{"id":21594638,"url":"https://github.com/ispras/fuzzeddataprovidercs","last_synced_at":"2025-04-10T23:41:52.720Z","repository":{"id":72016734,"uuid":"445766485","full_name":"ispras/FuzzedDataProviderCS","owner":"ispras","description":"FuzzedDataProvider for C#, inspired by Google's FuzzedDataProvider.","archived":false,"fork":false,"pushed_at":"2024-03-18T12:35:34.000Z","size":550,"stargazers_count":7,"open_issues_count":0,"forks_count":2,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-07T01:41:14.303Z","etag":null,"topics":["csharp","fuzzing","structure","structureaware","wrapper"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ispras.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-01-08T08:35:49.000Z","updated_at":"2025-01-02T15:19:54.000Z","dependencies_parsed_at":null,"dependency_job_id":"a8b30a76-df3c-402b-865d-cbcc366a2a52","html_url":"https://github.com/ispras/FuzzedDataProviderCS","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ispras%2FFuzzedDataProviderCS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ispras%2FFuzzedDataProviderCS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ispras%2FFuzzedDataProviderCS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ispras%2FFuzzedDataProviderCS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ispras","download_url":"https://codeload.github.com/ispras/FuzzedDataProviderCS/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248317732,"owners_count":21083527,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["csharp","fuzzing","structure","structureaware","wrapper"],"created_at":"2024-11-24T17:19:08.334Z","updated_at":"2025-04-10T23:41:52.700Z","avatar_url":"https://github.com/ispras.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# FuzzedDataProviderCS\n\n*Made as a part of __Competence Center Community__ activities (Telegram: https://t.me/sdl_community)*\n\nFuzzedDataProvider for C#, inspired by Google's FuzzedDataProvider. Look at: \n- common description and the conception of Structure Aware Fuzzing  https://github.com/google/fuzzing/blob/master/docs/split-inputs.md#fuzzed-data-provider\n- source code https://github.com/llvm-mirror/compiler-rt/blob/master/include/fuzzer/FuzzedDataProvider.h\n- example https://fuchsia.googlesource.com/fuchsia/+/dbda4024104e/examples/fuzzers/cpp/fuzzed-data-provider.cc\n- abstract (mostly in Russian) [Structure_Aware_Fuzzing_and_logical_erros.pdf](Docs/Structure_Aware_Fuzzing_and_logical_erros.pdf) \n\nWritten in **.NET Standard 2.1**.\n\nMade for using with C#-fuzzers [like sharpfuzz](https://github.com/Metalnem/sharpfuzz). \n\n### HowTo (Test run):\n\nInstall:\n- as sources to be built `git clone https://github.com/ispras/FuzzedDataProviderCS`;\n- as a **nuget `dotnet add package FuzzedDataProviderCS`**.\n\nUbuntu 20.04, install [.NET 6], (https://docs.microsoft.com/en-us/dotnet/core/install/linux-ubuntu#2004-), then build from sources and test it:\n\n```\ndotnet build\ndotnet test FuzzedDataProviderCSTest\n```\n\nIn case of troubles with Debuger (because of different target platforms of Library and Test), make `dotnet clean`, and then build all the projects for x64, like: \n```\ndotnet build -a x64 FuzzedDataProviderCSLibrary/FuzzedDataProviderCSLibrary.csproj\ndotnet build -a x64 FuzzedDataProviderCSTest/FuzzedDataProviderCSTest.csproj\n```\nAlso try to restart restart VSCode after rebuild (developed and tested with VSCode).\n\n### HowTo (Main concept and commands):\n\n1. Create FuzzedDataProviderCS class instance. You must pass to the constructor an array to be parsed (mandatory property `data`).You can instruct the instance to exit the program (and, in case of fuzzing, move to the next iteration) when all the fuzzed data was consumed, but not all concuming calls were done (arbitrary property `exitAppOnInsufficientData`).\n\n2. Start consuming the data using consuming functions (all public functions are self-documented):\n\n- ConsumeByte()\n- ConsumeChar()\n- ConsumeInt16()\n- ConsumeUInt16()\n- ConsumeInt32()\n- ConsumeUInt32()\n- ConsumeInt64()\n- ConsumeUInt64()\n- ConsumeDouble()\n- ConsumeDateTime()\n- ConsumeEnum()\n- ConsumeBytes()\n- ConsumeRemainingBytes()\n- ConsumeString()\n- ConsumeRemainingAsString()\n\n3. Most of the functions allows you to set a range or a set of possible values. For example:\n- you can instruct the instance to consume an Int32 in a Range [-8; 20359];\n- you can instruct the instance to consume a String where all of the symbols must belong to a Set of ['a', 'B', '8', 'Ă'];\n- etc.\n\n4. When the data to be consumed is over, but you ordere the instance to consume more, insufficient bytes will be filled with 0x00 (in case of `exitAppOnInsufficientData` was set to default value `false` in instance constructor).\n\n### HowTo (Quick Example):\n\nThe code \n\n```\nusing FuzzedDataProviderCSLibrary;\n\n...\n\npublic void TestComplex()\n    {\n        byte[] testArr = { 0x01, 0x02, 0x00, 0x41, 0x00, 0x41, 0x01, 0x02 };\n        \n        var fdp = new FuzzedDataProviderCS(testArr, exitAppOnInsufficientData : false); //Create instance\n        var resultUInt16 = fdp.ConsumeUInt16(); //Consume 2 bytes and convert it to UInt16\n        var resultBytes = fdp.ConsumeBytes(2); //Consume 2 bytes and copy it to Byte[]\n        var resultStr = fdp.ConsumeRemainingAsString(new HashSet\u003cchar\u003e() { '\\u0043', '\\x0044', '\\x45' }); //Consume all the remaining data (4 bytes), convert it to string (Unicode), and map all of them into the *Bag of Chars* (a kind of hashing)\n        var resultDT = fdp.ConsumeDateTime(); //The data is over, but because of exitAppOnInsufficientData : false 4 zeroes will be read and coverted to DateTime          \n    }\n\n```\n\nwill construct:\n\n\n```\nresultUInt16,h: 0x0102\nresultBytes,h: {byte[0x00000002]} 0x00, 0x41\nresultStr: \"EC\" //Yeah, the magic of mapping of A'\\x41' and Ă'\\x0102' to C'\\u0043' and E'\\x45'\nresultDT: {1/1/0001 12:00:00 AM} //Smallest possible DateTime\n```\n\nYou could see a plenty of usings and results in [UnitTest1.cs](FuzzedDataProviderCSTest/UnitTest1.cs). \n\n### HowTo (Full Example with Sharpfuzz):\n\n1. Read the guide and install the [sharpfuzz](https://github.com/Metalnem/sharpfuzz#installation).\n2. Create new library project `dotnet new classlib -o TestLib` and add a simple class into Program.cs, that has a public function, throwing an error in case of wrong parameter values combination.\n```\nnamespace TestLib;\npublic class Class1\n{\n    public static void BadFunction(UInt16 v1, Byte[] v2, String v3, DateTime v4)\n    {\n        if (v2[1]==0xFA)\n            if (v1==0x1013)\n                if (v3.Length == 4)\n                    if (v3[2] == 'W')\n                        if (v4.DayOfWeek == DayOfWeek.Friday)\n                            throw new Exception();\n    }\n\n}\n```\n3. Create new console project for tests `dotnet new console`.\n4. Install FuzzedDataProviderCS package form nuget `dotnet add package FuzzedDataProviderCS`. Add sharpfuzz package too `dotnet add package SharpFuzz`. Add reference to the test library `dotnet add test.csproj reference TestLib/TestLib.csproj`. Your .csproj file should looks like the code below now:\n\n```\n\u003cProject Sdk=\"Microsoft.NET.Sdk\"\u003e\n\n  \u003cPropertyGroup\u003e\n    \u003cGenerateAssemblyInfo\u003efalse\u003c/GenerateAssemblyInfo\u003e\n    \u003cOutputType\u003eExe\u003c/OutputType\u003e\n    \u003cTargetFramework\u003enet6.0\u003c/TargetFramework\u003e\n    \u003cImplicitUsings\u003efalse\u003c/ImplicitUsings\u003e\n    \u003cNullable\u003eenable\u003c/Nullable\u003e    \n  \u003c/PropertyGroup\u003e\n\n  \u003cItemGroup\u003e\n    \u003cPackageReference Include=\"FuzzedDataProviderCS\" Version=\"1.1.7\" /\u003e\n    \u003cPackageReference Include=\"SharpFuzz\" Version=\"1.6.2\" /\u003e\n  \u003c/ItemGroup\u003e\n\n  \u003cItemGroup\u003e    \n    \u003cProjectReference Include=\"..\\TestLib\\TestLib.csproj\" /\u003e\n  \u003c/ItemGroup\u003e\n\n\u003c/Project\u003e\n```\n\n5. Add sharpfuzz wrapper and FuzzedDataProviderCS-wrapper into Program.cs.\n```\nusing System;\nusing System.IO;\nusing SharpFuzz;\nusing FuzzedDataProviderCSLibrary;\nusing System.Collections.Generic;\n\nnamespace Test\n{\n    public class Program\n    {\n        private static void FuzzTarget(Stream input)\n        {\n            using (MemoryStream ms = new MemoryStream())\n            {\n                input.CopyTo(ms);\n                var fdp = new FuzzedDataProviderCS(\n                    ms.ToArray(), exitAppOnInsufficientData: false);\n\n                var v1 = fdp.ConsumeUInt16();\n                var v2 = fdp.ConsumeBytes(3);\n                var v3_len = fdp.ConsumeByte();\n                var v3 = fdp.ConsumeString(\n                    length : v3_len, new HashSet\u003cchar\u003e() { '5', '+', 'W', 'X', 'A' });\n                var v4 = fdp.ConsumeDateTime();\n                \n                TestLib.Class1.BadFunction(v1, v2, v3, v4);\n            }\n        }\n        public static void Main(string[] args)\n        {\n            Fuzzer.Run(stream =\u003e FuzzTarget(stream)); //Using sharpfuzz Run(Action\u003cStream\u003e) overload                     \n        }\n    }\n}\n```\n\n6. Build the project, then according to [sharpfuzz usage](https://github.com/Metalnem/sharpfuzz#usage) instrument TestLib.dll (**the one in the /bin subdirectory of test console project**, not the one on the TestLib/bin!) and fuzz the code. I\\`ve got a crash after ~1.50 of one-core fuzzing. **Right now sharpfuzz instrumenter doesn\\`t work with .NET6, so install net-sdk-5.0 just for instrumenting purpose**.\n\n7. Open the crashing sample with a HEX-viewer and check that the data corresponds the param values of TestLib crashing function.\n\n\n\n\n### Tasks:\n- [x] Add HowToes\n- [ ] Templatize it using Generics/Abstract class.\n- [ ] Test in DNF/Win.\n- [ ] Make shims and test for another encoding order (need fix for Pose library https://github.com/tonerdo/pose/issues/69).\n- [ ] Add Array/List consumers.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fispras%2Ffuzzeddataprovidercs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fispras%2Ffuzzeddataprovidercs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fispras%2Ffuzzeddataprovidercs/lists"}