Authors:
Bruno Gonçalves de Oliveira
1
;
Andre Endo
2
and
Silvia Vergilio
1
Affiliations:
1
Department of Computer Science, Federal University of Paraná, Curitiba, PR, Brazil
;
2
Computing Department, Federal University of São Carlos, São Carlos, SP, Brazil
Keyword(s):
Fuzzing, JavaScript Engine, Security, Vulnerabilities, Exploits.
Abstract:
JavaScript is a programming language commonly used to add interactivity and dynamic functionality to websites. It is a high-level, dynamically-typed language, well-suited for building complex, client-side applications and supporting server-side development. JavaScript engines are responsible for executing JavaScript code and are a significant target for attackers who want to exploit vulnerabilities in web applications. A popular approach adopted to discover vulnerabilities in JavaScript is fuzzing, which involves generating and executing large volumes of tests in an automated manner. Most fuzzing tools are guided by code coverage but they usually treat the code parts equally, without prioritizing any code area. In this work, we propose a novel fuzzing approach, namely JSTargetFuzzer, designed to assess JavaScript engines by targeting specific source code files. It leverages historical information from past security-related commits to guide the input generation in the fuzzing process,
focusing on code areas more prone to security issues. Our results provide evidence that JSTargetFuzzer hits these specific areas from 3.61% to 16.17% more than a state-of-the-art fuzzer, and covers from 1.46% to 15.09% more branches. By the end, JSTargetFuzzer also uncovered one vulnerability not found by the baseline approach within the same time frame.
(More)