Create a Java-gRPC Application Fuzz Test

How to create a Java-gRPC Application Fuzz Test

To create a fuzz test for a Java gRPC application, go to the sidebar menu in the dashboard and click on the “Add Fuzz Test” button.

From the list, choose to create a Java Web App Fuzz Test.

java-api-select-fuzztest-typeAfterwards a new windows pops up and we need to give the fuzz test a name and select the web service name you configured before in Connecting Java gRPC applications

Save the fuzz test.

Now, the fuzz test need to be configured to use the generated shared object file stub.so during Project Setup of Java-gRPC applications.

For the saved fuzz test a fuzz test configuration file is saved in .code-intelligence/fuzz_targets/<FUZZ_NAME>.yaml in addition.  There it is necessary to change the following:

  1. Add run_extra_args option to point to stub.so file:
    run_extra_args:

    - "--proto_stub_path=src/main/proto/libproto_stub.so"
  2. Add base url option + port of your target application:
    base_url: "127.0.0.1:50051"
  3. hange protocol option to grpc:
    protocol: grpc

Click save, then run. After a few seconds, the status of the fuzz test should be running: