Comprehensive Commits Security Testing with Enhanced Multi-target Directed Fuzzing
摘要
Securing software commits is critical because code changes often introduce vulnerabilities in both direct and dependent regions. Directed greybox fuzzers (DGF) aim to address this by targeting commit changes, but existing tools struggle with commit testing. They focus too much on hitting single target and ignore how changes affect other code. In multi-target scenarios, they lack the ability to trigger targets in the right order. Since data-suffix code execution depends on path-prefix code setup, skipping this order leads to flawed security checks, missed bugs, and wasted testing time. This weakness in handling sequential triggering seriously limits current DGF-based commit testing. This paper introduces CommitFuzz, a new DGF framework built for commit testing. CommitFuzz separates path-prefix (setup code) and data-suffix (impacted code) regions. It uses a multi-phase strategy: first, it prioritizes exploring path-prefix code to prepare the program state for testing data-suffix code. The framework combines dynamic target prioritization, adaptive explore-exploit transitions, and custom byte scheduling to boost testing efficiency and vulnerability detection. Evaluations demonstrate CommitFuzz achieves better code coverage and finds more bugs than several existing DGF tools, highlighting its effectiveness in addressing commit testing challenges.