UGoogle wazise iprojekthi ye-ClusterFuzzLite, evumela ukuququnjelwa kovavanyo lwekhowudi ukuze kubonwe kwangethuba ubuthathaka obunokwenzeka ngexesha lokusebenza kweenkqubo eziqhubekayo zokudityaniswa. Okwangoku, i-ClusterFuzz ingasetyenziselwa ukuzenzekelayo uvavanyo lwe-fuzz lwezicelo zokutsalwa kwi-GitHub Actions, i-Google Cloud Build, kunye ne-Prow, kodwa inkxaso yezinye iinkqubo ze-CI zilindeleke kwixesha elizayo. Le projekthi isekelwe kwiqonga le-ClusterFuzz, elenzelwe ukulungelelanisa umsebenzi wamaqela ovavanyo oluxubileyo, kwaye isasazwe phantsi kwelayisensi ye-Apache 2.0.
Kuphawulwe ukuba emva kokuba iGoogle ingenise inkonzo ye-OSS-Fuzz kwi-2016, ngaphezu kweeprojekthi ze-500 ezibalulekileyo zomthombo ovulekileyo zamkelwe kwinkqubo yokuvavanya i-fuzzing eqhubekayo. Ngokusekelwe kwiimvavanyo ezenziweyo, ngaphezu kwe-6500 eqinisekisiweyo yobuthathaka yapheliswa kwaye ngaphezu kwe-21 yeempazamo zamawaka zalungiswa. I-ClusterFuzzLite iyaqhubeka nokuphuhlisa iindlela zokuvavanya ezintsonkothileyo ngokukwazi ukuchonga iingxaki kwangethuba kwinqanaba lophononongo lotshintsho olucetywayo. I-ClusterFuzzLite sele iphunyeziwe kwiinkqubo zokuphonononga utshintsho kwiiprojekthi ze-systemd kunye ne-curl, kwaye yenze ukuba kube lula ukuchonga iimpazamo eziphoswe ngabahlalutyi be-static kunye ne-linters ezisetyenziswe kwinqanaba lokuqala lokujonga ikhowudi entsha.
I-ClusterFuzzLite ixhasa ukuphononongwa kweprojekthi kwiC, C ++, Java (kunye nezinye iilwimi ezisekwe kwiJVM), iGo, iPython, iRust, kunye neSwift. Uvavanyo lwe-fuzzing lwenziwa kusetyenziswa injini ye-LibFuzzer. I-AddressSanitizer, MemorySanitizer, kunye ne-UBSan (UndefinedBehaviorSanitizer) izixhobo nazo zinokubizwa ukuchonga iimpazamo zememori kunye nezinto ezingaqhelekanga.
Iimpawu eziphambili zeClusterFuzzLite: ukujonga ngokukhawuleza utshintsho olucetywayo lokufumana iimpazamo ngaphambi kokwamkelwa kwekhowudi; ukukhuphela iingxelo kwiimeko zokuntlitheka; ukukwazi ukuqhubela phambili kuvavanyo oluphezulu lwe-fuzzing ukuchonga iimpazamo ezinzulu ezingazange zivele emva kokujonga utshintsho lwekhowudi; ukuveliswa kweengxelo zokugubungela ukuvavanya ukugubungela ikhowudi ngexesha lovavanyo; uyilo lwemodyuli olukuvumela ukuba ukhethe umsebenzi ofunekayo.
Masikhumbule ukuba uvavanyo oluntsonkothileyo lubandakanya ukuvelisa umjelo wazo zonke iintlobo zendibaniselwano engacwangciswanga yokufaka idatha ekufutshane nedatha yokwenyani (umzekelo, amaphepha e-html aneeparamitha zethegi engaqhelekanga, ugcino okanye imifanekiso enezihloko ezingaqhelekanga, njl. njl.), kunye nokurekhoda kunokwenzeka ukusilela kwinkqubo yokuqhubekeka kwabo. Ukuba ulandelelwano luyangqubeka okanye aluhambelani nempendulo elindelekileyo, ngoko ke le ndlela yokuziphatha ibonakala ibonakalisa impazamo okanye ubuthathaka.
umthombo: opennet.ru