JSON Parser Fuzzer

Overview

Create a fuzzer to test a JSON parsing function for robustness and crash detection. The parser should accept byte input and attempt to parse it as JSON, handling any exceptions gracefully during fuzzing.

Requirements

Implement a fuzz testing harness that:

1. Accepts arbitrary byte sequences as input
2. Attempts to parse the input as a UTF-8 JSON string
3. Handles parsing exceptions without crashing the fuzzer
4. Can be executed with command-line arguments for fuzzer configuration
5. Runs continuously until stopped or a crash is detected

Implementation Details

Create a file fuzz_json_parser.py that:

• Defines a test function that receives raw byte input
• Decodes the bytes as UTF-8 (handling decode errors)
• Attempts to parse the decoded string as JSON
• Catches and ignores expected exceptions (parsing errors, decode errors)
• Initializes the fuzzing engine with proper configuration
• Starts the fuzzing process

The fuzzer should properly initialize before starting the fuzzing loop and should be able to accept command-line arguments for fuzzer behavior control (such as corpus directories, maximum length, number of runs, etc.).

Test Cases { .tests }

Test Case 1: Basic Fuzzer Initialization { .test }

File: test_fuzz_json_parser.py

Test: Verify that the fuzzer initialization function can be called without errors

import sys
import fuzz_json_parser

def test_fuzzer_setup():
    """Test that the fuzzer can be initialized properly"""
    # The fuzzer setup should be callable and register the test function
    # This test verifies the initialization doesn't raise exceptions
    try:
        # Mock sys.argv to avoid actual fuzzing
        original_argv = sys.argv
        sys.argv = ['test', '-atheris_runs=0']

        # Import should trigger setup (if module-level setup is used)
        # or we can call setup directly if it's separate
        import fuzz_json_parser

        sys.argv = original_argv
        assert True, "Fuzzer initialized successfully"
    except Exception as e:
        sys.argv = original_argv
        raise AssertionError(f"Fuzzer initialization failed: {e}")

Test Case 2: Test Function Handles Valid JSON { .test }

File: test_fuzz_json_parser.py

Test: Verify the test function can handle valid JSON input

def test_handles_valid_json():
    """Test that the fuzzing target function handles valid JSON"""
    from fuzz_json_parser import TestOneInput

    # Test with valid JSON
    valid_json = b'{"key": "value", "number": 42}'
    try:
        TestOneInput(valid_json)
        assert True, "Valid JSON handled successfully"
    except Exception as e:
        raise AssertionError(f"Failed to handle valid JSON: {e}")

Test Case 3: Test Function Handles Invalid Input { .test }

File: test_fuzz_json_parser.py

Test: Verify the test function handles invalid input gracefully

def test_handles_invalid_input():
    """Test that the fuzzing target function handles invalid input gracefully"""
    from fuzz_json_parser import TestOneInput

    # Test with invalid inputs
    invalid_inputs = [
        b'not json at all',
        b'\xff\xfe invalid utf-8',
        b'{"incomplete": ',
        b'',
    ]

    for invalid_input in invalid_inputs:
        try:
            TestOneInput(invalid_input)
            # Should not raise unhandled exceptions
        except Exception as e:
            raise AssertionError(f"Unhandled exception for input {invalid_input}: {e}")

    assert True, "All invalid inputs handled gracefully"

Dependencies { .dependencies }

atheris { .dependency }

A coverage-guided fuzzing engine for Python. Provides the fuzzing infrastructure and instrumentation capabilities needed to perform effective fuzz testing of Python code.