Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OSS fuzz testing for the jq filters #3174

Open
ncoghlan opened this issue Sep 11, 2024 · 0 comments
Open

Add OSS fuzz testing for the jq filters #3174

ncoghlan opened this issue Sep 11, 2024 · 0 comments

Comments

@ncoghlan
Copy link

ncoghlan commented Sep 11, 2024
edited
Loading

In #2669 (comment) it was mentioned that there would be interest in fuzztesting jqlang itself, in addition to the existing fuzz testing of the JSON parser.

I decided to see how well AFL could do using just the jq files in the test suite as the initial seed (find tests/ -name '*.jq'), and tests/torture/input0.json as the input file.

AFL complains that the seed corpus contains redundancies, but it's still sufficient to let it start generating hundredsthousands of new test cases that exercise different paths through the jq code when running AFL from the build folder:

afl-fuzz -i fuzz-corpus-jqlang -o fuzz-results-jqlang ./jq -f @@ ../tests/torture/input0.json

(where build/fuzz-corpus-jqlang contained the test suite files found above)

I haven't actually looked at any of the results yet (AFL is still running against the head of the repo), but the summary so far suggests it will be worth a maintainer's time to try a similar exploration.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ncoghlan