Skip to content
/ snodge Public

Randomly mutate JSON, XML, HTML forms, text and binary data for fuzz testing

License

Notifications You must be signed in to change notification settings

npryce/snodge

Repository files navigation

Snodge

Kotlin Build Status Maven Central npm

A small, extensible Kotlin library to randomly mutate JSON & XML documents, text and binary data. Useful for fuzz testing.

Examples of things you can test by mutating known good data:

  • unexpected structures will not make your application code throw unchecked exceptions
  • your application code ignores additional properties
  • your application code does not throw unchecked exceptions when parsing values from text properties
  • your application does not instantiate arbitrary classes named in data (a potential security risk)
  • your application copes with invalid Unicode encoding of text
  • and much, much more!

See an interactive demonstration.

In a Nutshell

Add a dependency on Snodge (replace <version> with the version of Snodge you wish to use):

testImplementation 'com.natpryce:snodge:<version>'

For the JVM platform, add an implementation of the JSR-374 JSONP API, such as:

testRuntimeOnly 'org.glassfish:javax.json:1.1'

Import the library:

import com.natpryce.snodge.mutants
import com.natpryce.snodge.json.defaultJsonMutagens

Output 10 random mutations of the JSON document:

val random = Random()
val originalJson = "{\"x\": \"hello\", \"y\": [1,2,3]}"

random.mutants(defaultJsonMutagens().forStrings(), 10, originalJson)
    .forEach(::println)

Example output:

{"x":"hello","y":[1,2,3,null]}
{"y":[1,2,3],"x":{}}
{"x":"hello","y":[2,3]}
{"x":"hello","y":[{},2,3]}
{"x":"hello"}
{"x":"hello","y":[1,2,{}]}
{"x":"hello","y":[1,null,3]}
{"y":[1,2,3],"x":"hello"}
{"y":[1,2,3],"x":"a string"}
{"x":"hello","y":[99,2,3]}

API Adapters

On the JVM, Snodge can mutate the JSON object models of the Jackson, GSON & JSR-374 JSONP and Argo APIs, XML DOM, and JSON and XML serialised as text and binary.

On JavaScript, Snodge can mutate XML as DOM Documents, and XML and JSON as text.

For more information, continue reading the documentation.

Other versions

The Kotlin library is version 3.x.x.x.

Previous versions:

  • Version 2.x.x.x (java8 branch) is for Java 8, and uses streams and Java 8 function types
  • Version 1.x.x.x (java7 branch) is for Java 7 and depends on Guava

Download from Maven Central

Download from NPM