{"id":18041304,"url":"https://github.com/ligurio/luzer","last_synced_at":"2025-04-09T16:50:35.258Z","repository":{"id":77678475,"uuid":"568695629","full_name":"ligurio/luzer","owner":"ligurio","description":"A coverage-guided, native Lua fuzzing engine.","archived":false,"fork":false,"pushed_at":"2025-04-08T18:13:54.000Z","size":607,"stargazers_count":39,"open_issues_count":12,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-08T19:25:56.499Z","etag":null,"topics":["fuzzing","lua","luajit","testing"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ligurio.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-21T08:06:35.000Z","updated_at":"2025-04-08T16:19:54.000Z","dependencies_parsed_at":"2023-12-29T15:29:42.494Z","dependency_job_id":"57d50753-e4c1-4d27-8421-8f75eada6bf8","html_url":"https://github.com/ligurio/luzer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ligurio%2Fluzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ligurio%2Fluzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ligurio%2Fluzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ligurio%2Fluzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ligurio","download_url":"https://codeload.github.com/ligurio/luzer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248072520,"owners_count":21043252,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzzing","lua","luajit","testing"],"created_at":"2024-10-30T15:09:05.239Z","updated_at":"2025-04-09T16:50:35.241Z","avatar_url":"https://github.com/ligurio.png","language":"C","readme":"[![Static analysis](https://github.com/ligurio/luzer/actions/workflows/check.yaml/badge.svg)](https://github.com/ligurio/luzer/actions/workflows/check.yaml)\n[![Testing](https://github.com/ligurio/luzer/actions/workflows/test.yaml/badge.svg)](https://github.com/ligurio/luzer/actions/workflows/test.yaml)\n[![License: ISC](https://img.shields.io/badge/License-ISC-blue.svg)](https://opensource.org/licenses/ISC)\n[![Luarocks](https://img.shields.io/luarocks/v/ligurio/luzer/scm-1)](https://luarocks.org/modules/ligurio/luzer)\n\n# luzer\n\na coverage-guided, native Lua fuzzer.\n\n## Overview\n\nFuzzing is a type of automated testing which continuously manipulates inputs to\na program to find bugs. `luzer` uses coverage guidance to intelligently walk\nthrough the code being fuzzed to find and report failures to the user. Since it\ncan reach edge cases which humans often miss, fuzz testing can be particularly\nvaluable for finding security exploits and vulnerabilities.\n\n`luzer` is a coverage-guided Lua fuzzing engine. It supports fuzzing of Lua\ncode, but also C extensions written for Lua. Luzer is based off of\n[libFuzzer][libfuzzer-url]. When fuzzing native code, `luzer` can be used in\ncombination with Address Sanitizer or Undefined Behavior Sanitizer to catch\nextra bugs.\n\n## Quickstart\n\nTo use luzer in your own project follow these few simple steps:\n\n1. Setup `luzer` module:\n\n```sh\n$ luarocks --local install luzer\n$ eval $(luarocks path)\n```\n\n2. Create a fuzz target invoking your code:\n\n```lua\nlocal luzer = require(\"luzer\")\n\nlocal function TestOneInput(buf)\n    local b = {}\n    buf:gsub(\".\", function(c) table.insert(b, c) end)\n    if b[1] == 'c' then\n        if b[2] == 'r' then\n            if b[3] == 'a' then\n                if b[4] == 's' then\n                    if b[5] == 'h' then\n                        assert(nil)\n                    end\n                end\n            end\n        end\n    end\nend\n\nluzer.Fuzz(TestOneInput)\n```\n\n3. Start the fuzzer using the fuzz target\n\n```\n$ luajit examples/example_basic.lua\nINFO: Running with entropic power schedule (0xFF, 100).\nINFO: Seed: 1557779137\nINFO: Loaded 1 modules   (151 inline 8-bit counters): 151 [0x7f0640e706e3, 0x7f0640e7077a),\nINFO: Loaded 1 PC tables (151 PCs): 151 [0x7f0640e70780,0x7f0640e710f0),\nINFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes\nINFO: A corpus is not provided, starting from an empty corpus\n#2\tINITED cov: 17 ft: 18 corp: 1/1b exec/s: 0 rss: 26Mb\n#32\tNEW    cov: 17 ft: 24 corp: 2/4b lim: 4 exec/s: 0 rss: 26Mb L: 3/3 MS: 5 ShuffleBytes-ShuffleBytes-CopyPart-ChangeByte-CMP- DE: \"\\x00\\x00\"-\n...\n```\n\nWhile fuzzing is in progress, the fuzzing engine generates new inputs and runs\nthem against the provided fuzz target. By default, it continues to run until a\nfailing input is found, or the user cancels the process (e.g. with `Ctrl^C`).\n\nThe first lines indicate that the \"baseline coverage\" is gathered before\nfuzzing begins.\n\nTo gather baseline coverage, the fuzzing engine executes both the seed corpus\nand the generated corpus, to ensure that no errors occurred and to understand\nthe code coverage the existing corpus already provides.\n\nSee tests that uses luzer library in:\n\n- Tarantool Lua API tests, https://github.com/ligurio/tarantool-lua-api-tests\n- Lua standard library tests, https://github.com/ligurio/lua-stdlib-tests\n- https://github.com/ligurio/snippets/tree/master/luzer-tests\n\n## Documentation\n\nSee [documentation](docs/index.md).\n\n## License\n\nCopyright © 2022-2023 [Sergey Bronnikov][bronevichok-url].\n\nDistributed under the ISC License.\n\n[libfuzzer-url]: https://llvm.org/docs/LibFuzzer.html\n[bronevichok-url]: https://bronevichok.ru/\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fligurio%2Fluzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fligurio%2Fluzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fligurio%2Fluzer/lists"}