Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add script engine injection sanitizer with real life example #531

Merged
merged 12 commits into from Jun 13, 2023
Merged

Add script engine injection sanitizer with real life example #531

merged 12 commits into from Jun 13, 2023

Commits on Jun 13, 2023

  1. add apache commons text dependency

    @gdemarcsek @bertschneider
    gdemarcsek authored and bertschneider committed Jun 13, 2023
    Copy the full SHA
    32c28b0 View commit details
    Browse the repository at this point in the history

  2. add script engine injection sanitizer

    @gdemarcsek @bertschneider
    gdemarcsek authored and bertschneider committed Jun 13, 2023
    Copy the full SHA
    fc24b2f View commit details
    Browse the repository at this point in the history

  3. add CommonsTextFuzzer example

    @gdemarcsek @bertschneider
    gdemarcsek authored and bertschneider committed Jun 13, 2023
    Copy the full SHA
    579099a View commit details
    Browse the repository at this point in the history

  4. remove unnecessary rethrow

    @gdemarcsek @bertschneider
    gdemarcsek authored and bertschneider committed Jun 13, 2023
    Copy the full SHA
    f5bb901 View commit details
    Browse the repository at this point in the history

  5. pin hooks to specific method descriptors for stability

    @gdemarcsek @bertschneider
    gdemarcsek authored and bertschneider committed Jun 13, 2023
    Copy the full SHA
    c0197eb View commit details
    Browse the repository at this point in the history

  6. turn off crash reproducer verification for now for ScriptEngineInject… 

    …ion test because the reproducer / verifier seems to be either faulty or not fully supporting hooks yet?
    @gdemarcsek @bertschneider
    gdemarcsek authored and bertschneider committed Jun 13, 2023
    Copy the full SHA
    28b30dd View commit details
    Browse the repository at this point in the history

  7. clang format on new java files

    @gdemarcsek @bertschneider
    gdemarcsek authored and bertschneider committed Jun 13, 2023
    Copy the full SHA
    86ebc23 View commit details
    Browse the repository at this point in the history

  8. remove crash reproducer verifier from commons text example as well

    @gdemarcsek @bertschneider
    gdemarcsek authored and bertschneider committed Jun 13, 2023
    Copy the full SHA
    89446f1 View commit details
    Browse the repository at this point in the history

  9. remove hook that is no longer needed (however likely makes the Common… 

    …s Text example somewhat slower)
    @gdemarcsek @bertschneider
    gdemarcsek authored and bertschneider committed Jun 13, 2023
    Copy the full SHA
    71c2ddf View commit details
    Browse the repository at this point in the history

  10. Fix tyop sanitizers/src/main/java/com/code_intelligence/jazzer/saniti… 

    …zers/ScriptEngineInjection.java

Co-authored-by: Fabian Meumertzheim <fabian@meumertzhe.im>
    @gdemarcsek @fmeum @bertschneider
    2 people authored and bertschneider committed Jun 13, 2023
    Copy the full SHA
    a24d494 View commit details
    Browse the repository at this point in the history

  11. try fixing formatting

    @gdemarcsek @bertschneider
    gdemarcsek authored and bertschneider committed Jun 13, 2023
    Copy the full SHA
    a76e9fe View commit details
    Browse the repository at this point in the history

  12. Reworked script engine detector 

    Check for containment of payload in script content in all overloads of
eval.
    @bertschneider
    bertschneider committed Jun 13, 2023
    Copy the full SHA
    af3ae4d View commit details
    Browse the repository at this point in the history