Merged
Conversation
fd6bc96 to
0e9f796
Compare
0xricksanchez
pushed a commit
that referenced
this pull request
Apr 27, 2023
0047cca to
0539bcf
Compare
0xricksanchez
pushed a commit
that referenced
this pull request
May 2, 2023
Contributor
|
One more thing. Could you please update the PR name and description and try to merge related changes into dedicated commits? |
e864058 to
4e6deef
Compare
ee1c423 to
4176b67
Compare
Contributor
bertschneider
left a comment
There was a problem hiding this comment.
This looks quite good! I only added a few comments regarding safe mode and disabling bug detectors. Could you please start some documentation on bug detectors in general and the available one in particular as well?
82c7d05 to
594488b
Compare
594488b to
017b392
Compare
0xricksanchez
pushed a commit
that referenced
this pull request
May 17, 2023
d74262d to
2d39eb6
Compare
…leanup directories - fix: clean up helpers.js and add type annotations - fix: cleanup examples directory - feat: introduce a common interface to register a new bug detector - chore: rename command injection file - docs: add doc-strings to the bug-detector interface - chore: remove unnessary comment - refactor: formatting - refactor: break up long wrapper function into 2 pieces
- Also defer solving the problem of hooking functions used by Jazzer.js internally into the future
- change target string from "touch EVIL" to "jaz_zer" - some child_process methods need extra args on windows - test bugfix: fix "env" to not run all jest tests in fuzzing mode - jest runner prints the error; Jest returns "1" on failure - handle different exit codes in tests on Windows and Linux - split tests into general tests and tests for specific bug detectors
- use the new hooking framework internally for the command injection bug detector - always wrap the function for jest - improve naming, add comments, remove unused - ignore errors when hooking built-in functions - add a flag to disable bug detectors using patterns - add a config in the package.json of the bug detector example that uses custom hooks to detect a finding - clean the stack of the error messages properly
2d39eb6 to
a4fcd2b
Compare
bertschneider
approved these changes
May 19, 2023
Contributor
bertschneider
left a comment
There was a problem hiding this comment.
Great addition! Thanks for all the work you put into this PR.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds two features: 1) Jazzer.js now has a command injection bug detector; 2) the hooking framework now supports hooking builtin Node.js functions.