A common workflow is to inspect already existing unit tests, find the functions they are testing and then use “Fuzz this function” on these function definitions. “Fuzz This Function” automatically takes care of including required headers and linking the fuzz target against the correct libraries.
In the case of CppCMS there are many unit tests in the “tests” subfolder. For this tutorial we want to fuzz test the built in json parser. The corresponding unit test is defined in json_test.cpp:
json::value::load() is the function being tested, so we go to its definition and make use of “Fuzz this Function”
Clicking on “Fuzz this function” will automatically generate a minimal fuzz target for you. For CppCMS
json::value::load() it looks like this:
This still needs some fine tuning. While we at Code Intelligence are working hard to further automate the process of generating fully working fuzz targets for C++ (as we have already done for different frameworks, such as Springboot). Most of the time the remaining manual effort is very low. In this example, we only need to change the type of the incoming random data from
const uint8_t * to
const char * and fill in the missing method arguments. The complete fuzz target then looks like this: