Buggy JSON parser

Related tags

JSON fuzzgoat
Overview

Fuzzgoat: A minimal libFuzzer integration

This repository contains a basic C project that includes an (intentionally insecure) JSON parser. It is an example of an ideal libFuzzer integration with Fuzzbuzz. It contains:

  1. The parser itself. This can be built with make, and produces a binary that consumes and parses JSON files

  2. A fuzz test, which can be built with make fuzzer. The actual test sits inside the LLVMFuzzerTestOneInput function, and is built according to the libFuzzer documentation: https://llvm.org/docs/LibFuzzer.html (you might need to run CC=clang make fuzzer to build it on your local machine)

  3. A fuzzbuzz.yaml file, which tells Fuzzbuzz how to build the fuzzers, and configures the bug classes to look for

Requirements

Fuzzbuzz injects its own flags into code at compile time, which allows us to control the type of feedback we receive from your code. It also enables code coverage reporting and more detailed bug categorization. Your software and build system should be set up to properly work with these flags:

  • $CC and $CXX: Fuzzbuzz provides these environment variables when building. We recommend that you accept overrides to whatever default compiler you use via the environment

  • $CFLAGS and $CXXFLAGS: Fuzzbuzz provides these environment variables when building. Your program must append these flags provided by the environment to its own flags. Features like code coverage reporting will not work unless these flags are properly consumed

The fuzzer rule in the Makefile is a good example of how to include these flags in your fuzzer's compile steps.

WARNING

This C program has been deliberately backdoored with several memory corruption bugs to test the efficacy of fuzzers and other analysis tools. Each vulnerability is clearly commented in fuzzgoat.c. Under input-files/ are files to trigger each vulnerability.

CAUTION: Do not copy any of this code - there is evil stuff in this repo.

Thank You

Contributor: Joseph Carlos

Fuzzgoat was adapted from FuzzStati0n/fuzzgoat, which itself came from udp/json-parser - we chose it because:

  • Its not too big or cumbersome - ~1200 lines of C yet lots of paths for a fuzzer to dig into.
  • Performance: its very fast at ~1500 execs per sec per core.
  • The code is clean and very readable.

Fuzzbuzz would like to thank Fuzz Stati0n, and the creators and maintainers of udp/json-parser.

Owner
Fuzzbuzz
Fuzzbuzz
A C++, header-only library for constructing JSON and JSON-like data formats, with JSON Pointer, JSON Patch, JSON Schema, JSONPath, JMESPath, CSV, MessagePack, CBOR, BSON, UBJSON

JSONCONS jsoncons is a C++, header-only library for constructing JSON and JSON-like data formats such as CBOR. For each supported data format, it enab

Daniel Parker 450 Dec 6, 2021
This is a JSON C++ library. It can write and read JSON files with ease and speed.

Json Box JSON (JavaScript Object Notation) is a lightweight data-interchange format. Json Box is a C++ library used to read and write JSON with ease a

Anhero inc. 105 Oct 5, 2021
A convenience C++ wrapper library for JSON-Glib providing friendly syntactic sugar for parsing JSON

This library is a wrapper for the json-glib library that aims to provide the user with a trivial alternative API to the API provided by the base json-

Rob J Meijer 14 Jul 8, 2020
json-cpp is a C++11 JSON serialization library.

JSON parser and generator for C++ Version 0.1 alpha json-cpp is a C++11 JSON serialization library. Example #include <json-cpp.hpp> struct Foo {

Anatoly Scheglov 4 Dec 31, 2019
Ultralightweight JSON parser in ANSI C

cJSON Ultralightweight JSON parser in ANSI C. Table of contents License Usage Welcome to cJSON Building Copying the source CMake Makefile Vcpkg Includ

Dave Gamble 6.6k Dec 7, 2021
JSON parser and generator for C/C++ with scanf/printf like interface. Targeting embedded systems.

JSON parser and emitter for C/C++ Features ISO C and ISO C++ compliant portable code Very small footprint No dependencies json_scanf() scans a string

Cesanta Software 569 Dec 5, 2021
JSON & BSON parser/writer

jbson is a library for building & iterating BSON data, and JSON documents in C++14. \tableofcontents Features # {#features} Header only. Boost license

Chris Manning 36 Nov 21, 2021
Jsmn is a world fastest JSON parser/tokenizer. This is the official repo replacing the old one at Bitbucket

JSMN jsmn (pronounced like 'jasmine') is a minimalistic JSON parser in C. It can be easily integrated into resource-limited or embedded projects. You

Serge Zaitsev 2.8k Dec 4, 2021
A JSON parser in C++

JSON++ Introduction JSON++ is a light-weight JSON parser, writer and reader written in C++. JSON++ can also convert JSON documents into lossless XML d

Hong Jiang 470 Nov 27, 2021
🗄️ single header json parser for C and C++

??️ json.h A simple single header solution to parsing JSON in C and C++. JSON is parsed into a read-only, single allocation buffer. The current suppor

Neil Henning 456 Dec 4, 2021
Very low footprint JSON parser written in portable ANSI C

Very low footprint JSON parser written in portable ANSI C. BSD licensed with no dependencies (i.e. just drop the C file into your project) Never recur

James McLaughlin 1.1k Dec 2, 2021
Very simple C++ JSON Parser

Very simple JSON parser for c++ data.json: { "examples": [ { "tag_name": "a", "attr": [ { "key":

Amir Saboury 55 Nov 28, 2021
a JSON parser and printer library in C. easy to integrate with any model.

libjson - simple and efficient json parser and printer in C Introduction libjson is a simple library without any dependancies to parse and pretty prin

Vincent Hanquez 245 Nov 27, 2021
a header-file-only, JSON parser serializer in C++

PicoJSON - a C++ JSON parser / serializer Copyright © 2009-2010 Cybozu Labs, Inc. Copyright © 2011-2015 Kazuho Oku Licensed under 2-clause BSD license

Kazuho Oku 963 Nov 30, 2021
A fast JSON parser/generator for C++ with both SAX/DOM style API

A fast JSON parser/generator for C++ with both SAX/DOM style API Tencent is pleased to support the open source community by making RapidJSON available

Tencent 11.5k Nov 28, 2021
Lightweight, extremely high-performance JSON parser for C++11

sajson sajson is an extremely high-performance, in-place, DOM-style JSON parser written in C++. Originally, sajson meant Single Allocation JSON, but i

Chad Austin 515 Nov 14, 2021
🔋 In-place lightweight JSON parser

?? JSON parser for C This is very simple and very powerful JSON parser. It creates DOM-like data structure and allows to iterate and process JSON obje

Recep Aslantas 19 Nov 9, 2021
RapidJSON is a JSON parser and generator for C++.

A fast JSON parser/generator for C++ with both SAX/DOM style API

Tencent 11.5k Dec 3, 2021
single-header json parser for c99 and c++

ghh_json.h a single-header ISO-C99 (and C++ compatible) json loader. why? obviously this isn't the first json library written for C, so why would I wr

garrison hinson-hasty 12 Nov 14, 2021