Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/MozillaSecurity/dharma

Generation-based, context-free grammar fuzzer. Refer to https://github.com/posidron/dharma for a maintained version.
https://github.com/MozillaSecurity/dharma

context-free fuzzer fuzzing generation grammar python random

Last synced: about 2 months ago
JSON representation

Generation-based, context-free grammar fuzzer. Refer to https://github.com/posidron/dharma for a maintained version.

Awesome Lists containing this project

README 

        
**
Archived — please see https://github.com/posidron/dharma for maintained version.
**





  Logo






Generation-based, context-free grammar fuzzer.






Build Status

IRC











Table of Contents



- [Run](#Run)

  - [pip](#pip)

  - [pipenv](#pipenv)

  - [package](#package)

  - [Docker](#Docker)

- [Examples](#Examples)

- [Development](#Development)

- [Dharma Grammar Cheatsheet](#Dharma-Grammar-Cheatsheet)

- [API Documentation](#API-Documentation)

- [Dharma in the Public](#Dharma-in-the-Public)



## Run



All roads lead to Rome but Python 3.x is the prefered vehicle.



### pip



```bash

pip install dharma

dharma --help

```



### pipenv



```bash

pipenv install --dev

pipenv run dharma --help

```



### package



```bash

python -m dharma --help

```



### Docker



```bash

docker build -t dharma .

docker run --rm -it dharma -grammars dharma/grammars/canvas2d.dg

```



## Examples



Generate a single test-case and print it to `stdout`. Multiple grammars can be appended to the `-grammars` argument.



```bash

dharma -grammars dharma/grammars/canvas2d.dg

```



Generating multiple test-cases and save the result to disk.



```bash

dharma -grammars dharma/grammars/canvas2d.dg -storage . -count 5

```



Generate test-cases and serve them in a template via WebSocket.

Launch `dharma/grammars/var/index.html` in the browser after Dharma launched.



```bash

dharma -grammars dharma/grammars/canvas2d.dg -server -template dharma/grammars/var/templates/html5/default.html

```



Benchmark the generator.



```bash

time dharma -grammars dharma/grammars/canvas2d.dg -count 10000 > /dev/null

```



## Development



### PyLint



In case you run PyLint 1.9.2 and Python 3.7 you need to upgrade PyLint.



```bash

pip3 install pylint astroid --pre -U

```



## Dharma Grammar Cheatsheet



### Comments



```

%%% comment

```



### Controls



```

%const% name := value

```



### Sections



```

%section% := value

%section% := variable

%section% := variance

```



### Extension Methods



Refer to `extensions.py` in `dharma/core/` and to the `xref_registry` in the `DharmaMachine` class to add further extensions.



```

%range%(0-9)

%range%(0.0-9.0)

%range%(a-z)

%range%(!-~)

%range%(0x100-0x200)



%repeat%(+variable+)

%repeat%(+variable+, ", ")



%uri%(path)

%uri%(lookup_key)



%block%(path)



%choice%(foo, "bar", 1)

```



### Assigning Values



```

digit :=

    %range%(0-9)



sign :=

    +

    -



value :=

    +sign+%repeat%(+digit+)

```



### Using Values



```

+value+

```



### Assigning Variables



```

variable :=

    @variable@ = new Foo();

```



### Using Variables



```

value :=

    !variable!.bar();

```



### Referencing values from `common.dg`



```

value :=

    attribute=+common:number+

```



### Calling JavaScript library methods



```

foo :=

    Random.pick([0,1]);

```



## API Documentation



- https://mozillasecurity.github.io/dharma



## Dharma in the Public



Dharma mentionings in the news.



- https://webassembly-security.com/fuzzing-wasm-javascript-dharma-chrome-v8/

- https://www.zerodayinitiative.com/blog/2019/1/31/implementing-fuzz-logics-with-dharma

- http://blog.ret2.io/2018/06/13/pwn2own-2018-vulnerability-discovery/

- https://blog.mozilla.org/security/2015/06/29/dharma/

- https://www.redpacketsecurity.com/dharma-generation-based-context-free-grammar-fuzzing-tool/