This paper presents a novel fuzzing framework, called MicroFuzz, specifically designed for Microservices. Mocking-Assisted Seed Execution, Distributed Tracing, Seed Refresh and Pipeline Parallelism approaches are adopted to address the environmental complexities and dynamics of Microservices and improve the efficiency of fuzzing. MicroFuzz has been successfully implemented and deployed in Ant Group, a prominent FinTech company. Its performance has been evaluated in three distinct industrial scenarios: normalized fuzzing, iteration testing, and taint verification.Throughout five months of operation, MicroFuzz has diligently analyzed a substantial codebase, consisting of 261 Apps with over 74.6 million lines of code (LOC). The framework's effectiveness is evident in its detection of 5,718 potential quality or security risks, with 1,764 of them confirmed and fixed as actual security threats by software specialists. Moreover, MicroFuzz significantly increased program coverage by 12.24% and detected program behavior by 38.42% in the iteration testing.

翻译：本文提出了一种名为MicroFuzz的新型模糊测试框架，该框架专为微服务设计。为应对微服务环境的复杂性与动态性并提升模糊测试效率，我们采用了模拟辅助种子执行、分布式追踪、种子刷新及流水线并行等方法。MicroFuzz已在知名金融科技公司蚂蚁集团成功部署实施。其性能在三个不同工业场景中进行了评估：标准化模糊测试、迭代测试及污点验证。经过五个月运行，MicroFuzz严谨分析了包含261个应用程序、超过7460万行代码的庞大代码库。该框架的有效性体现在其检测出5718个潜在质量或安全风险，其中1764个被软件专家确认为真实安全威胁并已修复。此外，在迭代测试中，MicroFuzz将程序覆盖率提升了12.24%，程序行为检测率提升了38.42%。