I-Google ivuliwe muva nje ukukhishwa kwe- Iphrojekthi ye-Atheris, okuyintuthuko ye- iqoqo lamathuluzi womthombo ovulekile okhethekile ngokuhlolwa okungaqondakali kwekhodi yePython nezandiso ze-CPython ezibhalwe nge-C / C ++.
Le phrojekthi isebenzisa injini esekwe libFuzzer futhi ingasetshenziswa ngokuhlangana namathuluzi we-Address Sanitizer kanye ne-Undefined Behaeve Sanitizer ukuthola amaphutha angeziwe. Ikhodi ivulekile ngaphansi kwelayisense le-Apache 2.0.
Mayelana ne-Google Atheris
Ngamazwi weGoogle Atheris, ithuluzi lamathuluzi elingasetshenziselwa ukuthola ngokuzenzakalela amaphutha kukhodi yePython nezandiso zomdabu. I-Atheris i-fuzzer 'yokuqhutshwa kokumboza', okusho ukuthi u-Atheris uzozama kaningi okokufaka okuhlukile kuhlelo lwakho ngenkathi eyibuka isebenza futhi azame ukuthola izindlela ezithokozisayo.
Ukubuyekezwa kwekhodi ye-Python 2.7 ne-Python 3.3+ kuyasekelwa, kepha ukumbozwa okugcwele okuqondisiwe, kunconywa ukusebenzisa amagatsha we-Python 3.8 no-3.9, manje asekela izibalo ze-opcode nge-opcode.
Ngenkathi, U-Atheris ubala inhlanganisela yedatha yokufaka engenzeka futhi akhiqize umbiko kuwo wonke amaphutha atholakele nokuhlukile okungatholakali.
Isibonelo, lapho ubheka umtapo wezincwadi we-YAML e-Atheris, kutholakale ukuthi amanye ama-YAML akha, njengokucacisa u - "-_" esikhundleni senani eliphelele noma ukusebenzisa uhlu esikhundleni sokhiye, phonsa okuhlukile okungalindelekile esikhundleni se YAMLErrors iphutha elijwayelekile.
Ukuhlolwa kwe-fuzz kuyindlela eyaziwayo yokuthola amaphutha wokuhlela. Amaningi ala maphutha atholakalayo anomthelela omkhulu kwezokuphepha. I-Google ithole izinkulungwane zokukhubazeka kokuphepha nezinye izimbungulu lapho usebenzisa le ndlela. I-Fuzzing isetshenziswa ngokwesiko ezilimini zomdabu njenge-C noma i-C ++, kepha ngonyaka odlule sakha injini entsha ye-Python fuzzing. Namuhla, sikhiphe i-Atheris fuzzing engine njengomthombo ovulekile.
I-Atheris futhi ingasetshenziswa ukukhomba umehluko ekuziphatheni yemitapo yolwazi ebhekise imisebenzi efanayo. Isibonelo, ukubhekwa okufingqiwe kwephakeji ye-Python "idna" kanye nomtapo wezincwadi "libidn2", owenza umsebenzi wokumisa amagama wesizinda owenziwe emazweni omhlaba, kutholakale ukuthi awahlali njalo eveza umphumela ofanayo.
Ukusetshenziswa okuhle kakhulu kwe-Atheris okwehlukaniswa okwehlukile. Lawa ngama-fuzzers afuna umehluko ekuziphatheni kwemitapo yolwazi emibili ehlose ukwenza into efanayo. Esinye sezibonelo ze-fuzzers ezihlanganiswe ne-Atheris senza ngqo lokhu ukuqhathanisa iphakethe le- "idna" likaPython nephakheji ye-C "libidn2".
Ikakhulu, uma isizinda sisebenzise ukulandelana kwe-Unicode, khona-ke i- "idna" ne- "libidn2" ziguqule igama lesizinda elenzelwa umhlaba wonke laba ngabasingathi abahlukahlukene.
Ngokuvamile, i-Atheris iyasiza kwikhodi emsulwa yePython inqobo nje uma inendlela yokuveza ukuthi kuyini ukuziphatha "okulungile", noma okungenani ukuveza ukuthi iziphi izindlela zokuziphatha ezingalungile neze. Lokhu kungaba yinkimbinkimbi njengekhodi yangokwezifiso ku-fuzzer ehlola ukunemba kokukhishwa kwelabhulali, noma ilula njengokuhlola ukuthi akukho okuhlukile okungalindelekile okuphakanyiswayo.
Kubalulekile ukuthi unake lokho izivivinyo ezi-fuzzing zikhiqiza ukusakazwa kwazo zonke izinhlobo zokuhlanganiswa okungahleliwe kwedatha yokufaka, duzane nedatha yangempela (ngokwesibonelo amakhasi we-html anamapharamitha wethegi angahleliwe, amafayela noma izithombe ezinesihloko esingajwayelekile, njll.) bese ulungisa izingqinamba ezinokwenzeka kule nqubo.
Uma noma ikuphi ukulandelana kuphumela kokuhlukile noma kungafani nempendulo elindelekile, lokhu kuziphatha kungenzeka kakhulu kukhombe isiphazamisi noma ukuba sengozini.
Ekugcineni, njengoba kushiwo I-Atheris isebenza ngekhodi yePython enguqulweni 2.7 naku-3.3+, yize iGoogle incoma ngokuqinile ukusebenzisa i-3.8+ nezandiso zomdabu ezibhalelwe i-CPython.
IWindows ayikabi phakathi kwezinhlelo zokusebenza ezisekelwayo, ngakho-ke injini inentshisekelo kubasebenzisi beLinux nabakwaMac OS X okwamanje.
Ukuyisebenzisa kulezi zingxenyekazi, onjiniyela kumele babe nenguqulo yamanje ye-Clang compiler frontend efakiwe.
Uma ufuna ukwazi kabanzi ngayo, ungabheka inothi yoqobo kufayela le- isixhumanisi esilandelayo.