Kwanan nan Google ya bayyana ta hanyar rubutun blog aikin ClusterFuzzLite, wanda ke ba da damar shirya gwaje-gwajen fuzzing na lamba don farkon gano yuwuwar lahani a cikin ci gaba da aiwatar da tsarin haɗin kai.
A halin yanzu, ClusterFuzz ana iya amfani da shi don sarrafa gwajin fuzz na buƙatun ja a cikin Ayyukan GitHub, Google Cloud Gina da Prow, amma ana sa ran nan gaba zai dace da sauran tsarin IC. Aikin ya dogara ne akan dandalin ClusterFuzz, wanda aka ƙirƙira don daidaita ayyukan ƙungiyoyin gwajin fuzzing, kuma ana rarraba shi ƙarƙashin lasisin Apache 2.0.
Ya kamata a lura cewa bayan gabatarwar sabis na OSS-Fuzz ta Google a cikin 2016, an karɓi fiye da manyan ayyukan buɗe ido 500 a cikin ci gaba da gwajin gwaji. Daga cikin binciken da aka yi, an kawar da kurakurai sama da 6.500 kuma an gyara kurakurai sama da 21.000.
Game da ClusterFuzzLite
ClusterFuzzLite yana ci gaba da haɓaka hanyoyin gwajin fuzzing tare da ikon gano al'amurra a baya a cikin lokacin bita na ƙwararrun sauye-sauyen da aka tsara. An riga an gabatar da ClusterFuzzLite a cikin ayyukan sake dubawa a cikin tsarin tsarin da ayyukan curl, kuma ya ba da damar gano kurakuran da ba a gano su ba a cikin masu bincike na tsaye da linters waɗanda aka yi amfani da su a farkon matakin tabbatar da sabon lambar.
A yau, muna farin cikin sanar da ClusterFuzzLite, ci gaba da warware matsalar da ke gudana a matsayin wani ɓangare na ayyukan CI / CD don nemo lahani cikin sauri fiye da kowane lokaci. Tare da ƴan layukan lambar, masu amfani da GitHub za su iya haɗa ClusterFuzzLite a cikin ayyukansu da buƙatun buƙatun don kama kwari kafin a yi su, inganta ingantaccen tsarin samar da software.
Tun lokacin da aka ƙaddamar da shi a cikin 2016, fiye da 500 mahimman ayyukan buɗaɗɗen tushe an haɗa su cikin shirin Google na OSS-Fuzz, wanda ya haifar da gyara fiye da lahani 6.500 da kwaroron aiki 21.000. ClusterFuzzLite yana tafiya tare da OSS-Fuzz, gano kurakuran koma baya da yawa a cikin tsarin haɓakawa.
ClusterFuzzLite yana goyan bayan ingancin aikin a C, C ++, Java (da sauran yarukan tushen JVM), Go, Python, Rust, da Swift. Ana yin gwaje-gwaje masu ban mamaki ta amfani da injin LibFuzzer. AdireshinSanitizer, MemorySanitizer da UBSan (UdefinedBehaviorSanitizer) kayan aikin kuma ana iya kiran su don gano kurakuran ƙwaƙwalwar ajiya da rashin daidaituwa.
Daga mahimman fasali ClusterFuzzLite yana haskaka misali da gaggawar tabbatar da canje-canjen da aka tsara don nemo kurakurai a cikin mataki kafin karɓar lambar, kazalika zazzage rahotanni kan yanayin faruwar hadurruka, da ikon matsawa zuwa ƙarin gwaje-gwaje masu ban mamaki don gano kurakurai masu zurfi waɗanda ba su bayyana ba bayan tabbatar da canjin lambar, da kuma samar da rahotannin ɗaukar hoto don kimanta ɗaukar hoto na lambar yayin gwaje-gwaje da tsarin gine-ginen da ke ba ku damar zaɓar aikin da ake buƙata.
Manyan ayyuka da suka haɗa da systemd da curlya suna amfani da ClusterFuzzLite yayin nazarin lamba, tare da sakamako mai kyau. A cewar Daniel Stenberg, marubucin curl, "Lokacin da masu bitar ɗan adam suka yarda kuma suka amince da lambar kuma masu nazarin lambobin su da linters ba za su iya gano wasu ƙarin matsaloli ba, fuzzing shine abin da zai kai ku zuwa matakin girma na lamba da ƙarfi. OSS-Fuzz da ClusterFuzzLite suna taimaka mana mu kula da curl a matsayin ingantaccen aiki, duk rana, kowace rana da kowane alkawari.
Dole ne mu tuna cewa gwaje-gwaje masu banƙyama suna haifar da rafi na kowane nau'in haɗin kai na bayanan shigar da ke kusa da ainihin bayanan (misali shafukan html tare da sigogin alamar bazuwar, fayiloli ko hotuna tare da manyan kantunan da ba na al'ada, da sauransu) da kuma gyara yuwuwar gazawar a cikin tsari.
Idan kowane jeri ya gaza ko bai dace da martanin da ake tsammani ba, da alama wannan ɗabi'ar tana nuna kwaro ko rauni.
Finalmente idan kuna sha'awar ƙarin sani game da shi, zaka iya duba bayanan A cikin mahaɗin mai zuwa.