Skip to content

rust-fuzz/auto-fuzz-test

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

81 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Fuzzing is a great (pen)testing tool, as long as you have one or just a handful of functions you want to fuzz. Fuzzing libpng is no problem, but fuzzing something like OpenSSL is nigh-impossible because you need to manually write the fuzzing boilerplate for every single function.

This is an attempt to make fuzzing libraries with large API surfaces feasible by auto-generating the boilerplate. The process is dead simple:

  1. Put a #[create_cargofuzz_harness] macro on your function foo to find its name and argument types
  2. Struct __fuzz_struct_foo will be added to the AST, containing all the arguments with #[derive(Arbitrary)] on it.
  3. Function __fuzz_foo(input: __fuzz_struct_foo), which calls foo internally, also will be added.
  4. Finally, the boilerplate, which call __fuzz_foo() with the cargo fuzz wil be generated and added to the fuzz/fuzz_targets directory of your project.

That's it!

Only standalone functions without borrowed arguments are supported by now.

The implementation is very basic right now, but the idea appears to be workable. Contributions are welcome!

Running

Attach #[create_cargofuzz_harness] to your function If function is located in module foo::bar, write this path as macros argument (#[create_cargofuzz_harness(foo::bar)]) Run this:

cargo build
cd fuzz
cargo fuzz run <target name>

About

Effortlessly fuzz libraries with large API surfaces

Resources

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages