Tools to help with software testing, fault injection and fuzzing

Frequently Asked Questions

Q: Fuzzsaw crashes when I try to open it?
A: Fuzzware requires version 3.5 of the .Net framework, make sure you have that installed.

Q: My fuzzing target already consumes XML, but it errors if I add a namespace to the XML and it seems like Schemer always adds a namespace, can I turn that off?
A: Not currently, what you can do though is add a new root node to your XSD and XML so that the namespace appears on that node and then add the SchemaAttributeCommand sac:markup="remove" to that node. This command will remove remove the markup of this node so that it doesn't appear in the output.

Q: I am fuzzing an XML format that has a standard XSD, however Schemer errors when it tries to compile the XSD?
A: Schemer uses the .Net libraries for compiling the XSD, so it's a case of satisfying .Net. The problem can usually be fixed by adjusting the imports, includes and referenced namespaces of the XSD files involved. XSD's that use xml:lang from the 1998 XML Schema definition can be problematic, but XPS shows how this can be solved (copy xml.xsd and all the dtd files to the XSD directory).

Q: When I output to the an executable it can't find the test case file?
A: The [filename] variable will be the 'Output Directory' concatenated with the test case filename, however many application require a full path to the file, so you need to prepend the path to the 'Output Directory' in the 'Command Line'.

E.g. If 'Output Directory' is 'Examples\Format\' then [filename] becomes 'Examples\Format\testcase.ext' (where testcase.ext is a placeholder for the actual testcase filename), meaning that if the executable requires a full path you should use a 'Command Line' of 'c:\Fuzzware\[filename]' (given you installed Fuzzware at 'c:\Fuzzware'). Don't forget to use quotes if the path contains spaces.

Update: As of version 1.4 there is a new token you can use on the command line [workingdir]. This token will be substituted with the current working directory. This should eliminate the need to hard code any paths into the command line.

Q: I'm using Fuzzware version 1.4 on Vista and it needs to run with administrative privileges, why?
A: With the introduction of FuzzwareDBG this is a new requirement. Basically to register FuzzwareDBG as a COM component or as the post-mortem debugger, admin credentials are required. The easiest solution was just to require all the Fuzzware exe's to run elevated. It's something I could probably change if it becomes an issue.

Q: Why doesn't Schemer support any of the date, time or duration XML Schema types?
A: Not any particularly good reason, just that there is currently no date or time fuzzer in Schemer. It is tempting to just fuzz these as strings, but that would lead to just about all test cases being rejected as invalid according to their type. If you need to fuzz date, time or duration types, change their type to string and define a custom fuzzer for that node.

Should sufficient demand arise then I can add a date, time and duration fuzzer to Schemer in a future release.