Skip to content
/ dharma Public
forked from MozillaSecurity/dharma

A generation-based, context-free grammar fuzzer.

License

MPL-2.0 license
0 stars 90 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

csinfo/dharma

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
dharma
dharma
 
 
.travis.yml
.travis.yml
 
 
CONTRIBUTORS
CONTRIBUTORS
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
setup.cfg
setup.cfg
 
 
setup.py
setup.py
 
 

Repository files navigation

Logo

Build Status

Requirements

None

Examples

Generate a single test-case.

% ./dharma.py -grammars grammars/webcrypto.dg

Generate a single test case with multiple grammars.

% ./dharma.py -grammars grammars/canvas2d.dg grammars/mediarecorder.dg

Generating test-cases as files.

% ./dharma.py -grammars grammars/webcrypto.dg -storage . -count 5

Generate test-cases, send each over WebSocket to Firefox, observe the process for crashes and bucket them.

% ./dharma.py -server -grammars grammars/canvas2d.dg -template grammars/var/templates/html5/default.html
% ./framboise.py -setup inbound64-release -debug -worker 4 -testcase ~/dev/projects/fuzzers/dharma/grammars/var/index.html

Benchmark the generator.

% time ./dharma.py -grammars grammars/webcrypto.dg -count 10000 > /dev/null

Screenshots

Dharma Demo Dharma Menu

Grammar Cheatsheet

comment

%%% comment

controls

%const% name := value

sections

%section% := value
%section% := variable
%section% := variance

extension methods

%range%(0-9)
%range%(0.0-9.0)
%range%(a-z)
%range%(!-~)
%range%(0x100-0x200)

%repeat%(+variable+)
%repeat%(+variable+, ", ")

%uri%(path)
%uri%(lookup_key)

%block%(path)

%choice%(foo, "bar", 1)

assigning values

digit :=
    %range%(0-9)

sign :=
    +
    -

value :=
    +sign+%repeat%(+digit+)

using values

+value+

assigning variables

variable :=
    @variable@ = new Foo();

using variables

value :=
    !variable!.bar();

referencing values from common.dg

value :=
    attribute=+common:number+

calling javascript library functions

foo :=
    Random.pick([0,1]);

About

A generation-based, context-free grammar fuzzer.

Resources

Readme

License

MPL-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • JavaScript 52.8%
  • Python 44.4%
  • HTML 2.8%