Hi all, this is Adam from Ada Logics. I work on securing open source software, and with fuzzing having solved problems for IOT.js in the past, I have looked at setting up continuous fuzzing for IOT.js. I have managed to fuzz IOT.js through OSS-fuzz, and in this PR I add the fuzzer that enables that.
If there is interest to integrate with OSS-fuzz, I will upload my build files on the OSS-fuzz side. The build files take care of building IOT.js and this fuzzer with the necessary sanitizers. Once integrated, OSS-fuzz will run all of IOT.js's fuzzers continuously.
A few notes about this fuzzer:
The fuzzer targets a very specific state of IOT.js which previously has included bugs. It would be much more prefered pass on the entire test case to IOT.js and not wrap the test case in one[] and two[] as is done in this fuzzer. The problem with that, however, is that the fuzzer eventually will start generating javascript code that sends out random HTTP requests. Obviously we do not want that, so in case there are any suggestions from the maintainers' side to prevent such behaviour, please let me know, as it could improve the fuzzer drastically.
For those unaware: Fuzzing is a way of testing software whereby pseudo-random data is passed to a target application with the goal of finding bugs and vulnerabilities.
I would be interested in contributing further to fuzzing IOT.js, especially to solve the problem described above under "A few notes about this fuzzer".
Hi all, this is Adam from Ada Logics. I work on securing open source software, and with fuzzing having solved problems for IOT.js in the past, I have looked at setting up continuous fuzzing for IOT.js. I have managed to fuzz IOT.js through OSS-fuzz, and in this PR I add the fuzzer that enables that.
If there is interest to integrate with OSS-fuzz, I will upload my build files on the OSS-fuzz side. The build files take care of building IOT.js and this fuzzer with the necessary sanitizers. Once integrated, OSS-fuzz will run all of IOT.js's fuzzers continuously.
A few notes about this fuzzer: The fuzzer targets a very specific state of IOT.js which previously has included bugs. It would be much more prefered pass on the entire test case to IOT.js and not wrap the test case in
one[]andtwo[]as is done in this fuzzer. The problem with that, however, is that the fuzzer eventually will start generating javascript code that sends out random HTTP requests. Obviously we do not want that, so in case there are any suggestions from the maintainers' side to prevent such behaviour, please let me know, as it could improve the fuzzer drastically.For those unaware: Fuzzing is a way of testing software whereby pseudo-random data is passed to a target application with the goal of finding bugs and vulnerabilities.
I would be interested in contributing further to fuzzing IOT.js, especially to solve the problem described above under "A few notes about this fuzzer".