QuickFuzz: an automatic random fuzzer for common file formats
| Autor: | Martín Ceresa, Gustavo Grieco, Pablo Buiras |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
Point (typography)
Programming language Computer science 020207 software engineering 02 engineering and technology Fuzz testing File format computer.software_genre Set (abstract data type) 020204 information systems 0202 electrical engineering electronic engineering information engineering Haskell computer Implementation Codebase computer.programming_language |
| Zdroj: | Haskell |
| DOI: | 10.1145/2976002.2976017 |
| Popis: | Fuzzing is a technique that involves testing programs using invalid or erroneous inputs. Most fuzzers require a set of valid inputs as a starting point, in which mutations are then introduced. QuickFuzz is a fuzzer that leverages QuickCheck-style random test-case generationto automatically test programs that manipulate common file formats by fuzzing. We rely on existing Haskell implementations of file-format-handling libraries found on Hackage, the community-driven Haskell code repository. We have tried QuickFuzz in the wild and found that the approach is effective in discovering vulnerabilities in real-world implementations of browsers, image processing utilities and file compressors among others. In addition, we introduce a mechanism to automatically derive random generators for the types representing these formats. QuickFuzz handles most well-known image and media formats, and can be used to test programs and libraries written in any language. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|