TY - GEN
T1 - WINGFUZZ
T2 - 2024 USENIX Annual Technical Conference, ATC 2024
AU - Liang, Jie
AU - Wu, Zhiyong
AU - Fu, Jingzhou
AU - Bai, Yiyuan
AU - Zhang, Qiang
AU - Jiang, Yu
N1 - Publisher Copyright:
© 2024 Proceedings of the 2024 USENIX Annual Technical Conference, ATC 2024. All rights reserved.
PY - 2024
Y1 - 2024
N2 - Database management systems (DBMSs) are critical components within software ecosystems, and their security and stability are paramount. In recent years, fuzzing has emerged as a prominent automated testing technique, effectively identifying vulnerabilities in various DBMSs. Nevertheless, many of these fuzzers require specific adaptation for a DBMS with a particular version. Employing these techniques to test enterprise-level DBMSs continuously poses challenges due to the diverse specifications of DBMSs and the code changes in their rapid version evolution. In this paper, we present the industry practice of implementing continuous DBMS fuzzing on enterprise-level DBMSs like ClickHouse. We summarize three main obstacles in implementing, namely the diverse SQL grammar in test case generation, the ongoing evolution of codebase in continuous testing, and the disturbance of noises during anomaly analysis. We propose WINGFUZZ, which utilizes specification-based mutator generation, corpus-driven evolving code fuzzing, and noise-resilient anomaly assessment to address them. By working with the engineers in continuous DBMS fuzzing, we have found a total of 236 previously undiscovered bugs in 12 widely-used enterprise-level DBMSs including ClickHouse, DamengDB, and TenDB. Due to its favorable test results, our efforts received recognition and cooperation invitations from some DBMS vendors. For example, ClickHouse’s CTO praised: “Which tool did you use to find this test case? We need to integrate it into our CI.” and WINGFUZZ has been successfully integrated into its development process.
AB - Database management systems (DBMSs) are critical components within software ecosystems, and their security and stability are paramount. In recent years, fuzzing has emerged as a prominent automated testing technique, effectively identifying vulnerabilities in various DBMSs. Nevertheless, many of these fuzzers require specific adaptation for a DBMS with a particular version. Employing these techniques to test enterprise-level DBMSs continuously poses challenges due to the diverse specifications of DBMSs and the code changes in their rapid version evolution. In this paper, we present the industry practice of implementing continuous DBMS fuzzing on enterprise-level DBMSs like ClickHouse. We summarize three main obstacles in implementing, namely the diverse SQL grammar in test case generation, the ongoing evolution of codebase in continuous testing, and the disturbance of noises during anomaly analysis. We propose WINGFUZZ, which utilizes specification-based mutator generation, corpus-driven evolving code fuzzing, and noise-resilient anomaly assessment to address them. By working with the engineers in continuous DBMS fuzzing, we have found a total of 236 previously undiscovered bugs in 12 widely-used enterprise-level DBMSs including ClickHouse, DamengDB, and TenDB. Due to its favorable test results, our efforts received recognition and cooperation invitations from some DBMS vendors. For example, ClickHouse’s CTO praised: “Which tool did you use to find this test case? We need to integrate it into our CI.” and WINGFUZZ has been successfully integrated into its development process.
UR - https://www.scopus.com/pages/publications/85201206685
M3 - 会议稿件
AN - SCOPUS:85201206685
T3 - Proceedings of the 2024 USENIX Annual Technical Conference, ATC 2024
SP - 479
EP - 492
BT - Proceedings of the 2024 USENIX Annual Technical Conference, ATC 2024
PB - USENIX Association
Y2 - 10 July 2024 through 12 July 2024
ER -