{"id":21602721,"url":"https://github.com/codeintelligencetesting/jazzer-clj","last_synced_at":"2025-04-11T02:33:49.467Z","repository":{"id":62431780,"uuid":"445127615","full_name":"CodeIntelligenceTesting/jazzer-clj","owner":"CodeIntelligenceTesting","description":"Clojure interface for Jazzer","archived":false,"fork":false,"pushed_at":"2022-01-07T15:11:14.000Z","size":24,"stargazers_count":14,"open_issues_count":0,"forks_count":1,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-03-24T23:51:34.811Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://cljdoc.org/d/com.code-intelligence/jazzer-clj","language":"Clojure","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"epl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CodeIntelligenceTesting.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-01-06T10:22:04.000Z","updated_at":"2025-03-15T20:11:15.000Z","dependencies_parsed_at":"2022-11-01T21:00:44.001Z","dependency_job_id":null,"html_url":"https://github.com/CodeIntelligenceTesting/jazzer-clj","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fjazzer-clj","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fjazzer-clj/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fjazzer-clj/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodeIntelligenceTesting%2Fjazzer-clj/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CodeIntelligenceTesting","download_url":"https://codeload.github.com/CodeIntelligenceTesting/jazzer-clj/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248329901,"owners_count":21085615,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-24T19:14:09.807Z","updated_at":"2025-04-11T02:33:49.444Z","avatar_url":"https://github.com/CodeIntelligenceTesting.png","language":"Clojure","readme":"# Fuzzing Clojure code with [Jazzer](https://github.com/CodeIntelligenceTesting/jazzer)\n\n[![Clojars Project](https://img.shields.io/clojars/v/com.code-intelligence/jazzer-clj.svg)](https://clojars.org/com.code-intelligence/jazzer-clj) [![cljdoc badge](https://cljdoc.org/badge/com.code-intelligence/jazzer-clj)](https://cljdoc.org/d/com.code-intelligence/jazzer-clj) [![Clojure CI](https://github.com/CodeIntelligenceTesting/jazzer-clj/actions/workflows/clojure.yml/badge.svg)](https://github.com/CodeIntelligenceTesting/jazzer-clj/actions/workflows/clojure.yml)\n\nThe goal of `jazzer-clj` is to provide an idiomatic way to test Clojure software\nwith the JVM fuzzer [Jazzer](https://github.com/CodeIntelligenceTesting/jazzer).\nSee\n[jazzer-clojure-example](https://github.com/CodeIntelligenceTesting/jazzer-clojure-example)\nfor an example project using it, or follow the instructions below to set it up\nwith your own code.\n\n## Usage\n\nIn order to test your code, Jazzer requires you to write so-called \"fuzz\ntargets\" for it. They're comparable to unit tests, but with one important\ndifference: fuzz targets need to use input data that they receive from the\nfuzzer to exercise the code under test.\n\nFor a concrete example, let's assume you have a function `do-something` that\ntakes an integer and a string argument. In order to test it with Jazzer, define\na fuzz target like so:\n\n``` clojure\n;; Anywhere in your code, as long as the namespace is AOT-compiled (see below)\n(ns your-company.your-project.somewhere\n  (:require [com.code-intelligence.jazzer-clj.core :as fuzzing]))\n\n;; The function under test can be defined in this namespace or another; let's\n;; assume it's defined like this:\n(defn do-something\n  \"Not a very useful piece of code.\"\n  [s]\n  (when (= \"supersecret\" s)\n    (throw (Exception. \"You found the bug!\"))))\n\n;; Now we define the actual test:\n(fuzzing/deftarget your.company.fuzzing.DoSomethingTarget [input]\n  (do-something (.consumeRemainingAsString input)))\n```\n\nInternally, this defines a Java class with the interface required by Jazzer\n(expand the macro if you're curious!). Think of the `input` parameter as a\nsource of test data; see the\n[javadoc](https://codeintelligencetesting.github.io/jazzer-api/com/code_intelligence/jazzer/api/FuzzedDataProvider.html)\nfor details.\n\nNow you can build a JAR from your project as usual (e.g., using `lein uberjar`).\nWhat's important is to make sure that all namespaces containing fuzz targets\n(i.e., `your-company.your-project.somewhere` in our example) are AOT-compiled:\nJazzer requires the class that you define with `deftarget` to exist when the\ncode is loaded. In Leiningen, for example, you achieve this by putting the\nfollowing into your `project.clj`:\n\n``` clojure\n(defproject ...\n  :profiles {:uberjar {:aot :all}})\n```\n\nAssuming you've produced the JAR in `target/your-project.jar`, you can run\nJazzer using the Docker image that the project provides:\n\n``` shell\ndocker run -v $PWD:/fuzzing cifuzz/jazzer                       \\\n       --cp=/fuzzing/target/your-project.jar                    \\\n       --target-class=your.company.fuzzing.DoSomethingTarget    \\\n       /fuzzing/corpus-do-something\n```\n\nNote how the command tells Jazzer the class name of the target that you've\ndefined with `deftarget`. The last argument is optional but recommended; it\ntells Jazzer to write interesting program inputs to the specified directory, so\nthat you can resume fuzzing at a later time or run multiple fuzzers in parallel\nand have them share their knowledge.\n\nIf everything is set up correctly, Jazzer should print some notes about the code\nthat it's instrumenting, and then start fuzzing your function:\n\n``` text\nINFO: Loaded 8 hooks from com.code_intelligence.jazzer.sanitizers.Deserialization\nINFO: Loaded 3 hooks from com.code_intelligence.jazzer.sanitizers.ExpressionLanguageInjection\nINFO: Loaded 8 hooks from com.code_intelligence.jazzer.sanitizers.NamingContextLookup\nINFO: Loaded 1 hooks from com.code_intelligence.jazzer.sanitizers.ReflectiveCall\nINFO: Instrumented jazzer_clojure.targets.JsonistaExample (took 136 ms, size +90%)\nINFO: New number of inline 8-bit counters: 1024\nINFO: Instrumented clojure.lang.Var (took 67 ms, size +53%)\n[...]\n#1024\tpulse  cov: 28666 ft: 31372 corp: 687/8801b exec/s: 512 rss: 500Mb\n#2048\tpulse  cov: 28703 ft: 33189 corp: 944/107Kb exec/s: 512 rss: 501Mb\n#2262\tINITED cov: 28706 ft: 33411 corp: 981/209Kb exec/s: 565 rss: 501Mb\n```\n\nThe fuzzer will stop if it finds a crash and print details of the discovered\nissue.\n\n## License\n\nCopyright © 2022 Code Intelligence GmbH\n\nThis program and the accompanying materials are made available under the\nterms of the Eclipse Public License 2.0 which is available at\nhttp://www.eclipse.org/legal/epl-2.0.\n\nThis Source Code may also be made available under the following Secondary\nLicenses when the conditions for such availability set forth in the Eclipse\nPublic License, v. 2.0 are satisfied: GNU General Public License as published by\nthe Free Software Foundation, either version 2 of the License, or (at your\noption) any later version, with the GNU Classpath Exception which is available\nat https://www.gnu.org/software/classpath/license.html.\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://www.code-intelligence.com\"\u003e\u003cimg src=\"https://www.code-intelligence.com/hubfs/Logos/CI%20Logos/CI_Header_GitHub_quer.jpeg\" height=50px alt=\"Code Intelligence logo\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodeintelligencetesting%2Fjazzer-clj","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodeintelligencetesting%2Fjazzer-clj","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodeintelligencetesting%2Fjazzer-clj/lists"}