-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support fuzzing multiple @FuzzTest
s at the same time
#599
Comments
Currently, multiple fuzzing runs can not be started cleanly in one JVM instance. As they tend to be quite long running, they should probably be executed individually anyways. We are thinking about if and how to support this, but in the meantime you would need to script around this restriction. |
How do you specify which one to run? |
If you want to use Maven you can set the testsuite name like: Furthermore, you could also use Jazzer directly (without the JUnit integration), but that's probably not the way for you to go. |
@FuzzTest
s at the same time
For Maven you can run multiple fuzzer tests by configuring multiple executions for the Surefire plugin in the POM, each executing a different test method. For example: POM plugin configuration (click)<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.1.2</version>
<executions>
<!-- Skip default execution -->
<execution>
<id>default-test</id>
<configuration>
<skipTests>true</skipTests>
</configuration>
</execution>
<!-- Explicitly list separate fuzzing test methods -->
<execution>
<id>fuzz-MyFuzzingTest#method1</id>
<goals>
<goal>test</goal>
</goals>
<configuration>
<test>MyFuzzingTest#method1</test>
</configuration>
</execution>
<execution>
<id>fuzz-MyFuzzingTest#method2</id>
<goals>
<goal>test</goal>
</goals>
<configuration>
<test>MyFuzzingTest#method2</test>
</configuration>
</execution>
...
</executions>
</plugin> Though this is a hacky workaround because it is quite error-prone maintaining this, and also seems to have other drawbacks, such as What is a bit unfortunate though is that this limitation of
|
@Marcono1234 I submitted #870 to clarify the docs on this. Another convenient way to run fuzz tests in fuzzing mode is to use cifuzz. |
Thanks! But does cifuzz support running multiple
|
Hi @cameronbraid ! Not sure that we answered your question, although @bertschneider is right that most of the fuzzing runs one at a time. |
@Marcono1234 - thank you for this input! Are you still using Jazzer? I'm also curious to understand how you use/have used Jazzer. |
@David-Merian-CI, I was using Jazzer for some improvised fuzzing of third-party open source projects: I created a dummy Maven project with those projects as dependencies and then created It is quite unfortunate that you won't be continuing development of Jazzer as open source project. But if that approach was not profitable for you as company (or if you had other reasons), then that choice is understandable. Would it have helped if Jazzer got more publicity and recognition? For example it was (and still is) used by oss-fuzz, and probably has had a big impact there. Maybe it would have been possible to explicitly mention Jazzer whenever a fuzzing setup using it found a vulnerability? The oss-fuzz maintainers are evaluating options now that Jazzer open source development won't continue (google/oss-fuzz#11652), but I assume they are also in contact with you. Or would a licensing model similar to GitHub's CodeQL license work for you? That is, you restrict usage of (future) Jazzer versions to open source projects and research, and for everything else a commercial license is necessary. (Though I don't know how easy that is to enforce, and if changing the license will be possible.) And maybe for open source and research projects kindly ask to be explicitly mentioned as used tool to get recognition. (Thanks also for un-archiving this repository, otherwise I wouldn't have been able to respond here.) |
When I run
JAZZER_FUZZ=1 mvn test
and JAZZER runs it only fuzzes ONE method annotated with@FuzzTest
then exists.How do I run them all ?
The text was updated successfully, but these errors were encountered: