Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bug detectors: command injection #407

Merged
merged 7 commits into from
May 19, 2023
Merged

Conversation

oetr
Copy link
Contributor

@oetr oetr commented Apr 20, 2023

This adds two features: 1) Jazzer.js now has a command injection bug detector; 2) the hooking framework now supports hooking builtin Node.js functions.

@oetr oetr force-pushed the FUZZ-587-bug-detectors-command-injection branch 24 times, most recently from fd6bc96 to 0e9f796 Compare April 27, 2023 11:47
0xricksanchez added a commit that referenced this pull request Apr 27, 2023
@oetr oetr force-pushed the FUZZ-587-bug-detectors-command-injection branch 3 times, most recently from 0047cca to 0539bcf Compare May 2, 2023 08:12
0xricksanchez added a commit that referenced this pull request May 2, 2023
@bertschneider
Copy link
Contributor

One more thing. Could you please update the PR name and description and try to merge related changes into dedicated commits?

@oetr oetr force-pushed the FUZZ-587-bug-detectors-command-injection branch from e864058 to 4e6deef Compare May 9, 2023 19:36
@oetr oetr changed the title TMP: bug detectors: command injection bug detectors: command injection May 9, 2023
@oetr oetr force-pushed the FUZZ-587-bug-detectors-command-injection branch 4 times, most recently from ee1c423 to 4176b67 Compare May 12, 2023 08:59
@oetr oetr requested a review from bertschneider May 12, 2023 09:13
Copy link
Contributor

@bertschneider bertschneider left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks quite good! I only added a few comments regarding safe mode and disabling bug detectors. Could you please start some documentation on bug detectors in general and the available one in particular as well?

packages/bug-detectors/command-injection.ts Outdated Show resolved Hide resolved
packages/bug-detectors/index.ts Outdated Show resolved Hide resolved
packages/bug-detectors/tsconfig.json Outdated Show resolved Hide resolved
packages/core/cli.ts Outdated Show resolved Hide resolved
packages/core/core.ts Show resolved Hide resolved
packages/core/core.ts Outdated Show resolved Hide resolved
packages/hooking/hook.ts Outdated Show resolved Hide resolved
packages/instrumentor/plugins/helpers.ts Outdated Show resolved Hide resolved
packages/jest-runner/fuzz.ts Outdated Show resolved Hide resolved
packages/jest-runner/worker.ts Outdated Show resolved Hide resolved
@oetr oetr force-pushed the FUZZ-587-bug-detectors-command-injection branch 3 times, most recently from 82c7d05 to 594488b Compare May 16, 2023 22:32
@oetr oetr requested a review from bertschneider May 16, 2023 22:57
@oetr oetr force-pushed the FUZZ-587-bug-detectors-command-injection branch from 594488b to 017b392 Compare May 16, 2023 23:01
0xricksanchez added a commit that referenced this pull request May 17, 2023
@oetr oetr force-pushed the FUZZ-587-bug-detectors-command-injection branch 3 times, most recently from d74262d to 2d39eb6 Compare May 19, 2023 10:12
oetr and others added 7 commits May 19, 2023 12:52
…leanup directories

- fix: clean up helpers.js and add type annotations
- fix: cleanup examples directory
- feat: introduce a common interface to register a new bug detector
- chore: rename command injection file
- docs: add doc-strings to the bug-detector interface
- chore: remove unnessary comment
- refactor: formatting
- refactor: break up long wrapper function into 2 pieces
- Also defer solving the problem of hooking functions used by
Jazzer.js internally into the future
- change target string from "touch EVIL" to "jaz_zer"
- some child_process methods need extra args on windows
- test bugfix: fix "env" to not run all jest tests in fuzzing mode
- jest runner prints the error; Jest returns "1" on failure
- handle different exit codes in tests on Windows and Linux
- split tests into general tests and tests for specific bug detectors
- use the new hooking framework internally for the command injection bug detector
- always wrap the function for jest
- improve naming, add comments, remove unused
- ignore errors when hooking built-in functions
- add a flag to disable bug detectors using patterns
- add a config in the package.json of the bug detector example that uses custom hooks to detect a finding
- clean the stack of the error messages properly
@oetr oetr force-pushed the FUZZ-587-bug-detectors-command-injection branch from 2d39eb6 to a4fcd2b Compare May 19, 2023 10:54
Copy link
Contributor

@bertschneider bertschneider left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great addition! Thanks for all the work you put into this PR.

@oetr oetr merged commit 9100b9b into main May 19, 2023
6 checks passed
@oetr oetr deleted the FUZZ-587-bug-detectors-command-injection branch May 19, 2023 12:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants