Security News
38% of CISOs Fear They’re Not Moving Fast Enough on AI
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
JS fuzzer for generative testing of parsers that implement the SpiderMonkey Reflect.parse API
Fuzzer for generative testing of ECMAScript parsers, especially those that
implement the SpiderMonkey Reflect.parse
API.
npm install -g esfuzz
$ esfuzz --help
Usage: esfuzz OPT*
-n, --iterations NUM use at most NUM programs; default: unlimited
-d, --max-depth NUM create ASTs with a height no greater than NUM; default: 8
--acorn enable marijnh/acorn parser; default: on
--es6 allow ECMAScript 6 features in generated programs
--esprima enable ariya/esprima parser; default: on
--help display this help message and exit
--reflect enable Reflect.parse parser; default: on if it exists
--reflectjs enable zaach/reflect.js parser
--uglifyjs enable limited support for mishoo/UglifyJS2
--version display the version number and exit
--zeparser enable limited support for qfox/ZeParser
generate(options)
-> SpiderMonkey_AST
Generate a random SpiderMonkey AST that represents a valid ECMAScript program. Available options:
maxDepth
: create ASTs with a height no greater than this valuerender(programAST, format)
-> String
(JS program)Render a SpiderMonkey AST as an ECMAScript program. If the format
argument is
omitted, a random format will be used. Otherwise, the given object must be in
the format of escodegen's format
option.
fuzz(programAST, parsers)
-> void
Takes a SpiderMonkey AST and a list of objects that have a parse
method that
obeys the SpiderMonkey Reflect.parse API. This function will generate concrete
syntax and run it through each parser. If any of the parsers fail to parse the
program, an error will be thrown.
fuzzAndRoundtrip(programAST, parsers)
-> void
Identical to fuzz
, except additionally compares the outputs of each parser to
the generated program. If any of the parsers fail to parse the program or fail
to generate an AST equivalent to the given one, an error will be thrown.
FAQs
JS fuzzer for generative testing of parsers that implement the SpiderMonkey Reflect.parse API
The npm package esfuzz receives a total of 3 weekly downloads. As such, esfuzz popularity was classified as not popular.
We found that esfuzz demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.