CISPA
Browse
- No file added yet -

CLIFuzzer: Mining Grammars for Command-Line Invocations

Download (568.67 kB)
conference contribution
posted on 2023-11-29, 18:25 authored by Abhilash Gupta, Rahul Gopinath, Andreas ZellerAndreas Zeller
The behavior of command-line utilities can be very much influenced by passing command-line options and arguments—configuration settings that enable, disable, or otherwise influence parts of the code to be executed. Hence, systematic testing of command-line utilities requires testing them with diverse configurations of supported command-line options. We introduce CLIFuzzer, a tool that takes an executable program and, using dynamic analysis to track input processing, automatically extract a full set of its options, arguments, and argument types. This set forms a grammar that represents the valid sequences of valid options and arguments. Producing invocations from this grammar, we can fuzz the program with an endless list of random configurations, covering the related code. This leads to increased coverage and new bugs over purely mutation based fuzzers.

History

Preferred Citation

Abhilash Gupta, Rahul Gopinath and Andreas Zeller. CLIFuzzer: Mining Grammars for Command-Line Invocations. In: European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE). 2022.

Primary Research Area

  • Empirical and Behavioral Security

Name of Conference

European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)

Legacy Posted Date

2022-11-15

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3874, title = "CLIFuzzer: Mining Grammars for Command-Line Invocations", author = "Gupta, Abhilash and Gopinath, Rahul and Zeller, Andreas", booktitle="{European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)}", year="2022", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC