While the open-source fuzz-testing service, OSS-Fuzz, now supports applications that are written in Java and other JVM-based languages, such as Kotlin and Scala; also, other programming languages supported by LLVM may equally work and OSS-Fuzz supports the fuzzing of x86_64 and i386 builds.
Furthermore, Google's Open Source Security team have partnered with Code Intelligence to integrate their Jazzer fuzzer into OSS-Fuzz, which integration, means that open source projects written in JVM-based languages can use OSS-Fuzz for continuous fuzzing.
What Jazzer integration with OSS-Fuzz brings to the table?
With the integration of Jazzer, developers will be able to fuzz code written in JVM-based languages with libFuzzer given that they already can for those written in C/C++; and this is possible through the providing of code coverage feedback from JVM bytecode to libFuzzer.
Other ways Jazzer supports important libFuzzer features are as follows:
- Minimizing of crash inputs
- Evaluation of code coverage based on 8-bit edge counters
- FuzzedDataProvider for fuzzing code without an array of bytes
- Value profile
And Jazzer will be able to support all libFuzzer features eventually, it currently offer coverage feedback from native code executed through JNI, which can uncover memory corruption vulnerabilities in memory-unsafe native code.
How to fuzz memory safe code
In fuzzing memory safe code, developers can use same classic approach for fuzzing memory unsafe code, namely: passing mutated input to code and wait for the crashes. Or perhaps, take a more unit test like approach whereby your fuzzer verifies that the code behaves correctly.
Alternatively, as fuzzing can find interesting bugs through differential fuzzing, therefore differential fuzzing, can allow your fuzzer pass mutated input from the fuzzer to multiple library implementations which should have the same capabilities.
No comments