Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/centic9/dynahist-fuzz
Use Jazzer to perform fuzzy testing of dynahist
https://github.com/centic9/dynahist-fuzz
Last synced: 2 days ago
JSON representation
Use Jazzer to perform fuzzy testing of dynahist
- Host: GitHub
- URL: https://github.com/centic9/dynahist-fuzz
- Owner: centic9
- Created: 2023-06-16T08:27:08.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-08-02T07:00:03.000Z (2 months ago)
- Last Synced: 2024-08-02T08:26:59.124Z (2 months ago)
- Language: Java
- Size: 187 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
This is a small project for fuzzing [DynaHist](https://github.com/dynatrace-oss/dynahist) with the [jazzer](https://github.com/CodeIntelligenceTesting/jazzer/) fuzzing tool.
See [Fuzzing](https://en.wikipedia.org/wiki/Fuzzing) for a general description of the theory behind fuzzy testing.
Because Java uses a runtime environment which does not crash on invalid actions of an
application (unless native code is invoked), Fuzzing of Java-based applications
focuses on the following:* verify if only expected exceptions are thrown
* verify any JNI or native code calls
* find cases of unbounded memory allocationsDynaHist does not use JNI or native code, therefore the fuzzing target mainly
tries to trigger unexpected exceptions and unbounded memory allocations.# How to fuzz
Build the fuzzing target:
./gradlew shadowJar
Prepare a corpus of test-files (i.e. valid and invalid lines) and put them
into directory `corpus`mkdir corpus
Download Jazzer from the [releases page](https://github.com/CodeIntelligenceTesting/jazzer/releases),
choose the latest version and select the file `jazzer--.tar.gz`Unpack the archive:
tar xzf jazzer-*.tar.gz
Invoke the fuzzing:
./jazzer --cp=build/libs/dynahist-fuzz-all.jar --instrumentation_includes=com.dynatrace.** --target_class=com.dynatrace.dynahist.fuzz.Fuzz -rss_limit_mb=4096 --jvm_args=-Xss4m corpus
In this mode Jazzer will stop whenever it detects an unexpected exception
or crashes.You can use `--keep_going=10` to report a given number of exceptions before stopping.
See `./jazzer` for options which can control details of how Jazzer operates.