diff --git a/docs/fuzz-targets.md b/docs/fuzz-targets.md index e80e40fb..a2d3315e 100644 --- a/docs/fuzz-targets.md +++ b/docs/fuzz-targets.md @@ -167,8 +167,9 @@ flag, so that only the most important parameters are discussed here. | ----------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `` | Import path to the fuzz target module. | | `[corpus...]` | Paths to the corpus directories. If not given, no initial seeds are used nor interesting inputs saved. | -| `-- ` | Parameters after `--` are forwarded to the internal fuzzing engine (`libFuzzer`). Available settings can be found in its [options documentation](https://www.llvm.org/docs/LibFuzzer.html#options). | +| `-f`, `--fuzz_function` | Name of the fuzz test entry point. It must be an exported function with a single [Buffer](https://nodejs.org/api/buffer.html) parameter. Default is `fuzz`. | | `-i`, `--instrumentation_includes` / `-e`, `--instrumentation_excludes` | Part of filepath names to include/exclude in the instrumentation. A tailing `/` should be used to include directories and prevent confusion with filenames. `*` can be used to include all files. Can be specified multiple times. Default will include everything outside the `node_modules` directory. | | `--sync` | Enables synchronous fuzzing. **May only be used for entirely synchronous code**. | | `-h`, `--custom_hooks` | Filenames with custom hooks. Several hooks per file are possible. See further details in [docs/fuzz-settings.md](fuzz-settings.md). | | `--help` | Detailed help message containing all flags. | +| `-- ` | Parameters after `--` are forwarded to the internal fuzzing engine (`libFuzzer`). Available settings can be found in its [options documentation](https://www.llvm.org/docs/LibFuzzer.html#options). | diff --git a/packages/core/cli.ts b/packages/core/cli.ts index eabbf410..0dcc80f2 100644 --- a/packages/core/cli.ts +++ b/packages/core/cli.ts @@ -66,13 +66,15 @@ yargs(process.argv.slice(2)) type: "string", }) - .option("fuzzFunction", { - describe: "Name of the fuzz target function.", + .option("fuzz_function", { + describe: + "Name of the fuzz test entry point. It must be an exported " + + "function with a single Buffer parameter", + alias: "f", type: "string", default: "fuzz", group: "Fuzzer:", }) - .hide("fuzzFunction") .option("id_sync_file", { describe: @@ -169,7 +171,7 @@ yargs(process.argv.slice(2)) // noinspection JSIgnoredPromiseFromCall startFuzzing({ fuzzTarget: ensureFilepath(args.fuzzTarget), - fuzzEntryPoint: args.fuzzFunction, + fuzzEntryPoint: args.fuzz_function, includes: args.instrumentation_includes, excludes: args.instrumentation_excludes, dryRun: args.dry_run, diff --git a/tests/promise/fuzz.js b/tests/promise/fuzz.js index 12d02fec..e65ffe85 100644 --- a/tests/promise/fuzz.js +++ b/tests/promise/fuzz.js @@ -20,7 +20,7 @@ let invocationCount = lastInvocationCount + 1; /** * @param { Buffer } data */ -module.exports.fuzz = function (data) { +module.exports.fuzz_promise = function (data) { return new Promise((resolve, reject) => { if (data.length < 3) { resolve(invocationCount++); diff --git a/tests/promise/package.json b/tests/promise/package.json index baa06985..862db154 100644 --- a/tests/promise/package.json +++ b/tests/promise/package.json @@ -3,8 +3,8 @@ "version": "1.0.0", "description": "An example showing how Jazzer.js handles promise based fuzz targets", "scripts": { - "fuzz": "jazzer fuzz -x Error -- -max_total_time=60", - "dryRun": "jazzer fuzz -- -runs=1 -seed=123456789" + "fuzz": "jazzer fuzz --fuzz_function fuzz_promise -x Error -- -max_total_time=60", + "dryRun": "jazzer fuzz --fuzz_function fuzz_promise -- -runs=1 -seed=123456789" }, "devDependencies": { "@jazzer.js/core": "file:../../packages/core"