Google waxa ay soo bandhigtay mashruuca ClusterFuzzLite, kaas oo u oggolaanaya abaabulka tijaabinta koodka ee koodka hore ee ogaanshaha dayacanka iman kara inta lagu jiro hawlgalka nidaamyada is-dhexgalka joogtada ah. Waqtigan xaadirka ah, ClusterFuzz waxaa loo isticmaali karaa in si otomaatig ah loo tijaabiyo codsiyada jiidista ee GitHub Actions, Google Cloud Build, iyo Prow, laakiin taageerada nidaamyada kale ee CI ayaa la filayaa mustaqbalka. Mashruucu wuxuu ku salaysan yahay madal ClusterFuzz, oo loo sameeyay in la isku duwo shaqada kooxaha tijaabinta, waxaana lagu qaybiyaa shatiga Apache 2.0.
Waxaa la xusay in ka dib markii Google uu soo bandhigay adeegga OSS-Fuzz ee 2016, in ka badan 500 oo mashruucyo il furan oo muhiim ah ayaa la aqbalay barnaamijka tijaabada ah ee joogtada ah. Iyada oo lagu salaynayo tijaabooyinkii la sameeyay, in ka badan 6500 ayaa la xaqiijiyay inay dayacan yihiin, waxaana la saxay in ka badan 21 oo khalad ah. ClusterFuzzLite waxay sii waddaa inay horumariso habab tijaabo ah oo wareersan oo awood u leh inay aqoonsato dhibaatooyinka goor hore ee heerka dib u eegista isbeddellada la soo jeediyay. ClusterFuzzLite ayaa mar horeba lagu hirgaliyay habka dib u eegista isbeddelka ee mashaariicda habaysan iyo curl, waxayna suurtagelisay in la aqoonsado khaladaadka ay seegeen falanqeeyayaasha joogtada ah iyo litirnada loo adeegsaday marxaladdii hore ee hubinta kood cusub.
ClusterFuzzLite waxay taageertaa dib u eegista mashruuca ee C, C++, Java (iyo luqadaha kale ee JVM ku salaysan), Go, Python, Rust, iyo Swift. Tijaabada jahawareerka waxaa lagu sameeyaa iyadoo la isticmaalayo mishiinka LibFuzzer. CiwaankaSanitizer-ka, MemorySanitizer, iyo UBSan (UndefinedBehaviorSanitizer) aaladaha ayaa sidoo kale loogu yeeri karaa si loo aqoonsado khaladaadka xusuusta iyo cilladaha.
Tilmaamaha muhiimka ah ee ClusterFuzzLite: hubin degdeg ah ee isbeddellada la soo jeediyay si loo helo khaladaadka ka hor aqbalaadda koodka; soo dejinta warbixinnada xaaladaha shilalka; Awood u lahaanshaha in loo gudbo imtixaan aad u horumarsan si loo aqoonsado khaladaadka qoto dheer ee aan soo bixin kadib hubinta isbedelada koodka; abuurista warbixinnada caymiska si loo qiimeeyo caymiska koodka inta lagu jiro imtixaanka; qaab dhismeedka modular kaas oo kuu ogolaanaya inaad doorato shaqada loo baahan yahay.
Aan dib u xasuusanno in tijaabada jahawareerka ay ku lug leedahay abuurista dhammaan noocyada kala duwan ee isku darka xogta aan tooska ahayn ee xogta dhabta ah u dhow (tusaale, bogag html ah oo leh calaamado sumad random, kayd ama sawirro leh magacyo aan caadi ahayn, iwm.), iyo duubista suurtagalka ah fashilaad ku yimaada habsocodka habayntooda. Haddii isku xigxiga uu shil galo ama uusan ku habboonayn jawaabta la filayo, markaa habdhaqankan ayaa aad ugu dhow inuu muujiyo kutaan ama nuglaanta.
Source: opennet.ru