-
-
Notifications
You must be signed in to change notification settings - Fork 330
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Executors and observers for non-native targets #742
Comments
Oh, and obviously I'm interested in working on this. :) I wanted to see what the libafl team's response would be before getting started. I'll make individual issues with tasks for each interpreted executor/observer. |
You can also take a look at libafl_atheris which can fuzz python: |
(but obviously it's awesome if you want to work on this ;) ) |
Oops! I didn't grok that that was already present, despite looking at it multiple times 🤦 Getting it as its own executor would still be nice. :) |
Is your feature request related to a problem? Please describe.
Currently, libafl only supports native targets. There are many targets which are not native, e.g. JavaScript, Python, Java, etc. targets, which can benefit from many of the existing observers, feedbacks, and other features present in libafl. Additionally, such support would allow us to unify efforts for different fuzzing domains.
Describe the solution you'd like
Executors and observers for various interpreted languages, e.g., libafl_v8, libafl_openjdk, libafl_pyo3, etc.
Describe alternatives you've considered
There are many existing fuzzers for interpreted/VM targets.
Again, while these alternatives are present, it doesn't allow us the same extensibility or code reuse as libafl.
Additional context
In future work, we may be able to leverage such tools in greater contexts, e.g. libafl_v8 to find XSS bugs in various frontend JS libraries by integrating with Google Chrome and using something similar to the recent ExecSan work.
The text was updated successfully, but these errors were encountered: