Uncovering Hidden Bugs and Vulnerabilities in C/C++
How to Fuzz Your Code With 3 Commands
What to Expect
CI Fuzz is a solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands.
In this live stream, our expert Jochen will:
- Cover the current state of fuzz testing
- Set up CLI fuzzing within 3 commands
- Uncover multiple bugs and severe memory corruption vulnerabilities
All code examples and tools used are open-source.
# Initialize fuzzing
$ cifuzz init
# Create your first fuzz test
$ cifuzz create my_fuzz_test
# Run fuzz test and find bugs
$ cifuzz run my_fuzz_test
Speaker Profile
Your host Jochen Hilgers is one of the maintainers of CI Fuzz. In his work as a Senior Software Engineer at Code Intelligence, he specializes in CLI-integrated software testing solutions. Jochen also holds a master's in Computer Science from Hochschule Trier and has a background in Backend and Web Development with a strong focus on software quality.
README.md
cifuzz
IMPORTANT: This project is under active development. Be aware that the behavior of the commands or the configuration can change.
What is cifuzz
cifuzz is a CLI tool that helps you to integrate and run fuzzing based tests into your project.
Features
- Easily set up, create and run fuzz tests
- Generate coverage reports that can be integrated in your IDE
- Supports multiple programming languages and build systems
Integrations
Getting started
Installation
You can get the latest release from GitHub or by running our install script:
sh -c "$(curl -fsSL https://raw.githubusercontent.com/CodeIntelligenceTesting/cifuzz/main/install.sh)"
If you are using Windows, you can download the latest release and execute it.
By default, CI Fuzz gets installed in your home directory under cifuzz
. You can customize the installation directory with ./cifuzz_installer -i /target/dir
.
Do not forget to add the installation's bin
directory to your PATH
.
Prerequisites
Ubuntu / Debian
sudo apt install cmake clang llvm
Arch
sudo pacman -S cmake clang llvm
macOS
brew install cmake llvm
Windows
At least Visual Studio 2022 version 17 is required.
choco install cmake llvm
- Bazel >= 5.3.1
- Java JDK >= 8 (e.g. OpenJDK or Zulu) is needed for Bazel's coverage feature.
- LLVM >= 11
- lcov
Ubuntu / Debian
sudo curl -L https://github.com/bazelbuild/bazelisk/releases/latest/download/bazelisk-linux-amd64 -o /usr/local/bin/bazel
sudo chmod +x /usr/local/bin/bazel
sudo apt install clang llvm lcov default-jdk
Arch
sudo pacman -S clang llvm lcov python jdk-openjdk
sudo curl -L https://github.com/bazelbuild/bazelisk/releases/latest/download/bazelisk-linux-amd64 -o /usr/local/bin/bazel
sudo chmod +x /usr/local/bin/bazel
macOS
brew install llvm lcov openjdk bazelisk
Windows
At least Visual Studio 2022 version 17 is required.
choco install cmake llvm microsoft-openjdk bazelisk
Installation Prerequisites
Ubuntu / Debian
sudo apt install openjdk maven
Arch
sudo pacman -S jdk-openjdk maven
macOS
brew install openjdk maven
Windows
choco install microsoft-openjdk maven