Package edu.berkeley.cs.jqf.fuzz.junit

Class GuidedFuzzing

  • public class GuidedFuzzing
extends Object

    • Field Detail

      • DEFAULT_MAX_TRIALS

        public static long DEFAULT_MAX_TRIALS

    • Constructor Detail

      • GuidedFuzzing

        public GuidedFuzzing()

    • Method Detail

      • setGuidance

        public static void setGuidance​(Guidance g)
        Sets the current global fuzzing guidance. Note: There can only be one guidance in any given JVM, because the instrumented test classes make static method calls to generate callback events. The fuzzing entry point (i.e., the target method being fuzzed) should be invoked in the same thread as the thread that sets the global guidance. This property is ensured by all variants of run(Class, String, Guidance, PrintStream).
        Parameters:
        g - the guidance instance
        Throws:
        IllegalStateException - if a guidance has already been set

      • getCurrentGuidance

        public static Guidance getCurrentGuidance()
        Returns the currently registered Guidance instance.
        Returns:
        the currently registered Guidance instance

      • unsetGuidance

        public static void unsetGuidance()
        Unsets the current global fuzzing guidance. This allows running multiple fuzzing sessions in the same JVM instance sequentially. This method should be invoked from the same thread that last invoked setGuidance(Guidance). This method removes any tracers associated with the current thread, so that the entry point can be detected again. This property is ensured by run(Class, String, Guidance, PrintStream).

      • run

        public static Result run​(String testClassName,
                         String testMethod,
                         Guidance guidance,
                         PrintStream out)
                  throws ClassNotFoundException,
                         IllegalStateException
        Runs the guided fuzzing loop, using the system class loader to load test-application classes.

        The test class must be annotated with @RunWith(JQF.class) and the test method must be annotated with @Fuzz.

        Once this method is invoked, the guided fuzzing loop runs continuously until the guidance instance decides to stop by returning false for Guidance.hasInput(). Until the fuzzing stops, this method cannot be invoked again (i.e. at most one guided fuzzing can be running at any time in a single JVM instance).

        Parameters:
        testClassName - the test class containing the test method
        testMethod - the test method to execute in the fuzzing loop
        guidance - the fuzzing guidance
        out - an output stream to log Junit messages
        Returns:
        the Junit-style test result
        Throws:
        ClassNotFoundException - if testClassName cannot be loaded
        IllegalStateException - if a guided fuzzing run is currently executing

      • run

        public static Result run​(String testClassName,
                         String testMethod,
                         ClassLoader loader,
                         Guidance guidance,
                         PrintStream out)
                  throws ClassNotFoundException,
                         IllegalStateException
        Runs the guided fuzzing loop, using a provided classloader to load test-application classes.

        The test class must be annotated with @RunWith(JQF.class) and the test method must be annotated with @Fuzz.

        Once this method is invoked, the guided fuzzing loop runs continuously until the guidance instance decides to stop by returning false for Guidance.hasInput(). Until the fuzzing stops, this method cannot be invoked again (i.e. at most one guided fuzzing can be running at any time in a single JVM instance).

        Parameters:
        testClassName - the test class containing the test method
        testMethod - the test method to execute in the fuzzing loop
        loader - the classloader to load the test class with
        guidance - the fuzzing guidance
        out - an output stream to log Junit messages
        Returns:
        the Junit-style test result
        Throws:
        ClassNotFoundException - if testClassName cannot be loaded
        IllegalStateException - if a guided fuzzing run is currently executing

      • run

        public static Result run​(Class<?> testClass,
                         String testMethod,
                         Guidance guidance,
                         PrintStream out)
                  throws IllegalStateException
        Runs the guided fuzzing loop for a resolved class.

        The test class must be annotated with @RunWith(JQF.class) and the test method must be annotated with @Fuzz.

        Once this method is invoked, the guided fuzzing loop runs continuously until the guidance instance decides to stop by returning false for Guidance.hasInput(). Until the fuzzing stops, this method cannot be invoked again (i.e. at most one guided fuzzing can be running at any time in a single JVM instance).

        Parameters:
        testClass - the test class containing the test method
        testMethod - the test method to execute in the fuzzing loop
        guidance - the fuzzing guidance
        out - an output stream to log Junit messages
        Returns:
        the Junit-style test result
        Throws:
        IllegalStateException - if a guided fuzzing run is currently executing