I-ClusterFuzzLite, isixokelelwano sokuququzelela iimvavanyo zokudibanisa ikhowudi

Mva nje IGoogle ityhiliwe ngeposi blog iprojekthi ye-ClusterFuzzLite, evumela ukuququzelela iimvavanyo ze-fuzzing yekhowudi yokubona kwangethuba ubuthathaka obunokwenzeka kwinqanaba lokusebenza kweenkqubo eziqhubekayo zokudibanisa.

Okwangoku, iClusterFuzz ingasetyenziselwa ukwenza uvavanyo lwe-fuzz oluzenzekelayo lwezicelo zokutsalwa kwii-GitHub Actions, Google Cloud Yakha kunye Prow, kodwa kulindeleke ukuba kwixesha elizayo iya kuhambelana nezinye iinkqubo ze-IC. Le projekthi isekelwe kwiqonga le-ClusterFuzz, elenzelwe ukulungelelanisa umsebenzi wamaqela ovavanyo oluxubeneyo, kwaye isasazwe phantsi kwelayisensi ye-Apache 2.0.

Kufuneka kuqatshelwe ukuba emva kokuqaliswa kwe-Google yenkonzo ye-OSS-Fuzz kwi-2016, iiprojekthi ezingaphezulu kwe-500 ezinkulu ezivulekileyo zamkelwe kwinkqubo yokuvavanya i-fuzzing eqhubekayo. Ukususela kwiitshekhi eziqhutywe, ngaphezu kwe-6.500 eqinisekisiweyo yobuthathaka isusiwe kwaye ngaphezu kwe-21.000 iimpazamo ziye zalungiswa.

Malunga neClusterFuzzLite

I-ClusterFuzzLite iyaqhubeka nokuphuhlisa iindlela zovavanyo ezintsonkothileyo ngokukwazi ukuchonga imiba kwangaphambili kwinqanaba lophononongo loontanga lotshintsho olucetywayo. I-ClusterFuzzLite sele yaziswa kwiinkqubo zokuphonononga utshintsho kwiiprojekthi ze-systemd kunye ne-curl, kwaye yenze ukuba kube lula ukuchonga iimpazamo ezingazange zibonwe kwi-analyzers static kunye ne-linters ezisetyenziswe kwinqanaba lokuqala lokuqinisekisa ikhowudi entsha.

Namhlanje, siyavuya ukwazisa i-ClusterFuzzLite, isisombululo esiqhubekayo esisebenza njengenxalenye ye-CI / CD workflows ukufumana ubuthathaka ngokukhawuleza kunangaphambili. Ngemigca embalwa nje yekhowudi, abasebenzisi be-GitHub banokudibanisa i-ClusterFuzzLite ekuhambeni komsebenzi wabo kunye nezicelo zokutsala i-fuzz ukubamba ii-bugs ngaphambi kokuba zenziwe, ukuphucula ukhuseleko olupheleleyo lwekhonkco lokubonelela ngesoftware.
Ukususela ekuqalisweni kwayo kwi-2016, ngaphezu kwe-500 yeeprojekthi ezibalulekileyo zemithombo evulekile ziye zadibaniswa kwiprogram ye-OSS-Fuzz ye-Google, ekhokelela ekulungisweni kobuthathaka obungaphezulu kwe-6.500 kunye ne-21.000 bugs. I-ClusterFuzzLite ihamba kunye ne-OSS-Fuzz, ibona iimpazamo zokuhlehla kwangaphambili kwinkqubo yophuhliso.

I-ClusterFuzzLite ixhasa ukuqinisekiswa kweprojekthi kwi-C, C ++, Java (kunye nezinye iilwimi ezisekwe kwiJVM), Hamba, iPython, iRust, kunye neSwift. Uvavanyo lwe-fuzzing lwenziwa kusetyenziswa injini ye-LibFuzzer. I-AddressSanitizer, MemorySanitizer, kunye ne-UBSan (UndefinedBehaviorSanitizer) izixhobo nazo zinokubizwa ukuba zibone iimpazamo zememori kunye nezinto ezingaqhelekanga.

Kwizinto eziphambili I-ClusterFuzzLite ibalaselisa umzekelo ukuqinisekiswa ngokukhawuleza kweenguqu ezicetywayo ukufumana iimpazamo kwinqanaba phambi kokwamkelwa kwekhowudi, ngokunjalo ukukhutshelwa kweengxelo malunga neemeko zokwenzeka kwengozi, ukukwazi ukuya iimvavanyo eziphambili ngakumbi ze-fuzzing ukuchonga iimpazamo ezinzulu ezingazange zivele emva kokuqinisekisa utshintsho lwekhowudi, kwakhona isizukulwana seengxelo zokugubungela ukuvavanya ukugubungela ikhowudi ngexesha lovavanyo kunye nolwakhiwo lweemodyuli oluvumela ukuba ukhethe umsebenzi ofunekayo.

Iiprojekthi ezinkulu ezibandakanya i-systemd kunye ne-curlya zisebenzisa i-ClusterFuzzLite ngexesha lokuphononongwa kwekhowudi, kunye neziphumo ezilungileyo. NgokukaDaniel Stenberg, umbhali we-curl, "Xa abaphononongi babantu bevuma kwaye beyivumile ikhowudi kwaye abahlalutyi bekhowudi yabo engatshintshiyo kunye ne-linters abanakukwazi ukubona ezinye iingxaki, i-fuzzing yeyona nto ikuthatha ikubeke kwinqanaba elilandelayo lokukhula kwekhowudi kunye nokomelela. I-OSS-Fuzz kunye ne-ClusterFuzzLite zisinceda ukuba sigcine i-curl njengeprojekthi esemgangathweni, yonke imihla, yonke imihla kunye nokuzibandakanya.

Kufuneka sikhumbule ukuba iimvavanyo ezintsonkothileyo zivelisa umjelo wazo zonke iintlobo zendibaniselwano engacwangciswanga yedatha ekufutshane neyona datha (umzekelo, amaphepha e-html aneeparamitha zethegi engaqhelekanga, iifayile okanye imifanekiso eneeheda ezingaqhelekanga, njl.njl.) kwaye zilungise iintsilelo ezinokwenzeka kwinkqubo.

Ukuba naluphi na ulandelelwano aluphumeleli okanye aluhambelani nempendulo elindelekileyo, le ndlela yokuziphatha ibonakalisa igciwane okanye ukuba sesichengeni.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa.

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.