n\nA complete Maven example project can be found in [`examples/junit`](examples/junit).\n\n### GitHub releases\n\nYou can also use GitHub release archives to run a standalone Jazzer binary that starts its own JVM configured for fuzzing:\n\n1. Download and extract the latest release from the [GitHub releases page](https://github.com/CodeIntelligenceTesting/jazzer/releases).\n2. Add a new class to your project with a \u003ccode\u003epublic static void fuzzerTestOneInput(\u003ca href=\"https://codeintelligencetesting.github.io/jazzer-docs/jazzer-api/com/code_intelligence/jazzer/api/FuzzedDataProvider.html\"\u003eFuzzedDataProvider\u003c/a\u003e data)\u003c/code\u003e method.\n3. Compile your fuzz test with `jazzer_standalone.jar` on the classpath.\n4. Run the `jazzer` binary (`jazzer.exe` on Windows), specifying the classpath and fuzz test class:\n\n```shell\n./jazzer --cp=\u003cclasspath\u003e --target_class=\u003cfuzz test class\u003e\n```\n\nIf you see an error saying that `libjvm.so` has not been found, make sure that `JAVA_HOME` points to a JDK.\n\nThe [`examples`](examples/src/main/java/com/example) directory includes both toy and real-world examples of fuzz tests.\n\n### Bazel\n\nSupport for Jazzer is available in [rules_fuzzing](https://github.com/bazelbuild/rules_fuzzing), the official Bazel rules for fuzzing.\nSee [the README](https://github.com/bazelbuild/rules_fuzzing#java-fuzzing) for instructions on how to use Jazzer in a Java Bazel project.\n\n### OSS-Fuzz\n\n[Code Intelligence](https://code-intelligence.com) and Google have teamed up to bring support for Java, Kotlin, and other JVM-based languages to [OSS-Fuzz](https://github.com/google/oss-fuzz), Google's project for large-scale fuzzing of open-source software.\nRead [the OSS-Fuzz guide](https://google.github.io/oss-fuzz/getting-started/new-project-guide/jvm-lang/) to learn how to set up a Java project.\n\n## Building from source\n\nInformation on building and testing Jazzer for development can be found in [CONTRIBUTING.md](CONTRIBUTING.md)\n\n## Further documentation\n\n* [Common options and workflows](docs/common.md)\n* [Advanced techniques](docs/advanced.md)\n\n## Findings\n\nA list of security issues and bugs found by Jazzer is maintained [here](docs/findings.md).\nIf you found something interesting and the information is public, please send a PR to add it to the list.\n\n## Credit\n\nThe following developers have contributed to Jazzer before its public release:\n\n[Sergej Dechand](https://github.com/serj),\n[Christian Hartlage](https://github.com/dende),\n[Fabian Meumertzheim](https://github.com/fmeum),\n[Sebastian Pöplau](https://github.com/sebastianpoeplau),\n[Mohammed Qasem](https://github.com/mohqas),\n[Simon Resch](https://github.com/simonresch),\n[Henrik Schnor](https://github.com/henrikschnor),\n[Khaled Yakdan](https://github.com/kyakdan)\n\nThe LLVM-style edge coverage instrumentation for JVM bytecode used by Jazzer relies on [JaCoCo](https://github.com/jacoco/jacoco).\nPreviously, Jazzer used AFL-style coverage instrumentation as pioneered by [kelinci](https://github.com/isstac/kelinci).\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://www.code-intelligence.com\"\u003e\u003cimg src=\"https://www.code-intelligence.com/hubfs/Logos/CI%20Logos/CI_Header_GitHub_quer.jpeg\" height=50px alt=\"Code Intelligence logo\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n[`FuzzedDataProvider`]: https://codeintelligencetesting.github.io/jazzer-docs/jazzer-api/com/code_intelligence/jazzer/api/FuzzedDataProvider.html\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodeintelligencetesting%2Fjazzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodeintelligencetesting%2Fjazzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodeintelligencetesting%2Fjazzer/lists"}