What Is Jazzer About?
Jazzer, our fuzzer for the JVM, is already being used with several JVM languages like Java and Kotlin. Recently, a member of the community asked us whether Jazzer can also fuzz Clojure code. The answer is yes, but it wasn't obvious how to set things up. So we've built a small helper library, jazzer-clj, which contains everything you need to get started with Jazzer for Clojure. There's also an example project to demonstrate the setup. Head over to the GitHub repo for detailed documentation, or read on for a quick summary.
Jazzer requires users to write so-called fuzz targets for their code: Java classes that receive pseudo-random data from the fuzzer which they use to exercise the software under test. Our library simply provides a Clojure macro
deftarget that makes it easy to define fuzz targets from Clojure (i.e., without the need to write Java code or to call into Clojure from Java).
(fuzzing/deftarget your.company.fuzzing.SomeFunctionTarget [input]
;; Assuming you'd like to test a function that takes an integer and a string.
(your.lobrary/some-function (.consumeInt input) (.consumeRemainginAsString input)))
How to Start Fuzzing With Jazzer?
So, if you want to fuzz Clojure code, all you have to do is add a dependency on jazzer-clj and write your first fuzz target with
deftarget. We've published an example project which does just that - feel free to check it out for inspiration!
We're curious to hear how you fuzz-test your Clojure code, so do let us know! Moreover, if anything is unclear, we're happy to help—just open an issue on GitHub or reach out to one of our security experts.