Skip to content

Release 1.5.0

Compare
Choose a tag to compare
@github-actions github-actions released this 16 Jun 06:45
· 317 commits to main since this release

Summary

This release contains two main additions: Bug detectors and TypeScript support for Jest fuzz tests.

Hooks can now be used to raise findings that escape all try/catch blocks and force the fuzzer to report a crash. Such hooks are called bug detectors. This release of Jazzer.js already contains two bug detectors, one for command injections and one for path traversals.

As TypeScript is used in many projects in the JavaScript ecosystem, many tests are also written in TypeScript. To better support already existing development workflows, Jazzer.js now supports the direct execution of Jest fuzz tests written in TypeScript. Simply set up your TypeScript project, like you would normally do, and enjoy running Jest fuzz tests written in TypeScript without the need to transpile them before the actual execution.

What's Changed

  • Feature: Support Jest fuzz tests written in TypeScript by @bertschneider (#449)
  • Feature: Add command injection bug detector by @oetr (#407)
  • Feature: Add path traversal bug detector by @0xricksanchez (#419)
  • Feature: Log coverage input directories on startup by @zgtm (#450)
  • Feature: Use wording from jazzer for logging corpus inputs on startup by @zgtm (#469)
  • Feature: Update llvm version by @br-lewis in (#416)
  • Feature: Streamline CLI arguments for a more intuitive Jazzer.js usage by @0xricksanchez (#429)
  • Bugfix: Fix async bug detector wrapper by @bertschneider (#460)
  • Bugfix: Deep-copy default Jest config to prevent tests changing each other's configurations by @oetr (#451)
  • Documentation: Note Jest TypeScript limitation by @br-lewis (#340)
  • Pipeline: Use rebase in Dependabot auto-merge by @bertschneider (#348)
  • Pipeline: Demote jest to a dev dependency by @0xricksanchez (#363)

New Contributors

Full Changelog: v1.4.0...v1.5.0