I'm happy to announce the release of a new open-source library we've been working on: Go library for structure-aware fuzzing, designed as an analogue to libprotobuf-mutator. Fuzz your gRPC APIs and integrate into SSDLC.
https://github.com/yandex-cloud/go-protobuf-mutator
#fuzzing #go #grpc #ssdlc
GitHub - yandex-cloud/go-protobuf-mutator: This is a go-protobuf-mutator library for random value mutations. This is a Go equivalent of libprotobuf-mutator, which is implemented in C++.
This is a go-protobuf-mutator library for random value mutations. This is a Go equivalent of libprotobuf-mutator, which is implemented in C++. - yandex-cloud/go-protobuf-mutator
Discovering 12 new integer truncation
#bugs (and generating PoC seeds) in LibTIFF, libpcap, nDPI, unbound, FreeImage with dynamic symbolic execution.
https://arxiv.org/abs/2312.06425
Numeric Truncation Security Predicate
Numeric truncation is a widely spread error in software written in languages with static data typing, such as C/C++ or Java. It occurs when the significant bits of the value with a bigger type size are truncated during value conversion to the smaller type. Utilizing one of the most powerful methods for path exploration and automated bug detection called dynamic symbolic execution (DSE), we propose the symbolic security predicate for numeric truncation error detection, developed on top of DSE tool Sydr. Firstly, we execute the program on the data, which does not lead to any errors. During program execution we update symbolic shadow stack and shadow registers to track symbolic sizes of the symbolic variables to avoid false positives. Then, if we meet the instruction, which truncates the symbolic variable, we build the security predicate, try to solve it with the SMT-solver and in case of success save new input file to reproduce the error. We tested our approach on Juliet Dynamic test suite for CWE-197 and achieved 100% accuracy. We approved the workability of our approach by detecting 12 new errors of numeric truncation in 5 different real-world open source projects within OSS-Sydr-Fuzz project. All of the errors were reported, most of the reports were equipped with appropriate fixes, successfully confirmed and applied by project maintainers.
casr/docs/usage.md at master · ispras/casr
Collect crash reports, triage, and estimate severity. - ispras/casr
casr/docs/usage.md at master · ispras/casr
Collect crash reports, triage, and estimate severity. - ispras/casr
casr-libfuzzer: triage crashes in C/C++/Go/Python code found by libFuzzer/Atheris/go-fuzz
casr-libfuzzer -o out -- /fuzz_target
https://github.com/ispras/casr
#casr #fuzzing #libfuzzer #atheris #go #python #cpp
GitHub - ispras/casr: Collect crash reports, triage, and estimate severity.
Collect crash reports, triage, and estimate severity. - GitHub - ispras/casr: Collect crash reports, triage, and estimate severity.
Andrey Fedotov
