Google ya gabatar da tsarin gwajin fuzzing na ClusterFuzzLite

Google ya gabatar da aikin ClusterFuzzLite, wanda ke ba da damar shirya gwaji mai ban mamaki na lambar don gano yuwuwar raunin da wuri yayin aiwatar da tsarin haɗin kai. A halin yanzu, ana iya amfani da ClusterFuzz don sarrafa fuzz gwajin buƙatun ja a GitHub Actions, Google Cloud Build, da Prow, amma ana sa ran tallafi ga sauran tsarin CI a nan gaba. Aikin ya dogara ne akan dandalin ClusterFuzz, wanda aka ƙirƙira don daidaita ayyukan ƙungiyoyin gwaji masu fuzzing, kuma ana rarraba su ƙarƙashin lasisin Apache 2.0.

An lura cewa bayan Google ya gabatar da sabis na OSS-Fuzz a cikin 2016, fiye da mahimman ayyukan buɗaɗɗen tushe guda 500 an karɓi su a cikin ci gaba da gwajin gwaji. Dangane da gwaje-gwajen da aka yi, sama da mutane 6500 da aka tabbatar sun kawar da rashin lahani kuma an gyara kurakurai sama da dubu 21. ClusterFuzzLite yana ci gaba da haɓaka hanyoyin gwaji masu ban mamaki tare da ikon gano matsaloli a baya a matakin bita na canje-canjen da aka gabatar. An riga an aiwatar da ClusterFuzzLite a cikin canje-canjen tsarin bita a cikin tsarin tsarin da ayyukan curl, kuma ya ba da damar gano kurakuran da masu bincike na tsaye suka rasa da kuma linters da aka yi amfani da su a matakin farko na bincika sabon lamba.

ClusterFuzzLite yana goyan bayan nazarin aikin a cikin C, C++, Java (da sauran yarukan tushen JVM), Go, Python, Rust, da Swift. Ana yin gwajin fuzzing ta amfani da injin LibFuzzer. AdireshinSanitizer, MemorySanitizer, da UBSan (UdefinedBehaviorSanitizer) kayan aikin kuma ana iya kiran su don gano kurakuran ƙwaƙwalwar ajiya da abubuwan da ba su da kyau.

Maɓalli na ClusterFuzzLite: saurin bincika canje-canjen da aka tsara don nemo kurakurai kafin karɓar lambar; zazzage rahotanni game da yanayin haɗari; ikon ci gaba zuwa ƙarin gwajin fuzzing na ci gaba don gano kurakurai masu zurfi waɗanda ba su bayyana ba bayan bincika canje-canjen lambar; samar da rahotannin ɗaukar hoto don tantance ɗaukar hoto yayin gwaji; gine-gine na zamani wanda ke ba ka damar zaɓar ayyukan da ake buƙata.

Bari mu tuna cewa gwaji mai ban sha'awa ya ƙunshi samar da rafi na kowane nau'in haɗin haɗin bayanan shigar da ke kusa da ainihin bayanai (misali, shafukan html masu sigogin alamar bazuwar, rumbun adana bayanai ko hotuna tare da lakabi mara kyau, da sauransu), da yin rikodi mai yiwuwa. gazawar wajen sarrafa su. Idan jeri ya yi karo ko bai dace da martanin da ake tsammani ba, to wannan hali na iya nuna kwaro ko rauni.

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster