FANDANGO, a new open-source fuzzing tool, uses an evolutionary algorithm to automatically generate myriads of high-quality test inputs that satisfy defined constraints. Advancing language-based testing by a decisive step, FANDANGO employs an iterative procedure that is modeled on biological evolution, yielding customized inputs that cover both semantics and syntax. Now available in its 1.0 release, FANDANGO has been developed by researchers at the CISPA Helmholtz Center for Information Security.
Over the past decade, fuzzers have become the most widely used tools to test software security and robustness. Generating random inputs and feeding them to an application, they help detect undesired program behavior such as bugs and vulnerabilities. With FANDANGO, CISPA-researchers José Antonio Zamudio Amaya and Professor Dr. Andreas Zeller have introduced a bio-inspired algorithm to software fuzzing. In an emulation of biological evolution, their algorithm performs a process of mutation and selection to produce inputs that closely correspond to the tester’s conditions.
Zamudio explains: “The evolutionary algorithm is pretty straightforward. We start with a population of inputs that come from the specifications of a program. And then we do two things: first, mutate those inputs to trigger different changes and second, cross these inputs, which means combining parts of two inputs to produce offspring. We repeat this process and with every iteration, we evaluate the quality of the inputs in terms of meeting the constraints imposed by the tester.” This process results in valid test inputs that are customized to specifically explore particular parts of the program that is being tested.
FANDANGO offers complete control over test inputs
While not the first fuzzing tool to automate test generation, FANDANGO is the first tool that gives software testers complete control over the characteristics of the inputs they generate. As Zeller explains: “In contrast to a normal fuzzer, Fandango produces inputs which are under the control of the tester, because we assume that the testers
a) know what a typical input looks like and
b) tend to have an idea where typical bugs might be.
They are the ones with the domain knowledge and we want them to be able to use that domain knowledge when testing a program.” FANDANGO test automation tool enables testers not only to specify the syntax of the input, i.e. the structure they want it to have, but also to define the semantics of the input, i.e. its meaning and specific properties.
To illustrate FANDANGO’s benefits for software testing, Zeller uses the example of an online shop for custom-made furniture, where customers are required to enter individual values for height, length and depth that taken together determine the size of a piece of furniture.
“In this case,” Zeller explains, “it would be interesting to see what the program does when I say, for instance, ‘this piece of furniture should have a length of less than zero or a seating surface of one square kilometer’. Using our evolutionary algorithm, FANDANGO could automatically compute values for all these individual fields – height, length, depth – that would precisely satisfy the condition of this immense surface of one square kilometer.”
Feedback invited: FANDANGO is available on GitHub
Leave a Reply