Skip to content
Login

Detect
Concurrency Issues in Automotive Software

How to fuzz your software with 3 commands

What to Expect

CI Fuzz CLI is an open-source tool that lets you run feedback-based fuzz tests directly from your command line. Every developer can use it to find bugs and vulnerabilities with 3 simple commands.

In this live stream, our expert Daniel:

  • Covers the current state of fuzz testing
  • Shows how to fuzz CAN interfaces and automatically detect concurrency issues.
  • Uncovers multiple bugs like severe memory corruption vulnerabilities

All code examples and tools used are open-source.

# Initialize fuzzing

$ cifuzz init

# Create your first fuzz test

$ cifuzz create my_fuzz_test

# Run fuzz test and find bugs

$ cifuzz run my_fuzz_test


To Be Announced

About the Speaker

Daniel Teuchert is a Customer Success Engineer at Code Intelligence.


  README.md


See README.md on GitHub

cifuzz


makes fuzz tests as easy as unit tests

release v6.0.1 build passing PRs welcome licence Apache-2.0

Docs | Glossary | Examples | Website | Blog | Twitter | YouTube


IMPORTANT: This project is under active development. Be aware that the behavior of the commands or the configuration can change.

What is cifuzz


cifuzz is a CLI tool that helps you to integrate and run fuzzing based tests into your project.

Features

  • Easily set up, create and run fuzz tests
  • Generate coverage reports that can be integrated in your IDE
  • Supports multiple programming languages and build systems

Integrations


Coming Soon

Getting started


If you are new to the world of fuzzing, we recommend you to take a look at our Glossary and our example projects.

Read the getting started guide if you just want to learn how to fuzz your applications with cifuzz.

Installation

You can get the latest release from GitHub or by running our install script:

sh -c "$(curl -fsSL https://raw.githubusercontent.com/CodeIntelligenceTesting/cifuzz/main/install.sh)"

If you are using Windows, you can download the latest release and execute it.

By default, CI Fuzz gets installed in your home directory under cifuzz. You can customize the installation directory with ./cifuzz_installer -i /target/dir.

Do not forget to add the installation's bin directory to your PATH.

Prerequisites

C/C++ (with CMake) Installation Prerequisites

Ubuntu / Debian

sudo apt install cmake clang llvm

Arch

sudo pacman -S cmake clang llvm

macOS

brew install cmake llvm

Windows

At least Visual Studio 2022 version 17 is required.

choco install cmake llvm
C/C++ (with Bazle) Installation Prerequisites

Ubuntu / Debian

sudo curl -L https://github.com/bazelbuild/bazelisk/releases/latest/download/bazelisk-linux-amd64 -o /usr/local/bin/bazel
sudo chmod +x /usr/local/bin/bazel
sudo apt install clang llvm lcov default-jdk

Arch

sudo pacman -S clang llvm lcov python jdk-openjdk
sudo curl -L https://github.com/bazelbuild/bazelisk/releases/latest/download/bazelisk-linux-amd64 -o /usr/local/bin/bazel
sudo chmod +x /usr/local/bin/bazel

macOS

brew install llvm lcov openjdk bazelisk

Windows

At least Visual Studio 2022 version 17 is required.

choco install cmake llvm microsoft-openjdk bazelisk
Java (with Maven)

Installation Prerequisites

Ubuntu / Debian

sudo apt install openjdk maven 

Arch

sudo pacman -S jdk-openjdk maven

macOS

brew install openjdk maven

Windows

choco install microsoft-openjdk maven
Java (with Gradle) Installation Prerequisites

Ubuntu / Debian

sudo apt install openjdk gradle

Arch

sudo pacman -S jdk-openjdk gradle

macOS

brew install openjdk gradle

Windows

choco install microsoft-openjdk gradle

Contributing

Want to help improve cifuzz? Check out our contributing documentation. There you will find instructions for building the tool locally.

If you find an issue, please report it on the issue tracker.

Use Case_CARIAD