Method for Mutation of Complexly Structured Input Data during Fuzzing of JavaScript Engines

Fuzzing of JavaScript engines is one of the most difficult areas in web-browser testing due to the complexity of input data generating. JavaScript engines process JavaScript code on a web page and require constant support for new language standards and increasing complexity in their architecture. The most common fuzzers today are not able to effectively mutate complexly structured input data during fuzzing. Generating JavaScript code from scratch does not allow encapsulating the necessary semantics, and current mutators quickly destroy the syntax and semantics of the input data language. This article presents a new mutation strategy that preserves the syntax and semantics of the input data by modifying the AST of JavaScript code fragments. This method allows you to efficiently generate diverse and correct input data, which can lead to the identification of errors and vulnerabilities in JavaScript engines. This method can be used to improve the security of web browsers and ensure reliable interpretation of JavaScript code.

1. Козачок, А. В., Козачок, В. И., Осипова, Н. С., Пономарев, Д. В. Обзор исследований по применению методов машинного обучения для повышения эффективности фаззинг-тестирования // Вестник ВГУ. Серия: Системный анализ и информационные технологии, 2021 (4), C. 83-106,

2. DOI: 10.17308/sait.2021.4/3800.

3. Groß S. FuzzIL: Coverage guided fuzzing for javascript engines // Department of Informatics, Karlsruhe Institute of Technology, 2018.

4. H. Han, D. Oh, and S. K. Cha. Codealchemist: Semantics-aware code generation to find vulnerabilities in javascript engines. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb. 2019

5. Christian Holler, Kim Herzig, and Andreas Zeller. 2012. Fuzzing with code fragments. In Proceedings of the 21st USENIX Security Symposium (USENIX Security). 445–458. https://doi.org/10.5555/2362793.2362831.

6. Wang J, Chen B, Wei L, Liu Y. Skyfire: Data-Driven Seed Generation for Fuzzing. In: 2017 IEEE Symposium on Security and Privacy (SP). IEEE; 2017 – с. 579–94. DOI: 10.1109/SP.2017.23.

7. Aschermann C. et al. NAUTILUS: Fishing for Deep Bugs with Grammars //NDSS. – 2019,

8. DOI: 10.14722/ndss.2019.23xxx.

9. Junjie Wang, Bihuan Chen, Lei Wei, and Yang Liu. 2019. Superion: grammar-aware greybox fuzzing. In Proceedings of the 41st International Conference on Software Engineering (ICSE). 724–735.

10. https: //doi.org/10.1109/ICSE.2019.00081.

11. Fioraldi A. et al. AFL++ combining incremental steps of fuzzing research //Proceedings of the 14th USENIX Conference on Offensive Technologies. – 2020. – p. 10.

12. Козачок А. В., Николаев Д. А., Ерохина Н. С. ПОДХОДЫ К ОЦЕНКЕ ПОВЕРХНОСТИ АТАКИ И ФАЗЗИНГУ ВЕБ-БРАУЗЕРОВ //Вопросы кибербезопасности. – 2022. – №. 3 (49). – С. 32-43,

13. DOI: 10.21681/2311-3456-2022-3-32-43.

14. Lee S. et al. Montage: A neural network language model-guided javascript engine fuzzer //Proceedings of the 29th USENIX Conference on Security Symposium. – 2020. – С. 2613-2630, DOI: 10.48550/arXiv.2001.04107.

15. Gopinath R., Görz P., Groce A. Mutation analysis: Answering the fuzzing challenge //arXiv preprint arXiv:2201.11303. – 2022, DOI: 10.48550/arXiv.2201.11303.

16. Старцев Е. В. Разработка алгоритмов и моделирование динамической типизации в программах для технических систем: дис. – URL: http://www.csu.ru/scientific-departments/PublishingImages/D21229602/startsev_ev/Диссертация (Старцев ЕВ).pdf – С. 73-86, 2015.