Add support for afl-fuzz testing
"make fuzz" creates a simple executable that de-serialises stdin and re-serialises to stdout. "make fuzz_testcases" extracts the smaller json test cases into a testcases directory. The library can then be fuzzed as follows: CC=afl-clang-fast make fuzz make fuzz_testcases mkdir out afl-fuzz -i testcases -o out ./fuzz
This commit is contained in:
parent
61fe90f998
commit
9e500b49ac
2 changed files with 54 additions and 2 deletions
14
Makefile
14
Makefile
|
@ -9,7 +9,7 @@ all: json_unit
|
||||||
|
|
||||||
# clean up
|
# clean up
|
||||||
clean:
|
clean:
|
||||||
rm -f json_unit json_benchmarks
|
rm -f json_unit json_benchmarks fuzz
|
||||||
|
|
||||||
|
|
||||||
##########################################################################
|
##########################################################################
|
||||||
|
@ -24,6 +24,16 @@ json_unit: test/unit.cpp src/json.hpp test/catch.hpp
|
||||||
$(CXX) -std=c++11 $(CXXFLAGS) $(FLAGS) $(CPPFLAGS) -I src -I test $< $(LDFLAGS) -o $@
|
$(CXX) -std=c++11 $(CXXFLAGS) $(FLAGS) $(CPPFLAGS) -I src -I test $< $(LDFLAGS) -o $@
|
||||||
|
|
||||||
|
|
||||||
|
##########################################################################
|
||||||
|
# fuzzing
|
||||||
|
##########################################################################
|
||||||
|
|
||||||
|
fuzz: test/fuzz.cpp src/json.hpp
|
||||||
|
$(CXX) -std=c++11 $(CXXFLAGS) $(FLAGS) $(CPPFLAGS) -I src -I test $< $(LDFLAGS) -lstdc++ -lm -o $@
|
||||||
|
fuzz_testcases:
|
||||||
|
mkdir -p testcases && find test/ -size -5k -name *json | xargs -I{} cp "{}" testcases
|
||||||
|
@echo "Test cases suitable for fuzzing have been copied into the testcases directory"
|
||||||
|
|
||||||
##########################################################################
|
##########################################################################
|
||||||
# static analyzer
|
# static analyzer
|
||||||
##########################################################################
|
##########################################################################
|
||||||
|
@ -48,7 +58,7 @@ pretty:
|
||||||
--indent-col1-comments --pad-oper --pad-header --align-pointer=type \
|
--indent-col1-comments --pad-oper --pad-header --align-pointer=type \
|
||||||
--align-reference=type --add-brackets --convert-tabs --close-templates \
|
--align-reference=type --add-brackets --convert-tabs --close-templates \
|
||||||
--lineend=linux --preserve-date --suffix=none \
|
--lineend=linux --preserve-date --suffix=none \
|
||||||
src/json.hpp src/json.hpp.re2c test/unit.cpp benchmarks/benchmarks.cpp doc/examples/*.cpp
|
src/json.hpp src/json.hpp.re2c test/unit.cpp test/fuzz.cpp benchmarks/benchmarks.cpp doc/examples/*.cpp
|
||||||
|
|
||||||
|
|
||||||
##########################################################################
|
##########################################################################
|
||||||
|
|
42
test/fuzz.cpp
Normal file
42
test/fuzz.cpp
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
/*
|
||||||
|
__ _____ _____ _____
|
||||||
|
__| | __| | | | JSON for Modern C++ (fuzz test support)
|
||||||
|
| | |__ | | | | | | version 2.0.0
|
||||||
|
|_____|_____|_____|_|___| https://github.com/nlohmann/json
|
||||||
|
|
||||||
|
To run under afl:
|
||||||
|
afl-fuzz -i testcases -o output ./fuzz
|
||||||
|
|
||||||
|
Licensed under the MIT License <http://opensource.org/licenses/MIT>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <json.hpp>
|
||||||
|
|
||||||
|
using json = nlohmann::json;
|
||||||
|
|
||||||
|
int main()
|
||||||
|
{
|
||||||
|
json *jp;
|
||||||
|
|
||||||
|
#ifdef __AFL_HAVE_MANUAL_CONTROL
|
||||||
|
while (__AFL_LOOP(1000)) {
|
||||||
|
#endif
|
||||||
|
jp = new json();
|
||||||
|
json j = *jp;
|
||||||
|
try {
|
||||||
|
j << std::cin;
|
||||||
|
} catch (std::invalid_argument e) {
|
||||||
|
std::cout << "Invalid argument in parsing" << e.what() << '\n';
|
||||||
|
}
|
||||||
|
|
||||||
|
if (j.find("foo") != j.end()) {
|
||||||
|
std::cout << "Found a foo";
|
||||||
|
}
|
||||||
|
|
||||||
|
std::cout << j.type() << j << std::endl;
|
||||||
|
|
||||||
|
delete jp;
|
||||||
|
#ifdef __AFL_HAVE_MANUAL_CONTROL
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
Loading…
Reference in a new issue