{"id":28261139,"url":"https://github.com/just-sultanov/fuzzion","last_synced_at":"2026-03-03T23:02:28.587Z","repository":{"id":289343676,"uuid":"970317977","full_name":"just-sultanov/fuzzion","owner":"just-sultanov","description":"WIP: A Clojure wrapper library for Jazzer (libFuzzer). Coverage-guided, in-process fuzzing for the JVM","archived":false,"fork":false,"pushed_at":"2025-05-15T21:22:12.000Z","size":146,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-19T11:49:18.861Z","etag":null,"topics":["clojure","fuzzing","jazzer","libfuzzer"],"latest_commit_sha":null,"homepage":"","language":"Clojure","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/just-sultanov.png","metadata":{"files":{"readme":"readme.md","changelog":"changelog.md","contributing":null,"funding":null,"license":"license","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-21T20:36:11.000Z","updated_at":"2025-10-02T22:17:43.000Z","dependencies_parsed_at":"2025-05-14T21:43:02.549Z","dependency_job_id":null,"html_url":"https://github.com/just-sultanov/fuzzion","commit_stats":null,"previous_names":["just-sultanov/fuzzion"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/just-sultanov/fuzzion","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/just-sultanov%2Ffuzzion","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/just-sultanov%2Ffuzzion/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/just-sultanov%2Ffuzzion/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/just-sultanov%2Ffuzzion/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/just-sultanov","download_url":"https://codeload.github.com/just-sultanov/fuzzion/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/just-sultanov%2Ffuzzion/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30064791,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-03T18:21:05.932Z","status":"ssl_error","status_checked_at":"2026-03-03T18:20:59.341Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clojure","fuzzing","jazzer","libfuzzer"],"created_at":"2025-05-20T05:12:29.573Z","updated_at":"2026-03-03T23:02:28.582Z","avatar_url":"https://github.com/just-sultanov.png","language":"Clojure","funding_links":[],"categories":[],"sub_categories":[],"readme":"# fuzzion\n\nA Clojure wrapper library for [Jazzer](https://github.com/CodeIntelligenceTesting/jazzer) ([libFuzzer](https://llvm.org/docs/LibFuzzer.html)).\nCoverage-guided, in-process fuzzing for the JVM.\n\n## Getting started\n\nFor example, you have such a `square` function and you want to fuzz it.\n\n```clojure\n;; src/main/clojure/example/core.clj\n(ns example.core)\n\n(defn square\n  [x]\n  (* x x))\n```\n\nLet's add a simple target.\n\n```clojure\n;; src/fuzz/clojure/example/core_fuzzer.clj\n(ns example.core-fuzzer\n  (:require\n    [example.core :as sut]\n    [fuzzion.core :as f]))\n\n(f/deftarget square\n  [input]\n  (try\n    (when (= 4 (sut/square (f/consume-long input)))\n      (throw (f/issue :high \"You found a bug\")))\n    (catch ArithmeticException _)))\n```\n\nLet's add an alias for `clojure.tools.deps`, in which we will indicate where our fuzzers are located.\n\n```clojure\n;; deps.edn\n{:aliases\n  {:fuzz {:extra-paths [\"src/fuzz/clojure\" \"target/classes\"]\n          :extra-deps {io.github.just-sultanov/fuzzion \"RELEASE\"}\n          :main-opts [\"--main\" \"fuzzion.main\"]}}}\n```\n\nBefore starting fuzzing, we will need to compile the source code with the targets.\nWe can add a simple task using `clojure.tools.build`.\n\n```clojure\n;; build.clj\n(ns build\n  (:require\n    [clojure.string :as str]\n    [clojure.tools.build.api :as b]))\n\n(defn clean\n  [_]\n  (println \"Cleaning...\")\n  (b/delete {:path \"target\"}))\n\n(defn fuzz:compile\n  [_]\n  (println \"Copying sources...\")\n  (b/copy-dir {:src-dirs [\"src/main/clojure\" \"src/fuzz/clojure\"]\n               :target-dir \"target/classes\"})\n  (println \"Compiling...\")\n  (b/compile-clj {:basis (b/create-basis {:project \"deps.edn\", :aliases [:fuzz]})\n                  :ns-compile '[example.core-fuzzer] ;; specify the required namespaces\n                  :class-dir \"target/classes\"}))\n```\n\n```bash\n$ clojure -T:build clean\nCleaning...\n\n$ clojure -T:build fuzz:compile\nCopying sources...\nCompiling...\n```\n\nOur target under the hood has been compiled into a special class `example.core_fuzzer.Square` with one `static` method with the suffix `fuzzerTestOneInput`, which will be called by `libFuzzer`.\n\nNow we have everything ready for fuzzing. Let's run the following commands.\n\n```bash\n$ clojure -M:fuzz --timeout 10s\n\nConfiguration:\n  - Timeout: 10s\n  - NS patterns: [\".+-fuzzer$\"]\n  - Skip meta: [:skip]\n\nFound 1 target(s) in 1 namespace(s):\n  - example.fuzzers.core-fuzzer/square\n\n\nTarget: example.fuzzers.core-fuzzer/square\n\n[example.fuzzers.core-fuzzer/square] - Command: jazzer --reproducer_path=fuzz/reproducers/example/fuzzers/core_fuzzer/square/ -use_value_profile=1 --coverage_report=fuzz/coverage/example/fuzzers/core_fuzzer/square/report.txt --target_class=example.fuzzers.core_fuzzer.Square --instrumentation_includes=example.** -print_coverage=1 -create_missing_dirs=1 --cp=src/fuzz/clojure:target/classes:src/main/clojure:/home/developer/fuzzion/src/main/clojure:/home/developer/fuzzion/src/main/resources:/home/developer/.m2/repository/org/clojure/clojure/1.12.0/clojure-1.12.0.jar:/home/developer/.m2/repository/babashka/fs/0.5.25/fs-0.5.25.jar:/home/developer/.m2/repository/babashka/process/0.6.23/process-0.6.23.jar:/home/developer/.m2/repository/camel-snake-kebab/camel-snake-kebab/0.4.3/camel-snake-kebab-0.4.3.jar:/home/developer/.m2/repository/com/code-intelligence/jazzer-api/0.24.0/jazzer-api-0.24.0.jar:/home/developer/.m2/repository/io/github/tonsky/clj-reload/0.9.6/clj-reload-0.9.6.jar:/home/developer/.m2/repository/org/babashka/cli/0.8.65/cli-0.8.65.jar:/home/developer/.m2/repository/org/clojure/core.specs.alpha/0.4.74/core.specs.alpha-0.4.74.jar:/home/developer/.m2/repository/org/clojure/spec.alpha/0.5.238/spec.alpha-0.5.238.jar -timeout=300 -print_final_stats=1 --keep_going=10 -reduce_inputs=0 -print_corpus_stats=1 --coverage_dump=fuzz/coverage/example/fuzzers/core_fuzzer/square/dump.exec -dict=fuzz/dicts/example/fuzzers/core_fuzzer/square/dict --instrumentation_excludes=example.fuzzers.** -print_full_coverage=1 -artifact_prefix=fuzz/crashes/example/fuzzers/core_fuzzer/square/ --jvm_args=--enable-preview:-Xmx1000m:-XX:-OmitStackTraceInFastThrow:-XX:+UseParallelGC:-XX:+CriticalJNINative:-XX:+EnableDynamicAgentLoading fuzz/corpus/example/fuzzers/core_fuzzer/square\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 311 hooks from com.code_intelligence.jazzer.runtime.TraceCmpHooks\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 5 hooks from com.code_intelligence.jazzer.runtime.TraceDivHooks\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 2 hooks from com.code_intelligence.jazzer.runtime.TraceIndirHooks\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 4 hooks from com.code_intelligence.jazzer.runtime.NativeLibHooks\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 3388 hooks from com.code_intelligence.jazzer.sanitizers.ClojureLangHooks\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 5 hooks from com.code_intelligence.jazzer.sanitizers.Deserialization\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 5 hooks from com.code_intelligence.jazzer.sanitizers.ExpressionLanguageInjection\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 70 hooks from com.code_intelligence.jazzer.sanitizers.LdapInjection\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 46 hooks from com.code_intelligence.jazzer.sanitizers.NamingContextLookup\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 1 hooks from com.code_intelligence.jazzer.sanitizers.OsCommandInjection\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 52 hooks from com.code_intelligence.jazzer.sanitizers.ReflectiveCall\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 8 hooks from com.code_intelligence.jazzer.sanitizers.RegexInjection\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 16 hooks from com.code_intelligence.jazzer.sanitizers.RegexRoadblocks\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 12 hooks from com.code_intelligence.jazzer.sanitizers.ScriptEngineInjection\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 3 hooks from com.code_intelligence.jazzer.sanitizers.ServerSideRequestForgery\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 19 hooks from com.code_intelligence.jazzer.sanitizers.SqlInjection\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 6 hooks from com.code_intelligence.jazzer.sanitizers.XPathInjection\n[example.fuzzers.core-fuzzer/square] - INFO: Instrumented example.fuzzers.core_fuzzer.Square with custom hooks only (took 42 ms, size +19%)\n[example.fuzzers.core-fuzzer/square] - INFO: using inputs from: fuzz/corpus/example/fuzzers/core_fuzzer/square\n[example.fuzzers.core-fuzzer/square] - INFO: found LLVMFuzzerCustomMutator (0x109c06250). Disabling -len_control by default.\n[example.fuzzers.core-fuzzer/square] - INFO: libFuzzer ignores flags that start with '--'\n[example.fuzzers.core-fuzzer/square] - INFO: Running with entropic power schedule (0xFF, 100).\n[example.fuzzers.core-fuzzer/square] - INFO: Seed: 1499000910\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 1 modules   (512 inline 8-bit counters): 512 [0x7fe74a800000, 0x7fe74a800200),\n[example.fuzzers.core-fuzzer/square] - INFO: Loaded 1 PC tables (512 PCs): 512 [0x7fe742ae0200,0x7fe742ae2200),\n[example.fuzzers.core-fuzzer/square] - INFO:      105 files found in fuzz/corpus/example/fuzzers/core_fuzzer/square\n[example.fuzzers.core-fuzzer/square] - INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes\n[example.fuzzers.core-fuzzer/square] - INFO: Instrumented clojure.lang.Var with custom hooks only (took 98 ms, size +21%)\n[example.fuzzers.core-fuzzer/square] - INFO: Instrumented clojure.lang.IFn with custom hooks only (took 0 ms, size +0%)\n[example.fuzzers.core-fuzzer/square] - INFO: Instrumented clojure.lang.IRef with custom hooks only (took 0 ms, size +0%)\n[example.fuzzers.core-fuzzer/square] - INFO: Instrumented clojure.lang.IDeref with custom hooks only (took 5 ms, size +0%)\n[example.fuzzers.core-fuzzer/square] - INFO: Instrumented clojure.lang.Settable with custom hooks only (took 0 ms, size +0%)\n[example.fuzzers.core-fuzzer/square] - INFO: Instrumented clojure.lang.ARef with custom hooks only (took 11 ms, size +11%)\n[example.fuzzers.core-fuzzer/square] - INFO: Instrumented clojure.lang.AReference with custom hooks only (took 5 ms, size +0%)\n[example.fuzzers.core-fuzzer/square] - INFO: Instrumented clojure.lang.IReference with custom hooks only (took 0 ms, size +0%)\n[example.fuzzers.core-fuzzer/square] - INFO: Instrumented clojure.lang.IMeta with custom hooks only (took 0 ms, size +0%)\n\n# ...\n\n[example.fuzzers.core-fuzzer/square] - INFO: Instrumented example.fuzzers.core_fuzzer$fn__364 with custom hooks only (took 5 ms, size +39%)\n[example.fuzzers.core-fuzzer/square] - INFO: Instrumented example.fuzzers.core_fuzzer$_square_fuzzerTestOneInput with custom hooks only (took 5 ms, size +29%)\n[example.fuzzers.core-fuzzer/square] - INFO: seed corpus: files: 105 min: 1b max: 210b total: 2707b rss: 742Mb\n[example.fuzzers.core-fuzzer/square] - #2       pulse  ft: 4 exec/s: 0 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] - INFO: Instrumented clojure.lang.Compiler$FISupport with custom hooks only (took 6 ms, size +0%)\n[example.fuzzers.core-fuzzer/square] - INFO: Instrumented clojure.asm.Handle with custom hooks only (took 9 ms, size +0%)\n[example.fuzzers.core-fuzzer/square] -\n[example.fuzzers.core-fuzzer/square] - == Java Exception: com.code_intelligence.jazzer.api.FuzzerSecurityIssueHigh: You found a bug\n[example.fuzzers.core-fuzzer/square] -  at java.base/jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:62)\n[example.fuzzers.core-fuzzer/square] -  at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:502)\n[example.fuzzers.core-fuzzer/square] -  at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:486)\n[example.fuzzers.core-fuzzer/square] -  at clojure.lang.Reflector.invokeConstructor(Reflector.java:334)\n[example.fuzzers.core-fuzzer/square] -  at fuzzion.core$issue.invokeStatic(core.clj:451)\n[example.fuzzers.core-fuzzer/square] -  at fuzzion.core$issue.invoke(core.clj:425)\n[example.fuzzers.core-fuzzer/square] -  at example.fuzzers.core_fuzzer$_square_fuzzerTestOneInput.invokeStatic(core_fuzzer.clj:19)\n[example.fuzzers.core-fuzzer/square] -  at example.fuzzers.core_fuzzer$_square_fuzzerTestOneInput.invoke(core_fuzzer.clj:15)\n[example.fuzzers.core-fuzzer/square] -  at example.fuzzers.core_fuzzer.Square.fuzzerTestOneInput(Unknown Source)\n[example.fuzzers.core-fuzzer/square] - DEDUP_TOKEN: 262482a3bb5c872e\n[example.fuzzers.core-fuzzer/square] - == libFuzzer crashing input ==\n[example.fuzzers.core-fuzzer/square] - MS: 0 ; base unit: 0000000000000000000000000000000000000000\n[example.fuzzers.core-fuzzer/square] - 0x2,\n[example.fuzzers.core-fuzzer/square] - \\002\n[example.fuzzers.core-fuzzer/square] - artifact_prefix='fuzz/crashes/example/fuzzers/core_fuzzer/square/'; Test unit written to fuzz/crashes/example/fuzzers/core_fuzzer/square/crash-c4ea21bb365bbeeaf5f2c654883e56d11e43c44e\n[example.fuzzers.core-fuzzer/square] - Base64: Ag==\n[example.fuzzers.core-fuzzer/square] - INFO: __sanitizer_symbolize_pc or __sanitizer_get_module_and_offset_for_pc is not available, not printing coverage\n[example.fuzzers.core-fuzzer/square] - INFO: __sanitizer_symbolize_pc or __sanitizer_get_module_and_offset_for_pc is not available, not printing coverage\n[example.fuzzers.core-fuzzer/square] -   [  0 c9ee5681d3c59f7541c27a38b67edf46259e187b] sz:     1 runs:     0 succ:     0 focus: 0\n[example.fuzzers.core-fuzzer/square] - stat::number_of_executed_units: 3\n[example.fuzzers.core-fuzzer/square] - stat::average_exec_per_sec:     0\n[example.fuzzers.core-fuzzer/square] - stat::new_units_added:          0\n[example.fuzzers.core-fuzzer/square] - stat::slowest_unit_time_sec:    0\n[example.fuzzers.core-fuzzer/square] - stat::peak_rss_mb:              742\n[example.fuzzers.core-fuzzer/square] - reproducer_path='fuzz/reproducers/example/fuzzers/core_fuzzer/square/'; Java reproducer written to fuzz/reproducers/example/fuzzers/core_fuzzer/square/Crash_c4ea21bb365bbeeaf5f2c654883e56d11e43c44e.java\n[example.fuzzers.core-fuzzer/square] -\n[example.fuzzers.core-fuzzer/square] - #4       pulse  cov: 4 ft: 9 corp: 2/2b exec/s: 0 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] - #8       pulse  cov: 4 ft: 9 corp: 2/2b exec/s: 0 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] - #16      pulse  cov: 4 ft: 9 corp: 2/2b exec/s: 1 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] - #32      pulse  cov: 4 ft: 9 corp: 2/2b exec/s: 2 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] - #64      pulse  cov: 4 ft: 9 corp: 2/2b exec/s: 5 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:10.000 - #106        INITED cov: 4 ft: 9 corp: 2/2b exec/s: 9 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:09.993 - #128        pulse  cov: 4 ft: 9 corp: 2/2b lim: 4 exec/s: 11 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:09.993 - #256        pulse  cov: 4 ft: 9 corp: 2/2b lim: 6 exec/s: 23 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:09.993 - #512        pulse  cov: 4 ft: 9 corp: 2/2b lim: 8 exec/s: 46 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:09.988 - #1024       pulse  cov: 4 ft: 9 corp: 2/2b lim: 14 exec/s: 93 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:09.980 - #2048       pulse  cov: 4 ft: 9 corp: 2/2b lim: 21 exec/s: 186 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:09.967 - #4096       pulse  cov: 4 ft: 9 corp: 2/2b lim: 43 exec/s: 372 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:09.940 - #8192       pulse  cov: 4 ft: 9 corp: 2/2b lim: 80 exec/s: 744 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:09.904 - #16384      pulse  cov: 4 ft: 9 corp: 2/2b lim: 163 exec/s: 1489 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:09.803 - #32768      pulse  cov: 4 ft: 9 corp: 2/2b lim: 325 exec/s: 2978 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:08.661\n[example.fuzzers.core-fuzzer/square] 00:00:08.468 - #65536      pulse  cov: 4 ft: 9 corp: 2/2b lim: 652 exec/s: 5957 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:07.898 - #131072     pulse  cov: 4 ft: 9 corp: 2/2b lim: 1300 exec/s: 10922 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:06.655\n[example.fuzzers.core-fuzzer/square] 00:00:05.872 - #262144     pulse  cov: 4 ft: 9 corp: 2/2b lim: 2611 exec/s: 20164 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:04.654\n[example.fuzzers.core-fuzzer/square] 00:00:02.654\n[example.fuzzers.core-fuzzer/square] 00:00:01.856 - #524288     pulse  cov: 4 ft: 9 corp: 2/2b lim: 4096 exec/s: 34952 rss: 742Mb\n[example.fuzzers.core-fuzzer/square] 00:00:00.651\n[example.fuzzers.core-fuzzer/square] 00:00:00.000 - TIMEOUT\n[example.fuzzers.core-fuzzer/square] Started at: 2025-05-16T00:20:17.543990\n[example.fuzzers.core-fuzzer/square] Finished at: 2025-05-16T00:20:38.023347\n[example.fuzzers.core-fuzzer/square] Lead time: 00:00:20.479\n[example.fuzzers.core-fuzzer/square] Exit code: 77\n\n\nFuzzing has been completed for 1 target(s) in 1 namespace(s):\n  - example.fuzzers.core-fuzzer/square (00:00:20.479)\n\nStarted at: 2025-05-16T00:20:17.537660\nFinished at: 2025-05-16T00:20:38.023658\nTotal lead time: 00:00:20.485\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjust-sultanov%2Ffuzzion","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjust-sultanov%2Ffuzzion","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjust-sultanov%2Ffuzzion/lists"}