How to run your fuzz tests using CI Fuzz SaaS
The easiest way to do this is by using the CI Fuzz plugin for Visual Studio Code. You have to push your fuzz tests to your project repository.
$ git add .code-intelligence
$ git commit -m "Add ci-fuzz project setup and fuzz tests"
$ git push
The CI Fuzz server will pull the build docker image you configured in VS Code automatically. So make sure it is available at a docker registry like docker hub or gcr.io.
Sign in to the web app
Open https://app.code-intelligence.com in your web browser. To sign in to the web app, you can use your GitHub, GitLab, or bitbucket account.
If you want to work on a project together with others, you can use an organization. To learn more about how organizations work, read Work together using organizations.
Importing your project
When you click "New Project" you can decide if you want the project to be owned by your organization or if you want to create a personal project.
In the next step, you need to provide the git URL of your project repository.
If you are using CI Fuzz On-Prem, you will see a Repository Token field. This is needed for authentication if you want to checkout from a private git repository. You can create a personal access token in your account settings in GitHub, GitLab, or BitBucket. For GitLab, using a deploy token is also supported. This feature is disabled in the SaaS since it is currently intended for open source projects only.
After the project has been initialized successfully, you see an overview showing the findings and the code coverage. Since we haven't run any fuzz tests, there are no findings yet.
Running fuzz tests
Choose which Test Collection you want to run in the left column. Clicking start will build and execute the corresponding fuzz tests. As an example project, we use the Zint Barcode Generator, in which we found and reported several vulnerabilities.
After the build is completed and the fuzz tests start running, you can watch the coverage increasing. The fuzz test runs until a bug is found or the configured time limit is reached.
Viewing findings and coverage reports
To view the details of the finding, click "All Findings". Here you can see a list of all findings. If you are only interested in findings of a specific type or severity, you can use the filters.
By selecting a finding, you see all details like the source file containing the bug, the crashing input, and the full address sanitizer log, which are very useful for further investigating the finding.
If you are interested in more details about the code coverage, click "Code Coverage" in the overview tab to get a list of all source files and their coverage.