Securing software commits is critical because code changes often introduce vulnerabilities in both direct and dependent regions. Directed greybox fuzzers (DGF) aim to address this by targeting commit changes, but existing tools struggle with commit testing. They focus too much on hitting single target and ignore how changes affect other code. In multi-target scenarios, they lack the ability to trigger targets in the right order. Since data-suffix code execution depends on path-prefix code setup, skipping this order leads to flawed security checks, missed bugs, and wasted testing time. This weakness in handling sequential triggering seriously limits current DGF-based commit testing. This paper introduces CommitFuzz, a new DGF framework built for commit testing. CommitFuzz separates path-prefix (setup code) and data-suffix (impacted code) regions. It uses a multi-phase strategy: first, it prioritizes exploring path-prefix code to prepare the program state for testing data-suffix code. The framework combines dynamic target prioritization, adaptive explore-exploit transitions, and custom byte scheduling to boost testing efficiency and vulnerability detection. Evaluations demonstrate CommitFuzz achieves better code coverage and finds more bugs than several existing DGF tools, highlighting its effectiveness in addressing commit testing challenges.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Comprehensive Commits Security Testing with Enhanced Multi-target Directed Fuzzing

  • Xiaolei Wang,
  • Chao Feng,
  • Ruilin Li

摘要

Securing software commits is critical because code changes often introduce vulnerabilities in both direct and dependent regions. Directed greybox fuzzers (DGF) aim to address this by targeting commit changes, but existing tools struggle with commit testing. They focus too much on hitting single target and ignore how changes affect other code. In multi-target scenarios, they lack the ability to trigger targets in the right order. Since data-suffix code execution depends on path-prefix code setup, skipping this order leads to flawed security checks, missed bugs, and wasted testing time. This weakness in handling sequential triggering seriously limits current DGF-based commit testing. This paper introduces CommitFuzz, a new DGF framework built for commit testing. CommitFuzz separates path-prefix (setup code) and data-suffix (impacted code) regions. It uses a multi-phase strategy: first, it prioritizes exploring path-prefix code to prepare the program state for testing data-suffix code. The framework combines dynamic target prioritization, adaptive explore-exploit transitions, and custom byte scheduling to boost testing efficiency and vulnerability detection. Evaluations demonstrate CommitFuzz achieves better code coverage and finds more bugs than several existing DGF tools, highlighting its effectiveness in addressing commit testing challenges.