diff options
author | Zac Hatfield-Dodds <zac.hatfield.dodds@gmail.com> | 2021-01-16 10:33:29 +1100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-15 15:33:29 -0800 |
commit | 613d735dc704c8d292ae2b420b10346666a4c834 (patch) | |
tree | e0f30eaa7a1349145179e572ac75ec7d52bf75da /docs | |
parent | 69f39bc373c3869b17eec99148890b67b9badca6 (diff) |
Show how to use Hypothesis to fuzz Python code (#4975)
* Show how to use PBT
Hypothesis makes fuzzing complex Python code fun, easy, and a lot more rewarding than constructing all your objects by hand.
* Review updates
Diffstat (limited to 'docs')
-rw-r--r-- | docs/getting-started/new-project-guide/python_lang.md | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/docs/getting-started/new-project-guide/python_lang.md b/docs/getting-started/new-project-guide/python_lang.md index e6ee177d..14208e30 100644 --- a/docs/getting-started/new-project-guide/python_lang.md +++ b/docs/getting-started/new-project-guide/python_lang.md @@ -32,7 +32,8 @@ docker images. ### Example project We recommending viewing [ujson](https://github.com/google/oss-fuzz/tree/master/projects/ujson) as an -example of a simple Python fuzzing project. +example of a simple Python fuzzing project, with both plain-Atheris and +Atheris + Hypothesis harnesses. ### project.yaml @@ -99,3 +100,33 @@ ASAN_OPTIONS=\$ASAN_OPTIONS:symbolize=1:external_symbolizer_path=\$this_dir/llvm chmod u+x $OUT/$fuzzer_basename done ``` + +## Hypothesis + +Using [Hypothesis](https://hypothesis.readthedocs.io/), the Python library for +[property-based testing](https://hypothesis.works/articles/what-is-property-based-testing/), +makes it really easy to generate complex inputs - whether in traditional test suites +or [by using test functions as fuzz harnesses](https://hypothesis.readthedocs.io/en/latest/details.html#use-with-external-fuzzers). + +> Property based testing is the construction of tests such that, when these tests are fuzzed, + failures in the test reveal problems with the system under test that could not have been + revealed by direct fuzzing of that system. + +You also get integrated test-case reduction for free - meaning that it's trivial to +report a canonical minimal example for each distinct failure discovered while fuzzing! + +See [here for the core "strategies"](https://hypothesis.readthedocs.io/en/latest/data.html), +for arbitrary data, [here for Numpy + Pandas support](https://hypothesis.readthedocs.io/en/latest/numpy.html), +or [here for a variety of third-party extensions](https://hypothesis.readthedocs.io/en/latest/strategies.html) +supporting everything from protobufs, to jsonschemas, to networkx graphs or geojson +or valid Python source code. + +To use Hypothesis in OSS-Fuzz, install it in your Dockerfile with + +```shell +RUN pip3 install hypothesis +``` + +See [the `ujson` structured fuzzer](https://github.com/google/oss-fuzz/blob/master/projects/ujson/hypothesis_structured_fuzzer.py) +for an example "polyglot" which can either be run with `pytest` as a standard test function, +or run with OSS-Fuzz as a fuzz harness. |