Isakhelo sovavanyo lwe-fuzz oluqhubekayo lwe-OSS-Fuzz ngoku sixhasa iiprojekthi ezibhalwe ngeLua, ukongeza kwiilwimi ezazixhaswa ngaphambili: i-C/C++, i-Go, i-Swift, i-Rust, i-Python, i-JavaScript, kunye ne-Java. Olu dibaniso lwenziwe kusetyenziswa iprojekthi ye-luzer, ephuhlisa izixhobo ezikhethekileyo zokuvavanya ikhowudi ye-Lua kunye nezandiso ze-Lua ezibhalwe nge-C/C++.
Le projekthi isebenzisa ilayibrari ye-libFuzzer kwaye ingasetyenziswa kunye ne-AddressSanitizer, i-MemorySanitizer, i-LeakSanitizer, i-ThreadSanitizer, kunye ne-Undefined Behavior Sanitizer, ezisebenzisa i-fuzzing ukuchonga ubuthathaka obuqhelekileyo obufana ne-buffer overflows, i-integer overflows, ukufikelela kwiindawo ezingaqalwanga nezikhululekileyo, ukuvuza kwememori, i-pointer dereferences, kunye nemiba yokutshixa. Ikhowudi yeprojekthi iyafumaneka phantsi kwelayisenisi ye-ISC.
Ngexesha lokusebenza kwayo, i-luzer iphinda-phinda ngokusebenzisa idatha yokufaka enokwenzeka kwaye ivelise ingxelo yazo zonke iintsilelo ezifunyenweyo kunye nee-exceptions ezingabanjwanga. Umzekelo, xa kuvavanywa i-antirez/lua-cmsgpack MsgPack parsing library kwi-luzer, kwafunyaniswa ukuba idatha enenani elikhulu lee-arrays inokukhokelela ekugcwaleni kwe-stack.
Iprojekthi ye-lunapark isebenzisa isixhobo se-luzer ukuvavanya i-PUC kaRio Lua, i-LuaJIT tracing compiler, i-DBMS esebenza kakuhle, kunye umncedisi Usetyenziso lweTarantool, kunye nokuvavanya iimodyuli zeLua zomntu wesithathu.
Abaphuhlisi bomthombo ovulekileyo banokongeza iindawo zabo zokugcina ulwazi ukuze bavavanywe ngokulungiselela itemplate yovavanyo lwe-fuzz kunye nokungenisa isicelo sokutsala. Xa kufunyenwe iimpazamo, abaphuhlisi baziswa ngokuzenzekelayo kwaye kwenziwa itikiti yokulungisa yabucala (ukuthintela ukudalulwa kobuthathaka kwangethuba, itikiti lenziwa kwinkqubo yokulandelela iimpazamo zokufikelela okulinganiselweyo). I-OSS Fuzz ijonga imeko yokulungisa iimpazamo kwaye ivala ngokuzenzekelayo itikiti ukuba ayisakwazi ukuphinda ivele. Ulwazi ngengxaki lufumaneka esidlangalaleni emva kweentsuku ezisixhenxe emva kokuba kukhutshwe ukulungiswa, okanye emva kweentsuku ezingama-90 emva kokuba kufunyenwe iimpazamo ukuba ingxaki ayikasonjululwa.
umthombo: opennet.ru
