Abstract
As MongoDB becomes more feature-rich and complex with time, the need to develop more sophisticated methods for finding bugs grows as well. Three years ago, MongDB added a home-grown JavaScript fuzzer to its toolkit, and it is now our most prolific bug-finding tool, responsible for detecting almost 200 bugs over the course of two release cycles. These bugs span a range of MongoDB components from sharding to the storage engine, with symptoms ranging from deadlocks to data inconsistency. The fuzzer runs as part of the CI (continuous integration) system, where it frequently catches bugs in newly committed code.
- Acorn; https://github.com/ternjs/acorn.Google Scholar
- Chacon, S., Straub, B.. Git-bisect; https://git-scm.com/book/en/v2.Google Scholar
- Clang 3.8 Documentation. Using Clang as a compiler; http://releases.llvm.org/3.8.0/tools/clang/docs/index.html#using-clang-as-a-compiler.Google Scholar
- Clang 3.8 Documentation. AddressSanitizer; http://releases.llvm.org/3.8.0/tools/clang/docs/AddressSanitizer.html.Google Scholar
- Clang 3.8 Documentation. UndefinedBehaviorSanitizer; http://releases.llvm.org/3.8.0/tools/clang/docs/UndefinedBehaviorSanitizer.html.Google Scholar
- Cursor.explain(). MongoDB Documentation; https://docs.mongodb.com/manual/reference/method/cursor.explain/.Google Scholar
- Déjà vu Security. 2014. Generation fuzzing. Peach Fuzzer; http://community.peachfuzzer.com/GenerationMutationFuzzing.html.Google Scholar
- Erf, K. 2016. Evergreen continuous integration: why we reinvented the wheel. MongoDB Engineering Journal; https://engineering.mongodb.com/post/evergreen-continuous-integration-why-we-reinvented-the-wheel/.Google Scholar
- GitHub. MongoDB; https://github.com/mongodb/mongo/blob/f5c9d27ca6f0f4e1e2673c64b84b628ac29493ec/src/mongo/db/repl/sync_tail.cpp#L1042.Google Scholar
- Godefroid, P., Levin, M. Y., Molnar, D. 2012. SAGE: whitebox fuzzing for security testing. Communications of the ACM 55(3): 40-44; http://courses.cs.washington.edu/courses/cse484/14au/reading/sage-cacm-2012.pdf. Google ScholarDigital Library
- Guo, R. 2016. Mongos segfault when invoking .explain() on certain operations. MongoDB; https://jira.mongodb.org/browse/SERVER-22767.Google Scholar
- Guo, R. 2016. $push to a large array fasserts on secondaries. MongoDB; https://jira.mongodb.org/browse/SERVER-22635.Google Scholar
- Kamsky, A. 2016. Update considers a change in numerical type to be a noop. MongoDB; https://jira.mongodb.org/browse/SERVER-16801.Google Scholar
- McCloskey, B., et al. 2015. Parser API. Mozilla Developer Network; https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/Parser_API#Expressions.Google Scholar
- Nossum, V., Casasnovas, Q. 2016. Filesystem fuzzing with American Fuzzy Lop. Oracle Linux and VM Development--Ksplice Team; https://events.linuxfoundation.org/sites/events/files/slides/AFL filesystem fuzzing, Vault 2016_0.pdf.Google Scholar
- Ruderman, J. 2007. Introducing jsfunfuzz. Indistinguishable from Jesse; https://www.squarefree.com/2007/08/02/introducing-jsfunfuzz/.Google Scholar
- Siu, I. 2016. Explain("executionStats") can attempt to access a collection after it has been dropped. MongoDB; https://jira.mongodb.org/browse/SERVER-24755.Google Scholar
- Storch, D. 2016. MongoDB, jstests. GitHub; https://github.com/mongodb/mongo/tree/r3.3.12/jstests.Google Scholar
Index Terms
- MongoDB’s JavaScript Fuzzer: The fuzzer is for those edge cases that your testing didn’t catch.
Comments