Fuzzing support for Python projects?

[Zac-HD]

I'm a core developer of Hypothesis, the property-based testing library for Python. Hypothesis is secretly a structured fuzzer, and in March I added support for treating arbitrary property-based tests as fuzz targets.

It would be lovely to apply this toolchain to CPython (see here, and here), write fuzzable tests for pip, fuzz existing tests for foundational tools like Numpy/Mercurial/PyPy, and so on. The only catch is that it's unclear to me whether, and if so how, Python projects are actually supported in OSS-FUZZ!

For example, to exercise the Python JSON module with python-afl:

import json, os, sys
import afl
from hypothesis import given, strategies as st

@given(st.recursive(
    st.none() | st.booleans() | st.integers() | st.floats(allow_nan=False) | st.text(),
    lambda x: st.lists(x) | st.dictionaries(st.text(), x)
))
def test_json_rountrip(x):
    assert x == json.loads(json.dumps(x))

if __name__ == "__main__":
    fuzz_target = test_json_rountrip.hypothesis.fuzz_one_input
    afl.init()
    fuzz_target(sys.stdin.buffer)
    os._exit(0)

If upstream support in Hypothesis would make OSS-FUZZ integration easier, I would be very happy to add whatever interface we decide on 🙂

[inferno-chromium]

We are still looking into python support and it would probably come sometime this year. I dont think https://github.com/jwilk/python-afl is sufficient for our needs, so we will be picking up something that is libFuzzer based.

[Zac-HD]

FYI I've been working on a Hypothesis-specific fuzzing mode to take advantage of the structure, validity, and user feedback available from property-based tests. I think the goals are somewhat different to OSS-Fuzz and cluster-scale fuzzing more generally, but Python fuzzing is rare enough that I thought it worth mentioning 🙂

[Zac-HD]

https://google.github.io/oss-fuzz/getting-started/new-project-guide/python-lang/ answers my question - and Atheris works very nicely with Hypothesis 😁

[inferno-chromium]

@Zac-HD - can you help to add some usage documentation about Hypothesis + Atheris in the our doc https://google.github.io/oss-fuzz/getting-started/new-project-guide/python-lang/. That way, community can uptake use of Hypothesis when reading about python fuzzing. Just need a few para in this file - https://github.com/google/oss-fuzz/blob/master/docs/getting-started/new-project-guide/python_lang.md
Look forward to your PR :)

@IanPudney as fyi!