Fuzzing .NET Code with OneFuzz

This document explains the purpose of the project, the rationale for using specific technologies, and key instructions for fuzz testing .NET code using OneFuzz.

Overview

This project demonstrates fuzz testing for .NET applications. It uses a .NET 8 (Windows) project where a code file is linked to the project. The linked file contains the functions required for fuzz testing.

Why Use .NET 8 (Windows)?

Current Support: At the time of writing, OneFuzz supports only .NET 8 projects. The Fuzz team is actively working on .NET 9 support.
Interim Solution: Until .NET 9 support is available, .NET 8 serves as a robust and temporary solution for fuzz testing, enabling direct code linking for efficient development.

Requesting Access

To log into the production instance of OneFuzz with the CLI, you must request access. Visit the internal OneFuzz Access Request Page for details.

How to Fuzz .NET Code

To set up and run fuzz testing on .NET code, follow the detailed guide available Fuzz .NET Code.

Running a .NET Fuzz Target Locally

Testing a .NET fuzz target locally requires specific configurations. For a step-by-step guide, see the section on Running a .NET Fuzz Target Locally.

Writing a Good OneFuzzConfig.json

The OneFuzzConfig.json file provides critical information for deploying fuzzing jobs using the OneFuzz Ingestion Preparation Tool and Ingestion Service.

Structure

The primary structure is an array of configuration entries. Outside the array, the configVersion field is used to track changes to the configuration schema.

For more details on how to write and structure this file, see the OneFuzzConfig V3 Documentation.

Tools

OneFuzz Ingestion Preparation (OIP) Tool

The OIP tool helps prepare data for ingestion and fuzz testing. Learn more about OneFuzz Ingestion Preparation (OIP) Tool.

OneFuzz CLI

The CLI provides commands to manage and execute fuzzing jobs. Download and set up the CLI by following this guide.