Releases: CodeIntelligenceTesting/jazzer.js
Release 2.1.0
What's Changed
- Feature: Jest support: List fuzz test names by @zgtm in #606
- Feature: Handle real segfaults in fuzz targets by @br-lewis in #602
- Feature: Provide consistent exit codes by @bertschneider in #617
- Bugfix: Patch coverage of implicit else branches by @bertschneider in #635
Full Changelog: v2.0.0...v2.1.0
Release 2.0.0
Jazzer.js now supports all Jest features 🎉 This introduces a small but breaking change, though. See the migration guide on how to convert the fuzz test projects from previous versions of Jazzer.js.
What's Changed
- Feature: (Breaking change) Deeper Jest integration by @bertschneider and @oetr in #585
- Bugfix: Prevent TypeError in the bug detectors by @oetr in #586
Full Changelog: v1.7.0...v2.0.0
Release 1.7.0
Summary
Handling application parameters is a hassle, so we simplified it.
All parameters can now be passed in with consistent names and clear priorities regarding their origin. Along the way support for environment variables was added as well to make integration into scripts and pipelines easier. More details can be found at Configuration options.
What's Changed
- Feat: Streamline option handling (#530)
- Fix: FuzzedDataProvider crash on float length (#552)
- Fix: Always log internal messages to stderr (#576)
Full Changelog: v1.6.1...v1.7.0
Release 1.6.1
This release enables instrumentation in Jest when in fuzzing mode, and thus reverts the change introduced in version 1.6.0.
In addition, from now on the version of each workspace is now pinned, which prevents the @jazzer.js packages to use wrong versions of each other.
What's Changed
- Bugfix: Always instrument in fuzzing mode by @bertschneider in #547
- Tests: Add release canary test by @br-lewis in #525
Release 1.6.0
This release contains two main additions: the Prototype Pollution bug detector, and handling of SIGINT/SIGSEGV signals.
Jazzer.js can now detect Prototype Pollution---a widespread vulnerability that is easy to introduce and hard to detect by manual code review.
Jazzer.js will now gracefully shut down when Ctrl+C is pressed, and will report coverage (if requested) and other information that was previously only available on crash or when the fuzzer exited by itself. In addition, Jazzer.js will now save crash files when segmentation faults occur, which allows a quick reproduction of the issue.
What's Changed
- Feature: Prototype Pollution Bug Detector by @oetr in #452
- Feature: Add SIGINT handling by @oetr in #497
- Feature: Handle segfault by @oetr in #524
- Feature: Add eslint header plugin by @bertschneider in #534
- Feature Configure eslint rules by @bertschneider in #508
- Bugfix: prevent endless loop when consuming an array of strings by @oetr in #528
- Tests: fix flaky signal handling tests by @oetr in #529
Release 1.5.1
Summary
This release fixes Jest fuzz tests written in TypeScript.
What's Changed
- Bugfix: TypeScript support for Jest now works in standalone projects by @oetr in #485
- Actions: send release event to datadog by @WillRoque in #480
New Contributors
- @WillRoque made their first contribution in #480
Full Changelog: v1.5.0...v1.5.1
Release 1.5.0
Summary
This release contains two main additions: Bug detectors and TypeScript support for Jest fuzz tests.
Hooks can now be used to raise findings that escape all try/catch blocks and force the fuzzer to report a crash. Such hooks are called bug detectors. This release of Jazzer.js already contains two bug detectors, one for command injections and one for path traversals.
As TypeScript is used in many projects in the JavaScript ecosystem, many tests are also written in TypeScript. To better support already existing development workflows, Jazzer.js now supports the direct execution of Jest fuzz tests written in TypeScript. Simply set up your TypeScript project, like you would normally do, and enjoy running Jest fuzz tests written in TypeScript without the need to transpile them before the actual execution.
What's Changed
- Feature: Support Jest fuzz tests written in TypeScript by @bertschneider (#449)
- Feature: Add command injection bug detector by @oetr (#407)
- Feature: Add path traversal bug detector by @0xricksanchez (#419)
- Feature: Log coverage input directories on startup by @zgtm (#450)
- Feature: Use wording from jazzer for logging corpus inputs on startup by @zgtm (#469)
- Feature: Update llvm version by @br-lewis in (#416)
- Feature: Streamline CLI arguments for a more intuitive Jazzer.js usage by @0xricksanchez (#429)
- Bugfix: Fix async bug detector wrapper by @bertschneider (#460)
- Bugfix: Deep-copy default Jest config to prevent tests changing each other's configurations by @oetr (#451)
- Documentation: Note Jest TypeScript limitation by @br-lewis (#340)
- Pipeline: Use rebase in Dependabot auto-merge by @bertschneider (#348)
- Pipeline: Demote jest to a dev dependency by @0xricksanchez (#363)
New Contributors
Full Changelog: v1.4.0...v1.5.0
Release 1.4.0
Summary
This release enables using absolute paths to the fuzz targets. It also includes cleanups and CI improvements.
What's Changed
- docs: fix typo and explain FuzzedDataProvider in Jest documentation by @kyakdan in #311
- Enable merge groups by @0xricksanchez in #320
- Remove unnecessary excluded flag on CLI by @0xricksanchez in #316
- Switch from auto-merge action to gh command by @bertschneider in #325
- Switch to fixed number of runs in flaky promise test by @bertschneider in #330
- Change Jazzer.js fuzz tests to fixed number of runs by @0xricksanchez in #321
- improve CI build times by limiting runs by @0xricksanchez in #337
- Enable providing fuzz targets using absolute paths by @kyakdan in #341
Full Changelog: v1.3.0...v1.4.0
Release 1.3.0
Summary
The main additions in this release are the ability to collecting coverage information and generate coverage reports, and the ability to leverage the FuzzedDataProvider
to return arbitrary combinations of ASCII printable and/or lossy strings without having to rely on libfuzzers -only_ascii
flag.
What's Changed
- Fix a broken link by @ligurio in #292
- Introduce toggle for FuzzedDataProvider to only return printable strings by @0xricksanchez in #268
- Un-hide fuzz function flag by @kyakdan in #294
- Gracefully handle none-string types when intercepting string comparisons by @kyakdan in #296
- Jazzer.js now supports coverage report generation. Simply add "--coverage". by @oetr in #272
- fuzztests: check error code of each individual fuzztest by @oetr in #297
- Added simple detection mechanism for synchronous return values by @0xricksanchez in #283
New Contributors
Full Changelog: v1.2.0...v1.3.0
Release 1.2.0
Summary
This release enables using libFuzzer's fork mode with Jazzer.js.
What's Changed
- ci: build the native addon in the linting step by @kyakdan in #287
- Handle libFuzzer modes that spawn subprocesses by @kyakdan in #271
- Add missing
core
dependency injest-runner
by @bertschneider in #288 - Edge Sync File Id Strategy by @kyakdan in #280
Full Changelog: v1.1.0...v1.2.0