Fuzzing is a widely used software security testing technique that is designed to identify vulnerabilities in systems by providing invalid or unexpected input. Continuous fuzzing systems like OSS-FUZZ have been successful in finding security bugs in many different software systems. The typical process of finding security bugs using fuzzing involves several steps: first, the "fuzz-worthy" functions that are likely to contain vulnerabilities must be identified; second, the setup requirements for the API must be understood before it can be called; third, a fuzzing harness must be written and bound to a coverage-guided fuzzer like LLVM's LibFuzzer; and finally, the security bugs discovered by the fuzzing harness must be triaged and checked for reproducibility. This project focuses on automating the first two steps in this process. In particular, we present an automated system that can generate fuzzing harnesses for library APIs and binary protocol parsers by analyzing unit tests. This allows for the scaling of the fuzzing infrastructure in proportion to the growth of the codebase, without the need for manual coding of harnesses. Additionally, we develop a metric to assess the "fuzz-worthiness" of an API, enabling us to prioritize the most promising targets for testing.

翻译：模糊测试是一种广泛使用的软件安全测试技术，旨在通过提供无效或意外输入来识别系统中的漏洞。像OSS-FUZZ这样的持续模糊测试系统已在众多软件系统中成功发现安全漏洞。利用模糊测试发现安全漏洞的典型流程包含以下几个步骤：首先，需识别出可能包含漏洞的“值得测试”的函数；其次，必须了解API的初始化配置要求，以便能够对其进行调用；第三，需编写模糊测试工具并将其绑定到像LLVM的LibFuzzer这样的覆盖引导型模糊器上；最后，须对模糊测试工具发现的安全漏洞进行分类整理并检查其可复现性。本项目聚焦于自动化该流程中的前两个步骤。具体而言，我们提出了一种自动化系统，能够通过分析单元测试，为库API和二进制协议解析器生成模糊测试工具。这使模糊测试基础设施的扩展能与代码库的增长保持同步，而无需手动编写测试工具。此外，我们开发了一项评估API“测试价值”的度量标准，从而能够优先测试最具潜力的目标。