Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Executors and observers for non-native targets #742

Closed
addisoncrump opened this issue Aug 24, 2022 · 5 comments
Closed

Executors and observers for non-native targets #742

addisoncrump opened this issue Aug 24, 2022 · 5 comments
Labels
enhancement New feature or request

Comments

@addisoncrump
Copy link
Collaborator

Is your feature request related to a problem? Please describe.
Currently, libafl only supports native targets. There are many targets which are not native, e.g. JavaScript, Python, Java, etc. targets, which can benefit from many of the existing observers, feedbacks, and other features present in libafl. Additionally, such support would allow us to unify efforts for different fuzzing domains.

Describe the solution you'd like
Executors and observers for various interpreted languages, e.g., libafl_v8, libafl_openjdk, libafl_pyo3, etc.

Describe alternatives you've considered
There are many existing fuzzers for interpreted/VM targets.

Again, while these alternatives are present, it doesn't allow us the same extensibility or code reuse as libafl.

Additional context
In future work, we may be able to leverage such tools in greater contexts, e.g. libafl_v8 to find XSS bugs in various frontend JS libraries by integrating with Google Chrome and using something similar to the recent ExecSan work.

@addisoncrump addisoncrump added the enhancement New feature or request label Aug 24, 2022
@addisoncrump
Copy link
Collaborator Author

Oh, and obviously I'm interested in working on this. :) I wanted to see what the libafl team's response would be before getting started. I'll make individual issues with tasks for each interpreted executor/observer.

@domenukk
Copy link
Member

domenukk commented Aug 25, 2022

You can also take a look at libafl_atheris which can fuzz python:
https://github.com/AFLplusplus/LibAFL/tree/main/fuzzers/libafl_atheris

@domenukk
Copy link
Member

(but obviously it's awesome if you want to work on this ;) )

@addisoncrump
Copy link
Collaborator Author

You can also take a look at libafl_atheris which can fuzz python: https://github.com/AFLplusplus/LibAFL/tree/main/fuzzers/libafl_atheris

Oops! I didn't grok that that was already present, despite looking at it multiple times 🤦 Getting it as its own executor would still be nice. :)

@domenukk
Copy link
Member

We got some more executors now, like #864 #966 and #744 so closing for now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants