<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=o9hpv&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=o9hpv&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">
Skip to content
Close
Login
Login

Live Stream | Tuesday, October 4th | 16:00 CEST

 

Uncovering Hidden Bugs and Vulnerabilities in C/C++

How to Fuzz Your Code With 3 Commands

Upcoming Live Stream

Register for a calendar invite and receive a reminder on the day of the event.

What to Expect

CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands.

In this live stream, our expert Jochen will:

  • Cover the current state of fuzz testing
  • Set up CLI fuzzing within 3 commands
  • Uncover multiple bugs and severe memory corruption vulnerabilities

All code examples and tools used are open-source.

# Initialize fuzzing

$ cifuzz init

# Create your first fuzz test

$ cifuzz create my_fuzz_test

# Run fuzz test and find bugs

$ cifuzz run my_fuzz_test


Save the Date

Sign up so we can send you a calendar reminder on the day of the event. In case you miss the session anyways, we will also send you a link to the recording afterwards.

Jochen Hilgers

Speaker Profile

Your host Jochen Hilgers is one of the maintainers of CI Fuzz CLI. In his work as a Senior Software Engineer at Code Intelligence, he specializes in CLI-integrated software testing solutions. Jochen also holds a master's in Computer Science from Hochschule Trier and has a background in Backend and Web Development with a strong focus on software quality.

  README.md


cifuzz


IMPORTANT: This project is under active development. Be aware that the behaviour of the commands or the configuration can change.

cifuzz is a CLI tool that helps you to integrate and run fuzzing based tests into your project.

Getting Started


If you are new to the world of fuzzing, we recommend you to take a look at our Glossary.

Installation

Building from Source (Linux)

Prerequisites

git
make
CMake >= 3.16
LLVM >= 11
go >= 1.18
libcap


Ubuntu / Debian

sudo apt install git make cmake clang llvm golang-go libcap-dev 

Arch

sudo pacman -S git make cmake clang llvm go libcap

To build cifuzz from source you have to execute the following steps:

git clone https://github.com/CodeIntelligenceTesting/cifuzz.git
cd cifuzz
make test
make install

If everything went fine, you will find the newly created directory ~/cifuzz. Do not forget to add ~/cifuzz/bin to your $PATH.

To verify the installation we recommend you to start a fuzzing run in one of our example projects:

cd examples/cmake
cifuzz run my_fuzz_target

This should stop after a few seconds with an actual finding.

Setup / Create Your First Fuzz Target

cifuzz commands will interactively guide you through the needed options and show next steps. You can find a complete list of the available commands with all supported options and parameters by calling cifuzz command --help or here.

Step 1: To initialize your project with cifuzz just execute cifuzz init in the root directory of your project. This will create a file named cifuzz.yaml containing the needed configuration.

Step 2: The next step is to create a fuzz target. Execute cifuzz create and follow the instructions given by the command. This will create a stub for your fuzz test (aka fuzz target), lets say it is called my_fuzz_test.cpp.

Step 3: Edit my_fuzz_test.cpp so it actually calls the function you want to test with the input generated by the fuzzer. To learn more about writing fuzz tests, you can take a look at our Tutorial or one of the example projects.

Step 4: Start the fuzzing by executing cifuzz run my_fuzz_test. cifuzz now tries to build the fuzz test and starts a fuzzing run.

Use Case_CARIAD