Description
cifuzz is a CLI tool that helps you to integrate and run fuzzing based tests into your project.
cifuzz alternatives and similar libraries
Based on the "CLI" category.
Alternatively, view cifuzz alternatives based on common mentions on social networks and blogs.
-
gflags
The gflags package contains a C++ library that implements commandline flags processing. It includes built-in support for standard types such as string and the ability to define flags in the source file in which they are used. Online documentation available at: -
CLI11
CLI11 is a command line parser for C++11 and beyond that provides a rich feature set with a simple and intuitive interface. -
Taywee/args
A simple header-only C++ argument parser library. Supposed to be flexible and powerful, and attempts to be compatible with the functionality of the Python standard argparse library (though not necessarily the API). -
args
A simple header-only C++ argument parser library. Supposed to be flexible and powerful, and attempts to be compatible with the functionality of the Python standard argparse library (though not necessarily the API). -
clipp
easy to use, powerful & expressive command line argument parsing for modern C++ / single header / usage & doc generation -
TCLAP
A mature, stable and feature-rich library for defining and accessing command line arguments in ANSI C++. [MIT]
CodeRabbit: AI Code Reviews for Developers
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of cifuzz or a related project?
Popular Comparisons
README
cifuzz
IMPORTANT: This project is under active development. Be aware that the behavior of the commands or the configuration can change.
cifuzz is a CLI tool that helps you to integrate and run fuzzing based tests into your project.
Getting started
If you are new to the world of fuzzing, we recommend you to take a look at our [Glossary](docs/Glossary.md).
Installation
Prerequisites
Installing required dependencies
Ubuntu / Debian <!-- when changing this, please make sure it is in sync with the E2E pipeline -->
sudo apt install cmake clang llvm
Arch <!-- when changing this, please make sure it is in sync with the E2E pipeline -->
sudo pacman -S cmake clang llvm
MacOS <!-- when changing this, please make sure it is in sync with the E2E pipeline -->
brew install cmake llvm
Windows <!-- when changing this, please make sure it is in sync with the E2E pipeline --> <!-- clang is included in the llvm package ---> At least Visual Studio 2022 version 17 is required.
choco install cmake llvm
Installing cifuzz
You can get the latest release here or by running our install script:
sh -c "$(curl -fsSL https://raw.githubusercontent.com/CodeIntelligenceTesting/cifuzz/main/install.sh)"
If you are using Windows you can download the latest release and execute it.
By default, cifuzz gets installed in your home directory under cifuzz
.
You can customize the installation directory with ./cifuzz_installer -i /target/dir
.
Do not forget to add the installation directory to your PATH
.
Setup / Create your first fuzz test
cifuzz commands will interactively guide you through the needed
options and show next steps. You can find a complete
list of the available commands with all supported options and
parameters by calling cifuzz command --help
or
here.
To initialize your project with cifuzz just execute
cifuzz init
in the root directory of your project. This will create a file namedcifuzz.yaml
containing the needed configuration and print out any necessary steps to setup your project.The next step is to create a fuzz test. Execute
cifuzz create
and follow the instructions given by the command. This will create a stub for your fuzz test, lets say it is calledmy_fuzz_test_1.cpp
and tell you how to integrate it into your project. Usually you also have to add instructions in your CMakeLists.txt file to link the fuzz test with the software under test (e.g. use thetarget_link_libraries directive
). Theadd_fuzz_test
directive can be treated likeadd_executable
.Edit
my_fuzz_test_1.cpp
so it actually calls the function you want to test with the input generated by the fuzzer. To learn more about writing fuzz tests you can take a look at our [Tutorial](docs/How-To-Write-A-Fuzz-Test.md) or one of the [example projects](examples).Start the fuzzing by executing
cifuzz run my_fuzz_test_1
. cifuzz now tries to build the fuzz test and starts a fuzzing run.
Generate coverage report
Once you executed a fuzz test, you can generate a coverage report which shows the line by line coverage of the fuzzed code:
cifuzz coverage my_fuzz_test_1
See [here](docs/Coverage-ide-integrations.md) for instructions on how to generate and visualize coverage reports right from your IDE.
Regression testing
Important: In general there are two ways to run your fuzz test:
An actual fuzzing run by calling:
cifuzz run my_fuzz_test_1
. The fuzzer will rapidly generate new inputs and feed them into your fuzz test. Any input that covers new parts of the fuzzed project will be added to the generated corpus. cifuzz will run until a crash occurs and report detailed information about the finding.As a regression test, by invoking it through your IDE/editor or by directly executing the replayer binary (see [here](docs/How-To-Write-A-Fuzz-Test.md#regression-test--replayer) on how to build that binary). This will use the replayer to apply existing input data from the seed corpus, which has to be stored in the directory
<fuzz-test-name>_inputs
beside your fuzz test. Note that this directory has to be created manually. In case a crash was found, the directory will be created and the crashing input is added to this directory automatically. The fuzz test will stop immediately after applying all inputs or earlier if a regression occurs.
Sandboxing
On Linux, cifuzz runs the fuzz tests in a sandbox by default, to avoid the fuzz test accidentally harming the system, for example by deleting files or killing processes. It uses Minijail for that.
If you experience problems when running fuzz tests via cifuzz and
you don't expect your fuzz tests to do any harm to the system (or you're
already running cifuzz in a container), you might want to disable
the sandbox via the --use-sandbox=false
flag or the
[use-sandbox: false
config file setting](docs/Configuration.md#use-sandbox).
Intro to cifuzz (live stream)
Check out @jochil's live session for a walkthrough of how to get started with cifuzz. The event is freely accessible on YouTube and Linkedin. Click here for more info.
Contributing
Want to help improve cifuzz? Check out our [contributing documentation](CONTRIBUTING.md). There you will find instructions for building the tool locally.
If you find an issue, please report it on the issue tracker.