GithubHelp home page GithubHelp logo

ispras / oss-sydr-fuzz Goto Github PK

View Code? Open in Web Editor NEW
127.0 9.0 32.0 12.03 MB

OSS-Sydr-Fuzz - OSS-Fuzz fork for hybrid fuzzing (fuzzer+DSE) open source software.

Home Page: https://sydr-fuzz.github.io

License: Apache License 2.0

Dockerfile 9.07% Shell 20.75% C 50.58% Makefile 0.33% C++ 12.65% Rust 1.88% Meson 0.12% Python 3.04% Go 0.27% Java 0.67% JavaScript 0.32% C# 0.30%
security fuzzing fuzz-testing vulnerabilities stability oss-fuzz dse symbolic-execution symbolic sydr

oss-sydr-fuzz's Introduction

OSS-Sydr-Fuzz: Hybrid Fuzzing for Open Source Software

This repository is a fork of OSS-Fuzz project. OSS-Sydr-Fuzz contains open source software targets for sydr-fuzz that combines fuzzing (libFuzzer, AFL++) with the power of dynamic symbolic execution (Sydr).

Project Structure

Each open source target project provides:

  • Fuzz target for libFuzzer
  • Fuzz target for AFL++
  • Fuzz target for Sydr
  • Target built with llvm-cov
  • Build script
  • Dictionary
  • Initial seed corpus
  • Dockerfile that installs dependencies, builds targets, creates initial corpus, etc.
  • Hybrid fuzzing configuration file for sydr-fuzz
  • Instructions to start hybrid fuzzing

NOTE: Some listed above files may not be present or can be gathered from external repositories.

Supported Open Source Projects

Supported projects are located here. In addition to C/C++ projects Sydr-Fuzz currently supports:

  • Rust: capstone-rs, image-rs, goblin, libhtp-rs, vector-rs, rust-regex, serde-json, gdb-command;
  • Go: image-go;
  • Python: crunch, h5py, msgspec, pillow, pytorch-py, ruamel-yaml, tensorflow-py, ultrajson, langchain;
  • Java: hsqldb, json-sanitizer;
  • JavaScript: fast-xml-parser, node-xml2js;
  • С#: yamldotnet, cppsharp.

Contributing

Feel free to support new fuzz targets. The workflow is following:

  1. Compose targets for libFuzzer and Sydr.
  2. Prepare build script.
  3. Build Dockerfile with all targets.
  4. Provide sydr-fuzz configuration files.
  5. Write README with commands to run fuzzing.

Trophies

The list of discovered bugs can be found here.

Cite Us

Sydr-Fuzz: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle [paper] [demo] [slides]

Vishnyakov A., Kuts D., Logunova V., Parygina D., Kobrin E., Savidov G., Fedotov A. Sydr-Fuzz: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle. 2022 Ivannikov ISPRAS Open Conference (ISPRAS), IEEE, 2022, pp. 111-123. DOI: 10.1109/ISPRAS57371.2022.10076861

@inproceedings{vishnyakov22-sydr-fuzz,
  title = {{{Sydr-Fuzz}}: Continuous Hybrid Fuzzing and Dynamic Analysis for
           Security Development Lifecycle},
  author = {Vishnyakov, Alexey and Kuts, Daniil and Logunova, Vlada and
            Parygina, Darya and Kobrin, Eli and Savidov, Georgy and Fedotov,
            Andrey},
  booktitle = {2022 Ivannikov ISPRAS Open Conference (ISPRAS)},
  pages = {111--123},
  year = {2022},
  publisher = {IEEE},
  doi = {10.1109/ISPRAS57371.2022.10076861},
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.