/cifuzz-gradle-plugin

Primary LanguageKotlinApache License 2.0Apache-2.0

CI Fuzz Gradle plugin

Build Status Gradle Plugin Portal

cifuzz is a CLI tool that helps you to integrate and run fuzzing based tests into your project. If you are using Gradle, add this plugin to your build.

How to use

Apply the plugin directly in the build.gradle (or build.gradle.kts) files of the project containing fuzz tests and a cifuzz.yaml. In a single project, this file is located in the root. In a multi-project, it is located in one of the subproject folders.

See also getting started with cifuzz.

plugins {
    id("com.code-intelligence.cifuzz") version "<<latest_version>>"
}

Hint: If you manually need to dowonload the plugin for your air-gapped environment, you can find it here.

Compatibility

  • For JVM (Java, Kotlin, ...) projects, the minimum supported Gradle version is Gradle 6.1
  • For Android projects, 7.5 (Android Gradle Plugin 7.4) or 8.0 (Android Gradle Plugin 8.0) are the minimum supported Gradle version

Writing fuzz tests with Jazzer and JUnit 5

The plugin sets up everything to write and run fuzz tests with Jazzer and JUnit 5. See the Jazzer documentation for examples of such tests. You can then use the cifuzz tool to run the fuzz tests and also run them directly as regression tests through Gradle.

Configuration options

By default, the plugin expects all fuzz tests to be in the default test sources set, which is usually located in src/test. If the tests are in a separate test source set – or test suite – you have to configure that.

Standard JVM (Java, Kotlin, ...) projects

If you use test suites (available since Gradle 7.4) you can do the configuration as follows:

testing.suites.register("fuzzTest", JvmTestSuite::class) {
    cifuzz.testSourceSet.set(sources)
    // ... (further configuration of the test suite)
}

If you create the test source set directly you can do a configuration like this:

val fuzzTest = sourceSets.create("fuzzTest")
val fuzzTestTask = tasks.register("runFuzzTest", Test::class) {
    classpath = fuzzTest.runtimeClasspath
    testClassesDirs = fuzzTest.output.classesDirs
    // ... (further configuration of the custom test task)
}

cifuzz {
    testSourceSet.set(fuzzTest)
    testTask.set(fuzzTestTask) // only if the task name is different from the source set name
}

Android projects

In Android projects, you can configure the androidVariant for which to run the fuzz tests (default is release).

cifuzz {
    androidVariant.set("fullDebug") // Set to variant for flavor=full and buildType=debug 
}