Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/codeintelligencetesting/jazzer.js
Coverage-guided, in-process fuzzing for Node.js
https://github.com/codeintelligencetesting/jazzer.js
fuzzer fuzzing javascript nodejs security testing typescript
Last synced: 2 days ago
JSON representation
Coverage-guided, in-process fuzzing for Node.js
- Host: GitHub
- URL: https://github.com/codeintelligencetesting/jazzer.js
- Owner: CodeIntelligenceTesting
- License: apache-2.0
- Created: 2022-06-29T07:57:30.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-06-12T05:12:33.000Z (7 months ago)
- Last Synced: 2024-12-14T13:40:15.729Z (11 days ago)
- Topics: fuzzer, fuzzing, javascript, nodejs, security, testing, typescript
- Language: TypeScript
- Homepage: https://code-intelligence.com
- Size: 5.37 MB
- Stars: 290
- Watchers: 10
- Forks: 28
- Open Issues: 20
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
> [!IMPORTANT]
>
> Hello Jazzer/Jazzer.js users!
>
> We stopped maintaining Jazzer/Jazzer.js as open source. But we'd be happy to
> try and understand what you're trying to achieve with it, and help you if we
> can!
>
> We already added significant new value to our CI Fuzz solution, which includes
> Jazzer and Jazzer.js. You can see more here at
> [code-intelligence.com](https://code-intelligence.com), or get in contact with
> us via [[email protected]](mailto:[email protected])
>
> Thanks,
>
> The Code Intelligence teamJazzer.js is a coverage-guided, in-process fuzzer for the
[Node.js](https://nodejs.org) platform developed by
[Code Intelligence](https://www.code-intelligence.com). It is based on
[libFuzzer](https://llvm.org/docs/LibFuzzer.html) and brings many of its
instrumentation-powered mutation features to the JavaScript ecosystem.## Quickstart
To use Jazzer.js in your own project follow these few simple steps:
1. Add the `@jazzer.js/core` `dev-dependency`
```shell
npm install --save-dev @jazzer.js/core
```2. Create a fuzz target invoking your code
```js
// file "FuzzTarget.js"
module.exports.fuzz = function (data /*: Buffer */) {
const fuzzerData = data.toString();
myAwesomeCode(fuzzerData);
};
```3. Start the fuzzer using the fuzz target
```shell
npx jazzer FuzzTarget
```4. Enjoy fuzzing!
## Usage
Jazzer.js can be used in two ways: Creating dedicated fuzz targets, as shown in
the [`Quickstart`](#quickstart) section, or integrated into the
[Jest test framework](https://jestjs.io/).### Using test framework integration
**Note**: Using the test framework integration is the easiest and most
convenient way to fuzz your code, hence, it is recommended to use this approach
whenever possible.To use fuzzing in your normal development workflow, a tight integration with the
[Jest test framework](https://jestjs.io/) is provided. This coupling allows the
execution of fuzz tests alongside your normal unit tests and seamlessly detect
problems on your local machine or in your CI, enabling you to check that found
bugs stay resolved forever.Furthermore, the Jest integration enables great IDE support, so that individual
inputs can be run or even debugged, similar to what you would expect from normal
Jest tests.**Note**: Detailed explanation on how to use the Jest integration can be found
at [docs/jest-integration.md](docs/jest-integration.md).A Jest fuzz test, in this case written in TypeScript, looks similar to the
following example:```typescript
// file: "Target.fuzz.ts"
import "@jazzer.js/jest-runner";
import * as target from "./target";describe("Target", () => {
it.fuzz("executes a method", (data: Buffer) => {
target.fuzzMe(data);
});
});
```**Note**: Please take a look at
[Enabling TypeScript in Jest tests](docs/jest-integration.md#enabling-typescript-jest-tests)
for further information on how to set up Jest fuzz tests written in TypeScript.### Using fuzz targets
Creating fuzz targets and executing those via CLI commands is straightforward
and similar to what you would expect from other fuzzers. This approach offers
the most control and can easily be integrated in your CI pipelines via
`npm`/`npx` commands.**Note**: Detailed explanation on how to create and use fuzz targets can be
found at [docs/fuzz-targets.md](docs/fuzz-targets.md).A fuzz target can look as simple as this example:
```js
// file "FuzzTarget.js"
module.exports.fuzz = function (data /*: Buffer */) {
const fuzzerData = data.toString();
myAwesomeCode(fuzzerData);
};
```## Documentation
Further documentation is available at [docs/readme.md](docs/README.md).
### Demo Video - Introduction to Jazzer.js
We recorded a live demo which shows how to get Jazzer.js up and running for your
own projects. If you are just getting started, this might be helpful.You can watch the recording [here](https://youtu.be/KyIhxEiNnfc).
## Supported Architectures
Jazzer.js supports Node.js LTS versions on the following platforms, other
versions are best effort only:- Linux x86_64
- macOS x86_64 and arm64
- Windows x86_64## Credit
Jazzer.js is inspired by its namesake
[Jazzer](https://github.com/CodeIntelligenceTesting/jazzer), also developed by
[Code Intelligence](https://www.code-intelligence.com).