IGoogle ityhiliwe kutshanje ukukhutshwa kwe Iprojekthi yeAtheris, Olu luphuhliso lwe iseti yezixhobo zomthombo ovulekileyo ikhethekileyo kuvavanyo olungaqondakaliyo lwePython khowudi kunye nezandiso ze-CPython ezibhalwe kwi-C / C ++.
Le projekthi isebenzisa i-injini esekwe kwi-libFuzzer kwaye inokusetyenziswa ngokudibeneyo ne-Idilesi yeSanitizer kunye nezixhobo ze-Undefined Behaeve Sanitizer ukufumana iimpazamo ezongezelelweyo. Ikhowudi ivulekile phantsi kwelayisenisi ye-Apache 2.0.
Malunga neGoogle Atheris
Ngamazwi kaGoogle Atheris, sisixhobo esingasetyenziselwa ukufumana ngokuzenzekelayo iimpazamo kwikhowudi yePython kunye nolwandiso lwendalo. I-Atheris 'yindawo eqhutywa kukugubungela', okuthetha ukuba uAtheris uza kuphinda azame iindlela ezahlukeneyo zokufaka kwinkqubo yakho ngelixa ubukele iqhuba kwaye uzama ukufumana iindlela ezinomdla.
Ukuphononongwa kwekhowudi kuxhaswe iPython 2.7 kunye nePython 3.3+, kodwa ukugubungela okupheleleyo, okukhokelwayo, sicebisa ukuba kusetyenziswe amasebe Python 3.8 kunye no-3.9, ngoku axhasa amanani opcode nge-opcode.
Kwinkqubo, Uluhlu lweAtheris lunokudityaniswa okunokubakho kwedatha yegalelo kwaye ivelise ingxelo Kuzo zonke iimpazamo ezifunyenweyo kunye nokungafunyanwa okungafumanekiyo.
Umzekelo, xa ujonga ilayibrari yokwahlulahlula i-YAML e-Atheris, kwafumaniseka ukuba ezinye ze-YAML ziyakha, njengokukhankanya u "-_" endaweni yexabiso elipheleleyo okanye ukusebenzisa uluhlu endaweni yesitshixo, phosa into engalindelekanga endaweni ye Iimpazamo eziqhelekileyo zeYAMLERrors.
Uvavanyo lwe-fuzz yindlela eyaziwayo yokufumanisa iimpazamo zenkqubo. Uninzi lwezi mpazamo zibonakala zinobungozi obukhulu kwezokhuseleko. UGoogle ufumene amawaka okhuseleko kunye nezinye iincukuthu xa usebenzisa le ndlela. I-Fuzzing isetyenziswa ngokwesiko kwiilwimi zemveli ezinjenge-C okanye i-C ++, kodwa kunyaka ophelileyo senze injini entsha ye-Python fuzzing. Namhlanje, sikhuphe i-Atheris fuzzing injini njengomthombo ovulekileyo.
Atheris Ingasetyenziselwa ukuchonga umahluko kwindlela yokuziphatha zamathala eencwadi ajolise kwimisebenzi efanayo. Umzekelo, isishwankathelo sokutshekishwa kwephakheji yePython "idna" kunye nethala leencwadi "libidn2", elenza umsebenzi wokumisela amagama ezizinda zamanye amazwe, lafumanisa ukuba alisoloko livelisa iziphumo ezifanayo.
Enye yezona zinto zisetyenziselwa i-Atheris yeyokwahlulahlula okwahlukileyo. Ezi zi-fuzzers ezijonga umahluko kwindlela yokuziphatha kweelayibrari ezimbini ezenzelwe ukwenza into enye. Omnye wemizekelo yeefuzzers ehlanganiswe no-Atheris yenza kanye le nto ukuthelekisa iphakheji ye "idna" yePython kunye ne-C "libidn2" package.
Ngokukodwa, ukuba i-domain isebenzise ulandelelwano lwe-Unicode, emva koko "idna" kunye ne "libidn2" ziguqule igama ledomain lamazwe aphesheya laba yimikhosi eyahlukeneyo.
Ngokubanzi, i-Atheris iluncedo kwikhowudi emsulwa yePython okoko inendlela yokubonisa ukuba yeyiphi indlela "echanekileyo" yokuziphatha, okanye ubuncinci ukubonisa iindlela zokuziphatha ezingachanekanga ngokuqinisekileyo. Oku kunokuba nzima njengekhowudi yesiko kwi-fuzzer evavanya ukuchaneka kweziphumo zethala leencwadi, okanye zilula njengokujonga ukuba akukho zinto zingalindelekanga ziphakanyiswayo.
Kubalulekile ukuba uyithathele ingqalelo loo nto iimvavanyo fuzzing zivelisa umsinga wazo zonke iintlobo zokudityaniswa kwedatha yokufaka, kufutshane nedatha eyiyo (umzekelo, iphepha le-html elinamanani ethegi, iifayile okanye imifanekiso enezihloko ezingaqhelekanga, njl.njl.
Ukuba naluphi na ulandelelwano lukhokelela ngaphandle okanye aluhambelani nempendulo elindelekileyo, le ndlela yokuziphatha inokubonisa ibug okanye ubungozi.
Okokugqibela, njengoko kuchaziwe UAtheris usebenza ngePython khowudi kuhlobo 2.7 kunye 3.3+, nangona uGoogle ecebisa ngamandla ukusebenzisa i-3.8+ kunye nolwandiso lwendalo olubhalelwe i-CPython.
IWindows ayikabikho phakathi kweenkqubo zokusebenza ezixhaswayo, ke injini inomdla kuphela kubasebenzisi beLinux kunye neMac OS X okwangoku.
Ukuyisebenzisa kula maqonga, abaphuhlisi kufuneka babe nohlobo lwangoku lwe-Clang compiler frontend efakiweyo.
Ukuba ufuna ukwazi ngakumbi ngayoUngajonga inqaku lokuqala kwifayile ye- ukulandela ikhonkco.