Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mozillasecurity/dharma
Generation-based, context-free grammar fuzzer. Refer to https://github.com/posidron/dharma for a maintained version.
https://github.com/mozillasecurity/dharma
context-free fuzzer fuzzing generation grammar python random
Last synced: about 2 months ago
JSON representation
Generation-based, context-free grammar fuzzer. Refer to https://github.com/posidron/dharma for a maintained version.
- Host: GitHub
- URL: https://github.com/mozillasecurity/dharma
- Owner: MozillaSecurity
- License: mpl-2.0
- Archived: true
- Created: 2015-03-25T17:56:23.000Z (almost 10 years ago)
- Default Branch: master
- Last Pushed: 2021-08-13T19:50:14.000Z (over 3 years ago)
- Last Synced: 2024-10-01T14:35:33.380Z (3 months ago)
- Topics: context-free, fuzzer, fuzzing, generation, grammar, python, random
- Language: Python
- Homepage:
- Size: 5.8 MB
- Stars: 483
- Watchers: 32
- Forks: 90
- Open Issues: 10
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
**
Archived — please see https://github.com/posidron/dharma for maintained version.
**
Generation-based, context-free grammar fuzzer.
Table of Contents
- [Run](#Run)
- [pip](#pip)
- [pipenv](#pipenv)
- [package](#package)
- [Docker](#Docker)
- [Examples](#Examples)
- [Development](#Development)
- [Dharma Grammar Cheatsheet](#Dharma-Grammar-Cheatsheet)
- [API Documentation](#API-Documentation)
- [Dharma in the Public](#Dharma-in-the-Public)## Run
All roads lead to Rome but Python 3.x is the prefered vehicle.
### pip
```bash
pip install dharma
dharma --help
```### pipenv
```bash
pipenv install --dev
pipenv run dharma --help
```### package
```bash
python -m dharma --help
```### Docker
```bash
docker build -t dharma .
docker run --rm -it dharma -grammars dharma/grammars/canvas2d.dg
```## Examples
Generate a single test-case and print it to `stdout`. Multiple grammars can be appended to the `-grammars` argument.
```bash
dharma -grammars dharma/grammars/canvas2d.dg
```Generating multiple test-cases and save the result to disk.
```bash
dharma -grammars dharma/grammars/canvas2d.dg -storage . -count 5
```Generate test-cases and serve them in a template via WebSocket.
Launch `dharma/grammars/var/index.html` in the browser after Dharma launched.```bash
dharma -grammars dharma/grammars/canvas2d.dg -server -template dharma/grammars/var/templates/html5/default.html
```Benchmark the generator.
```bash
time dharma -grammars dharma/grammars/canvas2d.dg -count 10000 > /dev/null
```## Development
### PyLint
In case you run PyLint 1.9.2 and Python 3.7 you need to upgrade PyLint.
```bash
pip3 install pylint astroid --pre -U
```## Dharma Grammar Cheatsheet
### Comments
```
%%% comment
```### Controls
```
%const% name := value
```### Sections
```
%section% := value
%section% := variable
%section% := variance
```### Extension Methods
Refer to `extensions.py` in `dharma/core/` and to the `xref_registry` in the `DharmaMachine` class to add further extensions.
```
%range%(0-9)
%range%(0.0-9.0)
%range%(a-z)
%range%(!-~)
%range%(0x100-0x200)%repeat%(+variable+)
%repeat%(+variable+, ", ")%uri%(path)
%uri%(lookup_key)%block%(path)
%choice%(foo, "bar", 1)
```### Assigning Values
```
digit :=
%range%(0-9)sign :=
+
-value :=
+sign+%repeat%(+digit+)
```### Using Values
```
+value+
```### Assigning Variables
```
variable :=
@variable@ = new Foo();
```### Using Variables
```
value :=
!variable!.bar();
```### Referencing values from `common.dg`
```
value :=
attribute=+common:number+
```### Calling JavaScript library methods
```
foo :=
Random.pick([0,1]);
```## API Documentation
- https://mozillasecurity.github.io/dharma
## Dharma in the Public
Dharma mentionings in the news.
- https://webassembly-security.com/fuzzing-wasm-javascript-dharma-chrome-v8/
- https://www.zerodayinitiative.com/blog/2019/1/31/implementing-fuzz-logics-with-dharma
- http://blog.ret2.io/2018/06/13/pwn2own-2018-vulnerability-discovery/
- https://blog.mozilla.org/security/2015/06/29/dharma/
- https://www.redpacketsecurity.com/dharma-generation-based-context-free-grammar-fuzzing-tool/