Light

npryce / snodge Goto Github PK

View Code? Open in Web Editor NEW

155.0 8.0 8.0 6.21 MB

Randomly mutate JSON, XML, HTML forms, text and binary data for fuzz testing

License: Apache License 2.0

Makefile 1.11% Kotlin 93.00% HTML 4.13% XSLT 1.23% Shell 0.53%

testing fuzzing fuzz-testing test-driven-development kotlin kotlin-library jvm javascript xml json

snodge's Introduction

Snodge

A small, extensible Kotlin library to randomly mutate JSON & XML documents, text and binary data. Useful for fuzz testing.

Examples of things you can test by mutating known good data:

unexpected structures will not make your application code throw unchecked exceptions
your application code ignores additional properties
your application code does not throw unchecked exceptions when parsing values from text properties
your application does not instantiate arbitrary classes named in data (a potential security risk)
your application copes with invalid Unicode encoding of text
and much, much more!

See an interactive demonstration.

In a Nutshell

Add a dependency on Snodge (replace <version> with the version of Snodge you wish to use):

testImplementation 'com.natpryce:snodge:<version>'

For the JVM platform, add an implementation of the JSR-374 JSONP API, such as:

testRuntimeOnly 'org.glassfish:javax.json:1.1'

Import the library:

import com.natpryce.snodge.mutants
import com.natpryce.snodge.json.defaultJsonMutagens

Output 10 random mutations of the JSON document:

val random = Random()
val originalJson = "{\"x\": \"hello\", \"y\": [1,2,3]}"

random.mutants(defaultJsonMutagens().forStrings(), 10, originalJson)
    .forEach(::println)

Example output:

{"x":"hello","y":[1,2,3,null]}
{"y":[1,2,3],"x":{}}
{"x":"hello","y":[2,3]}
{"x":"hello","y":[{},2,3]}
{"x":"hello"}
{"x":"hello","y":[1,2,{}]}
{"x":"hello","y":[1,null,3]}
{"y":[1,2,3],"x":"hello"}
{"y":[1,2,3],"x":"a string"}
{"x":"hello","y":[99,2,3]}

API Adapters

On the JVM, Snodge can mutate the JSON object models of the Jackson, GSON & JSR-374 JSONP and Argo APIs, XML DOM, and JSON and XML serialised as text and binary.

On JavaScript, Snodge can mutate XML as DOM Documents, and XML and JSON as text.

For more information, continue reading the documentation.

Other versions

The Kotlin library is version 3.x.x.x.

Previous versions:

Version 2.x.x.x (java8 branch) is for Java 8, and uses streams and Java 8 function types
Version 1.x.x.x (java7 branch) is for Java 7 and depends on Guava

Download from Maven Central

Download from NPM

snodge's People

Contributors

Stargazers

Watchers

Forkers

tomwilshere alessiogambi czfmuyu omuomugin dk-courses bantosik csabazs

snodge's Issues

Ensure mutations do not reorder JSON object properties

Currently mutations change the order in which JSON object properties are written out.

If a JSON processor cannot handle reordered properties (e.g. a streaming processor), the current Snodge behaviour will mask errors that should be detected by the mutation -- the processor will fail because the mutated field has changed order before the actual mutation can affect it.

Therefore Snodge should ensure that mutations do not reorder properties. The ReorderObjectProperties mutagen can be used to explicitly test for sensitivity to property order.

Mutagens for XML

Add an IdentityMutator<T>

Useful for treating mutation and no mutation polymorphically

Make GSON an implementation detail, not dependency at API

The dependency on GSON introduces dependency clash in big (unwieldy) projects.

To fix: remove dependency from GSON at the API, only exposing APIs that work with generic JSON representations (e.g. strings, encoded strings).

Unfortunately Maven's dependency model does not distinguish between private and public dependencies, so the build will have to repackage GSON when zipping the compiled code into JARs.

API adaptor for the Argo JSON API

Improve diagnostics to better show the mutation that caused an error

Switch from GSON to JSR 353 JSON API

https://jsonp.java.net/download.html

Add a forEncodedStrings(charset) transform, to match forStrings()

E.g. turn a JsonMutator into a Mutator<byte[]>, mutating JSON encoded in a given character encoding

Support mutating multiple original values

Ensure an even selection of mutants from all possible mutations of all possible values.

Support JDK 6

Yes, it's EOL. But there's lots of legacy systems that need some snodging.

Outdated readme

Read me is outdated with the latest version.
Provided sample snippet in the readme does not work with Android, there is a ClassNotFoundException with reflection.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.