Google’s open resource fuzz-screening support, OSS-Fuzz, now supports programs penned in Java and JVM-based languages. The capacity was declared on March ten.
OSS-Fuzz offers ongoing fuzzing for open resource computer software. A strategy for getting programming glitches and protection vulnerabilities in computer software, fuzzing will involve sending a stream of semi-random and invalid input to a method. Fuzzing code penned in memory-safe and sound languages these types of as JVM languages can obtain bugs that result in systems to crash or behave incorrectly.
Google enabled fuzzing for Java and the JVM by integrating OSS-Fuzz with the Jazzer fuzzer from Code Intelligence. Jazzer allows consumers to fuzz code penned in JVM-based languages by means of the LLVM project’s libFuzzer, an in-course of action, coverage-guided fuzzing engine, very similar to how this has been performed for C/C++ code. Languages supported by Jazzer consist of Java, Clojure, Kotlin, and Scala. Code coverage comments is offered from JVM bytecode to libFuzzer, with Jazzer supporting libFuzzer features like:
- FuzzedDataProvider, for fuzzing code that does not acknowledge an array of bytes.
- Analysis of code coverage based on 8-bit edge counters.
- Minimization of crashing inputs.
- Price profiles.
Google has offered documentation on including open resource assignments penned in JVM languages to OSS-Fuzz. Plans get in touch with for Jazzer to help all lIbFuzzer features finally. Jazzer also can present coverage comments from native code executed by way of the Java Native Interface. This can uncover memory corruption vulnerabilities in memory-unsafe native code. OSS-Fuzz also lists languages these types of as Go, Python, C/C++, and Rust as supported languages.
Copyright © 2021 IDG Communications, Inc.