Skip to content

securestep9/jazzer.js

 
 

Repository files navigation

Jazzer.js is a coverage-guided, in-process fuzzer for the Node.js platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JavaScript ecosystem.

Jazzer.js currently supports the following platforms:

  • Linux x86_64
  • macOS x86_64 and arm64
  • Windows x86_64

Quickstart

To use Jazzer.js in your own project follow these few simple steps:

  1. Add the @jazzer.js/core dev-dependency

    npm install --save-dev @jazzer.js/core
  2. Create a fuzz target invoking your code

    // file "FuzzTarget.js"
    module.exports.fuzz = function (data /*: Buffer */) {
    	const fuzzerData = data.toString();
    	myAwesomeCode(fuzzerData);
    };
    
    // Alternatively, using ES6 syntax is also possible
    export function fuzz(data /*: Buffer */) {
    	const fuzzerData = data.toString();
    	myAwesomeCode(fuzzerData);
    }
  3. Start the fuzzer using the fuzz target

    npx jazzer FuzzTarget
  4. Enjoy fuzzing!

Usage

Jazzer.js can be used in two ways: Creating dedicated fuzz targets, as shown in the Quickstart section, or integrated into the Jest test framework.

Using test framework integration

To use fuzzing in your normal development workflow, a tight integration with the Jest test framework is provided. This coupling allows the execution of fuzz tests alongside your normal unit tests and seamlessly detect problems on your local machine or in your CI, enabling you to check that found bugs stay resolved forever.

Furthermore, the Jest integration enables great IDE support, so that individual inputs can be run or even debugged, similar to what you would expect from normal Jest tests.

Note: Detailed explanation on how to use the Jest integration can be found at docs/jest-integration.md.

A fuzz test in Jest looks similar to the following example:

describe("My function", () => {
	it.fuzz("can be fuzzed", (data) => {
		target.fuzzMe(data);
	});
});

Using fuzz targets

Creating fuzz targets and executing those via CLI commands is straightforward and similar to what you would expect from other fuzzers. This approach offers the most control and can easily be integrated in your CI pipelines via npm/npx commands.

Note: Detailed explanation on how to create and use fuzz targets can be found at docs/fuzz-targets.md.

A fuzz target can look as simple as this example:

// file "FuzzTarget.js"
module.exports.fuzz = function (data /*: Buffer */) {
	const fuzzerData = data.toString();
	myAwesomeCode(fuzzerData);
};

Documentation

Further documentation is available at docs/readme.md.

Demo Video - Introduction to Jazzer.js

We recorded a live demo which shows how to get Jazzer.js up and running for your own projects. If you are just getting started, this might be helpful.

You can watch the recording here.

Credit

Jazzer.js is inspired by its namesake Jazzer, also developed by Code Intelligence.

Code Intelligence logo

About

Coverage-guided, in-process fuzzing for the Node.js

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 75.1%
  • C++ 12.6%
  • JavaScript 7.8%
  • CMake 2.4%
  • C 1.6%
  • Shell 0.4%
  • Batchfile 0.1%