CLIFuzzer: Mining Grammars for Command-Line Invocations

Gupta, Abhilash and Gopinath, Rahul and Zeller, Andreas
(2022) CLIFuzzer: Mining Grammars for Command-Line Invocations.
In: ESEC/FSE 2022, Singapore.
Conference: ESEC/FSE European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (formerly listed as ESEC)

[img] Text
CLIFuzzer.pdf
Download (582kB)

Abstract

The behavior of command-line utilities can be very much influenced by passing command-line options and arguments—configuration settings that enable, disable, or otherwise influence parts of the code to be executed. Hence, systematic testing of command-line utilities requires testing them with diverse configurations of supported command-line options. We introduce CLIFuzzer, a tool that takes an executable program and, using dynamic analysis to track input processing, automatically extract a full set of its options, arguments, and argument types. This set forms a grammar that represents the valid sequences of valid options and arguments. Producing invocations from this grammar, we can fuzz the program with an endless list of random configurations, covering the related code. This leads to increased coverage and new bugs over purely mutation based fuzzers.

Item Type: Conference or Workshop Item (A Paper) (Paper)
Divisions: Andreas Zeller (Software Engineering, ST)
Conference: ESEC/FSE European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (formerly listed as ESEC)
Depositing User: Andreas Zeller
Date Deposited: 15 Nov 2022 03:41
Last Modified: 15 Nov 2022 03:41
Primary Research Area: NRA4: Secure Mobile and Autonomous Systems
URI: https://publications.cispa.saarland/id/eprint/3874

Actions

Actions (login required)

View Item View Item
CISPA is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.