CLIFuzzer: Mining Grammars for Command-Line Invocations

被引：1

作者：

Gupta, Abhilash ^{[1
]}

Gopinath, Rahul ^{[1
]}

Zeller, Andreas ^{[1
]}

机构：

[1] CISPA Helmholtz Ctr Informat Secur, Saarbrucken, Saarland, Germany

来源：

PROCEEDINGS OF THE 30TH ACM JOINT MEETING EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, ESEC/FSE 2022 | 2022年

关键词：

fuzzing; CLI Options; command-line; utilities;

D O I：

10.1145/3540250.3558918

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

The behavior of command-line utilities can be very much influenced by passing command-line options and arguments-configuration settings that enable, disable, or otherwise influence parts of the code to be executed. Hence, systematic testing of command-line utilities requires testing them with diverse configurations of supported command-line options. We introduce CLIFuzzer, a tool that takes an executable program and, using dynamic analysis to track input processing, automatically extract a full set of its options, arguments, and argument types. This set forms a grammar that represents the valid sequences of valid options and arguments. Producing invocations from this grammar, we can fuzz the program with an endless list of random configurations, covering the related code. This leads to increased coverage and new bugs over purely mutation based fuzzers.

引用

页码：1667 / 1671

页数：5

共 50 条

[31] glactools: a command-line toolset for the management of genotype likelihoods and allele counts
Renaud, Gabriel
BIOINFORMATICS, 2018, 34 (08) : 1398 - 1400
[32] Enhancement of the Command-Line Environment for use in the Introductory Statistics Course and Beyond
Gerbing, David W.
JOURNAL OF STATISTICS AND DATA SCIENCE EDUCATION, 2021, 29 (03): : 251 - 266
[33] BuddySuite: Command-Line Toolkits for Manipulating Sequences, Alignments, and Phylogenetic Trees
Bond, Stephen R.
Keat, Karl E.
Barreira, Sofia N.
Baxevanis, Andreas D.
MOLECULAR BIOLOGY AND EVOLUTION, 2017, 34 (06) : 1543 - 1546
[34] Command-line Cross-matching Tool for Modern Astrophysical Pipelines
Riccio, Giuseppe
Brescia, Massimo
Cavuoti, Stefano
Mercurio, Amata
Di Giorgio, Anna Maria
Molinari, Sergio
ASTRONOMICAL DATA ANALYSIS SOFTWARE AND SYSTEMS XXVI, 2019, 521 : 390 - 393
[35] Boutiques: a flexible framework to integrate command-line applications in computing platforms
Glatard, Tristan
Kiar, Gregory
Aumentado-Armstrong, Tristan
Beck, Natacha
Bellec, Pierre
Bernard, Remi
Bonnet, Axel
Brown, Shawn T.
Camarasu-Pop, Sorina
Cervenansky, Frederic
Das, Samir
da Silva, Rafael Ferreira
Flandin, Guillaume
Girard, Pascal
Gorgolewski, Krzysztof J.
Guttmann, Charles R. G.
Hayot-Sasson, Valerie
Quirion, Pierre-Olivier
Rioux, Pierre
Rousseau, Marc-Etienne
Evans, Alan C.
GIGASCIENCE, 2018, 7 (05):
[36] GDBTk - Integrating Tcl/Tk into a recalcitrant command-line application.
Ingham, J
USENIX ASSOCIATION PROCEEDINGS OF THE 7TH USENIX TCL/TK CONFERENCE (TCL/2K), 2000, : 43 - 51
[37] Bionitio: demonstrating and facilitating best practices for bioinformatics command-line software
Georgeson, Peter
Syme, Anna
Sloggett, Clare
Chung, Jessica
Dashnow, Harriet
Milton, Michael
Lonsdale, Andrew
Powell, David
Seemann, Torsten
Pope, Bernard
GIGASCIENCE, 2019, 8 (09):
[38] jCompoundMapper: An open source Java library and command-line tool for chemical fingerprints
Georg Hinselmann
Lars Rosenbaum
Andreas Jahn
Nikolas Fechner
Andreas Zell
Journal of Cheminformatics, 3
[39] CompàreGenome: a command-line tool for genomic diversity estimation in prokaryotes and eukaryotes
Moro, Gabriele
Atzeni, Rossano
Al-Subhi, Ali
Marche, Maria Giovanna
BMC BIOINFORMATICS, 2025, 26 (01):
[40] Bespoke: Interactively Synthesizing Custom GUIs from Command-Line Applications By Demonstration
Vaithilingam, Priyan
Guo, Philip J.
PROCEEDINGS OF THE 32ND ANNUAL ACM SYMPOSIUM ON USER INTERFACE SOFTWARE AND TECHNOLOGY (UIST 2019), 2019, : 563 - 576

← 1 2 3 4 5 →