Add support for afl-fuzz testing
"make fuzz" creates a simple executable that de-serialises stdin
and re-serialises to stdout.
"make fuzz_testcases" extracts the smaller json test cases into
a testcases directory.
The library can then be fuzzed as follows:
CC=afl-clang-fast make fuzz
make fuzz_testcases
mkdir out
afl-fuzz -i testcases -o out ./fuzz
This commit is contained in:
Michael Macnair
parent
61fe90f998
commit
9e500b49ac
2 changed files with 54 additions and 2 deletions
14
Makefile
14
Makefile
|
|
@ -9,7 +9,7 @@ all: json_unit
|
|||
|
||||
# clean up
|
||||
clean:
|
||||
rm -f json_unit json_benchmarks
|
||||
rm -f json_unit json_benchmarks fuzz
|
||||
|
||||
|
||||
##########################################################################
|
||||
|
|
@ -24,6 +24,16 @@ json_unit: test/unit.cpp src/json.hpp test/catch.hpp
|
|||
$(CXX) -std=c++11 $(CXXFLAGS) $(FLAGS) $(CPPFLAGS) -I src -I test $< $(LDFLAGS) -o $@
|
||||
|
||||
|
||||
##########################################################################
|
||||
# fuzzing
|
||||
##########################################################################
|
||||
|
||||
fuzz: test/fuzz.cpp src/json.hpp
|
||||
$(CXX) -std=c++11 $(CXXFLAGS) $(FLAGS) $(CPPFLAGS) -I src -I test $< $(LDFLAGS) -lstdc++ -lm -o $@
|
||||
fuzz_testcases:
|
||||
mkdir -p testcases && find test/ -size -5k -name *json | xargs -I{} cp "{}" testcases
|
||||
@echo "Test cases suitable for fuzzing have been copied into the testcases directory"
|
||||
|
||||
##########################################################################
|
||||
# static analyzer
|
||||
##########################################################################
|
||||
|
|
@ -48,7 +58,7 @@ pretty:
|
|||
--indent-col1-comments --pad-oper --pad-header --align-pointer=type \
|
||||
--align-reference=type --add-brackets --convert-tabs --close-templates \
|
||||
--lineend=linux --preserve-date --suffix=none \
|
||||
src/json.hpp src/json.hpp.re2c test/unit.cpp benchmarks/benchmarks.cpp doc/examples/*.cpp
|
||||
src/json.hpp src/json.hpp.re2c test/unit.cpp test/fuzz.cpp benchmarks/benchmarks.cpp doc/examples/*.cpp
|
||||
|
||||
|
||||
##########################################################################
|
||||
|
|
|
|||
42
test/fuzz.cpp
Normal file
42
test/fuzz.cpp
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
/*
|
||||
__ _____ _____ _____
|
||||
__| | __| | | | JSON for Modern C++ (fuzz test support)
|
||||
| | |__ | | | | | | version 2.0.0
|
||||
|_____|_____|_____|_|___| https://github.com/nlohmann/json
|
||||
|
||||
To run under afl:
|
||||
afl-fuzz -i testcases -o output ./fuzz
|
||||
|
||||
Licensed under the MIT License <http://opensource.org/licenses/MIT>.
|
||||
*/
|
||||
|
||||
#include <json.hpp>
|
||||
|
||||
using json = nlohmann::json;
|
||||
|
||||
int main()
|
||||
{
|
||||
json *jp;
|
||||
|
||||
#ifdef __AFL_HAVE_MANUAL_CONTROL
|
||||
while (__AFL_LOOP(1000)) {
|
||||
#endif
|
||||
jp = new json();
|
||||
json j = *jp;
|
||||
try {
|
||||
j << std::cin;
|
||||
} catch (std::invalid_argument e) {
|
||||
std::cout << "Invalid argument in parsing" << e.what() << '\n';
|
||||
}
|
||||
|
||||
if (j.find("foo") != j.end()) {
|
||||
std::cout << "Found a foo";
|
||||
}
|
||||
|
||||
std::cout << j.type() << j << std::endl;
|
||||
|
||||
delete jp;
|
||||
#ifdef __AFL_HAVE_MANUAL_CONTROL
|
||||
}
|
||||
#endif
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue