Publication
Information & Contributors Bibliometrics & Citations
References59
Share
Abstract Scripting languages such as Python and JavaScript have revolutionized modern software development thanks to their flexibility and rich functionalities. However, scripting languages provide a large attack surface, allowing adversaries to exploit bugs in the execution engines to perform sandbox escapes or execute arbitrary code. While fuzzing successfully revealed vulnerabilities in execution engines, current techniques still face scalability and semantic correctness challenges. Specifically, existing approaches fail to scale to multiple scripting languages and often lack semantic correctness. Reflecta, our novel scripting language fuzzer, relies solely on a common introspection feature in programming languages, namely reflection, enabling a generic fuzzer design across different scripting languages. With reflection, Reflecta gains the capabilities to explore the rich set of language features dynamically, significantly reducing manual efforts. Reflecta thus manages to generate language-feature-rich programs and perform type-aware mutation, producing programs with high semantic correctness. We implemented Reflecta to fuzz six execution engines for four prevalent scripting languages, Python, JavaScript, Ruby, and PHP. Reflecta achieves 1.74 x 3.35x improvement in semantic correctness and 1.63 x 2.21x improvement in code coverage compared to state-of-the-art language-general fuzzers and favorably compares to manually-augmented language-specific fuzzers without any prior semantic information. Moreover, Reflecta has discovered 25 unknown bugs confirmed by the developers of PHP, MRuby, and MicroPython, 16 of which have already been fixed.