Abstract
The prevalence of the JavaScript programming language makes the correctness and security of its execution environments highly important. The most exposed and vulnerable parts of these environments are the APIs published to the executed untrusted JavaScript programs. This paper revisits the fuzzing technique that generates JavaScript environment API calls using random walks on so-called prototype graphs to uncover potentially security-related failures. We show the limits of generating independent call expressions, the approach of prior work, and give an extension to enable the generation of interdependent API calls that re-use each other’s results. We demonstrate with an experiment that this enhancement allows our approach to exercise JavaScript environment APIs in ways that were not possible with the previous approach, and that it can also trigger more issues in a real target.
Cite
CITATION STYLE
Hodován, R., Vince, D., & Kiss, Á. (2019). Fuzzing JavaScript Environment APIs with Interdependent Function Calls. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11918 LNCS, pp. 212–226). Springer. https://doi.org/10.1007/978-3-030-34968-4_12
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
