Atheris, Kayan Kayan Gwajin Kayan Katin Python

Google ya bayyana kwanan nan fitowar Atheris aikin, wanda ci gaba ne na saitin kayan aikin budewa na musamman don gwajin fuzzing na lambar Python da kari ga CPython da aka rubuta a cikin C / C ++.

Wannan aikin yana amfani da injin tushen libFuzzer kuma ana iya amfani dashi tare da Sanitizer Adireshin da kayan aikin Sanitizer na ndeabi'a don gano ƙarin kurakurai. An buɗe lambar a ƙarƙashin lasisin Apache 2.0.

Game da Google Atheris

A cikin kalmomin Google Atheris, kayan aikin kayan aiki ne wanda za a iya amfani dasu don nemo kurakurai ta atomatik a cikin lambar Python da nativearin nativean asalin. Atheris shine 'fuzzer mai' ɗaukar hoto, wanda ke nufin cewa Atheris zai maimaita gwajin abubuwa daban-daban ga shirinku yayin kallon sa yana gudana kuma yayi ƙoƙari ya sami hanyoyi masu ban sha'awa.

Binciken code don Python 2.7 da Python 3.3+ ana tallafawa, amma don cikakken jagorar ɗaukar hoto, ana bada shawarar yin amfani da rassa na Python 3.8 da 3.9, waɗanda yanzu ke tallafawa ƙididdigar opcode ta opcode.

A cikin tsari, Atheris ya lissafa yiwuwar haɗakar bayanan shigarwa kuma yana samar da rahoto akan duk kuskuren da aka gano da kuma abubuwan da ba'a gano ba.

Misali, yayin bincika dakin karatun YAML dake bincike a Atheris, an gano cewa wasu YAML suna ginawa, kamar tantancewa "-_" a maimakon adadin adadi ko amfani da jerin maimakon mabuɗi, jefa banda wanda ba zato ba tsammani maimakon Kuskuren kuskuren YAMLEr.

Gwajin fuzz sanannen fasaha ne don gano kurakuran shirye-shirye. Da yawa daga cikin waɗannan kurakuran da ake ganowa suna da mahimmancin tasirin tsaro. Google ya samo dubban raunin tsaro da sauran kwari lokacin amfani da wannan fasahar. Ana amfani da Fuzzing bisa al'ada a cikin yarukan ƙasa kamar C ko C ++, amma a bara mun ƙirƙiri sabon injin fuzzing na Python. A yau, mun saki injin fuzzing na Atheris azaman tushen tushe.

Atheris Hakanan za'a iya amfani dashi don gano bambancin ɗabi'a na dakunan karatu masu niyya iri daya. Misali, taƙaitaccen bincike na kunshin Python "idna" da laburaren "libidn2", waɗanda ke aiwatar da aikin ƙaddamar da sunayen yanki na duniya, ya gano cewa ba koyaushe suke samar da sakamako iri ɗaya ba.

Ofayan mafi kyawun amfani ga Atheris shine don masu watsawa daban-daban. Waɗannan sune fuzzers waɗanda ke neman bambance-bambance a cikin halayyar ɗakunan karatu guda biyu waɗanda ake nufin yin abu ɗaya. Ofayan mishan fuzzers da aka haɗa tare da Atheris yayi daidai wannan don kwatanta kunshin Python na "idna" tare da kunshin C "libidn2".

Musamman, idan yankin yayi amfani da jerin Unicode, to "idna" da "libidn2" sun canza sunan yankin na duniya zuwa runduna daban-daban.

Gabaɗaya, Atheris yana da amfani a tsarkakakkiyar lambar Python muddin kuna da hanyar bayyana menene halayyar "daidai", ko kuma aƙalla bayyana waɗanne halaye ne tabbatacce ba daidai bane. Wannan na iya zama mai rikitarwa kamar lambar al'ada a cikin fuzzer wanda ke kimanta daidaiton fitowar ɗakin karatu, ko mai sauƙi kamar bincika cewa babu wasu keɓantattun abubuwan ban mamaki da aka tayar.

Yana da mahimmanci a la'akari da hakan gwaje-gwajen fuzzing yana haifar da rafi iri daban-daban bazuwar haɗakar bayanai, kusa da ainihin bayanan (misali shafukan HTML tare da sigogin alamar bazuwar, fayiloli ko hotuna tare da taken al'ada, da dai sauransu) kuma gyara glitches masu yiwuwa a cikin aikin.

Idan kowane jeri ya haifar da togiya ko bai dace da martanin da ake tsammani ba, wannan halayyar tana iya nuna kwaro ko rauni.

A ƙarshe, kamar yadda aka ambata Atheris yana aiki tare da lambar Python a cikin sigar 2.7 da 3.3 +, kodayake Google ya ba da shawarar sosai ta amfani da 3.8+ da nativean kari na asali waɗanda aka rubuta don CPython.

Windows bai riga ya kasance cikin tsarin aiki mai tallafi ba, don haka injin yana da amfani ne kawai ga masu amfani da Linux da Mac OS X a yanzu.

Don amfani da shi a kan waɗannan dandamali, dole ne masu haɓaka su sami sabon juzu'in shigar kayan gaban Clang.

Idan kanaso ka kara sani game dashi, zaku iya bincika bayanin asali a cikin bin hanyar haɗi.


Abubuwan da ke cikin labarin suna bin ka'idodinmu na ka'idojin edita. Don yin rahoton kuskure danna a nan.

Kasance na farko don yin sharhi

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Mai alhakin bayanan: Miguel Ángel Gatón
  2. Dalilin bayanan: Gudanar da SPAM, gudanar da sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.