Fuzzing data optimisation

[denis-fokin]

There are some hints that can help us with finding better values for fuzzing.

Regular expressions

Multiple solutions exist to generate strings from regular expressions.

For instance,

• https://code.google.com/archive/p/xeger/
• https://github.com/mifmif/Generex
• https://github.com/curious-odd-man/RgxGen

If we find a regular expression check somewhere on the execution path, we can generate a number of random values that matches the regular expression. The results could be used for fuzzing.

DSL

Similar approach can be applied to different DSLs. For instance, we can find some piece of HTML. We can modify the HTML string and try to change the HTML content without breaking its validity.

API

ML could give us a helping hand. We can ask for a common data that typically used for particular API. This way will get proper pieces of text for API that expects JSON, HTML or other input. The input can be modified randomly for better fuzzing results.
Alternatively, can build a dataset for most common APIs like ktor, Jackson and so on.

[amandelpie]

ML or not ML is a good questions, but collect and analyze typical mocks/junit tests as a dataset will be useful

[korifey]

In fact we already had such kind of functionality in the past (seems it was deleted). I fully support to fuzz regular expressions this way.

[alisevych]

If it's possible to detect the generic type of a Collection, it would be good to add a test with some meaningful (prepared?) values in it - starting from String, Integer.