The automated testing platform Code Intelligence recently announced that it has integrated its open-source JavaScript fuzz testing engine, Jazzer.js, into Jest, a unit testing framework for JavaScript.
Jazzer.js is a free, coverage-guided, in-process fuzzer spanning the Node.js platform. It is currently available within JavaScript’s node package manager.
With this, developers can use Jest for both functional and security testing without the need to leave their development environment.
According to the company, the integration offers developers the ability to run automated security tests that are complementary to their existing unit tests and allows them to test JavaScript applications for hidden bugs.
Code Intelligence also stated that it will be bringing the ability to receive specialized bug detectors for critical vulnerabilities to Jazzer.js. These include remote executions, cross-site-scripting, and injections.
“While most JavaScript developers already use Jest for functional testing, to test whether their application behaves as expected, our new Jest integration allows developers to also do negative testing. This is to check their applications for unexpected or strange behaviors. It does not only avoid security issues but makes the code more reliable and reduces outages and bad user experience,” said Werner Krahe, product director of Code Intelligence.
The Jest integration enables developers to call Jazzer.js by using the new it.fuzz() function in describe() blocks.
This function works to call fuzz tests that use coverage feedback to generate several unused and unexpected test inputs that have the ability to trigger security vulnerabilities as well as functional bugs.
For more information, visit the website.
