Run Fuzz Tests remotely on a server
You can build one or multiple Fuzz Tests and bundle and upload them to CI Sense with the
cifuzz remote-run command:
cifuzz remote-run [--option...] [<fuzz test>...]
For the syntax of the <fuzz test> argument see this section.
This command needs a token to access the API of the remote fuzzing server. You can specify this token via the
CIFUZZ_API_TOKEN environment variable or by running the cifuzz login command first.
Options
The cifuzz remote-run command supports the following command specific options:
| Flag | Description |
|---|---|
--branch <name> | Branch name to use in the config By default, the currently checked out git branch is used |
--build-command <command> | The command to build the Fuzz Test for other build systems |
--build-jobs uint[=0] | Maximum number of concurrent processes to use when building If argument is omitted the native build tool's default number is used |
--bundle <path/to/bundle> | Path to an existing bundle to start a remote run with With this flag, the building and bundling is skipped and the specified bundle is uploaded to start a remote fuzzing run instead |
--clean-command <command> | The command to clean the Fuzz Test and its dependencies for other build systems |
--commit <name> | Commit to use in the config By default, the head of the currently checked out git branch is used |
--dict <path/to/file> | A file containing input language keywords or other interesting byte sequences This flag is only used if no default dictionary is found for the Fuzz Test See https://llvm.org/docs/LibFuzzer.html#dictionaries |
--docker-image <name> | A Docker image which is used as the base for the container image The image must contain all the dependencies required to run the Fuzz Test By default, the image is chosen automatically based on the build system ("eclipse-temurin:20" for Java build systems, "cifuzz/cifuzz-ubuntu:latest" for others) |
--engine-arg <argument> | Command-line argument to pass to the fuzzing engine See https://llvm.org/docs/LibFuzzer.html#options This flag can be used multiple times Not supported for Node.js projects |
--env <VAR>=<value> | Set environment variable when executing Fuzz Tests To use the value of VAR in the local environment, use '--env VAR' This flag can be used multiple times |
--interactive | Toggle interactive prompting in the terminal (default=true) |
--json | Print output as JSON |
-p, --project <name> | The name of the CI Fuzz project you want to start a fuzzing run for, e.g. "my-project-c170bc17" |
--project-dir <dir> | The project root which is the parent for all the project sources Defaults to the directory containing the cifuzz.yaml |
--registry <name> | The container registry to use for the upload of the container image e.g. ghcr.io/my-org/my-project |
-r, --resolve | Argument of the command is a path to a source file instead of a test identifier. The path can be either absolute or relative to the current working directory and will be resolved to the identifier of the corresponding Fuzz Test. |
-s, --seed-corpus <dir> | A directory containing sample inputs used as seeds for fuzzing the code under test This is used in addition to inputs found in the inputs directory of the Fuzz Test This flag can be used multiple times |
--server <address> | Address of CI Sense (default="https://app.code-intelligence.com") |
--timeout <duration> | Maximum time to run the Fuzz Test, e.g. "30m", "1h" The default is to run indefinitely |
--tls-skip-verify | Disable TLS certificate verification This means TLS will accepts any certificate presented by the server and any host name in that certificate |