dhruvmanila/Automated-Fuzzer

Automated Fuzzer

This repo contains simple tool to create broken files and checking them with special apps(biome, ruff, mypy and many more already are implemented, but it is easy to add support for any different app).

This small tool I created mainly for my own use without much vision, so you can easily compile app without changing source code if you want to use already implemented fuzzers, but if you want to test your own app

This tool is designed for fast iterations, so it works really great if your app can test/lint several files per second(e.g. ruff on my pc can test even 50 middle size files per second in one core). If you use slower tool(I had this problem mypy), you may want to manually generate broken files via create_broken_files and test this files in chunks manually.

How to use it?

• Install tool to create broken files(rust and cargo can be installed directly from https://rustup.rs/ via simple command)

cargo install create_broken_files

• Create file inside apps folder and customize class name
• Customize run command, broken messages or created files
• Add to MODE enum your app and point at new file in main.rs in match statement
• Create setting inside fuzz_settings.toml
• Create required folders used inside fuzz_settings.toml
• Find "valid" files - you can find a lot of files in github by cloning big repos and checking its files - https://github.com/search?q=stars%3A%3E50++language%3ARust+size%3A%3E1000&type=repositories
• Run app via cargo run --release

How this works

• At start app take n valid files from folder
• Depending on settings invalid files are created
• In loop, different app(ruff, biome, mypy etc.) check this file
• Basing on output messages like RUST_BACKTRACE, crashed, error, internal bug, file is checked if caused some bugs(this allow to find not only crashes).
• If it found it, then this file is copied to special folder
• If minimization is enabled, app tries to minimize output to produce bug(this may take some time, but output files are usually smaller 2x-100x times)

Video, how output should look:

simplescreenrecorder-2023-03-26_16.40.01.mp4

It really works?

Yes, it found thousands of crashes in several projects(most are implemented as examples):

• Selene - Kampfkarren/selene#505 (1375 files)
• Rome - rome/tools#4323 (>2000 files)
• Ruff - astral-sh/ruff#3721 (>2000 files)
• Symphonia - pdeljanov/Symphonia#201, pdeljanov/Symphonia#200 (30 files)
• Lofty - Serial-ATA/lofty-rs#174 - (1 file)
• Deno lint - denoland/deno_lint#1145 - (873 files)
• Oxc - oxc-project/oxc#232 - (>300 files)
• Static Check Go Tools - dominikh/go-tools#1393 - (10 files)
• Quick Lint js - quick-lint/quick-lint-js#974 - (81 files)