CodeAlchemist currently works on only Linux and we tested on Ubuntu 18.04.
- Install dependencies (
$ sudo apt update $ sudo apt install build-essential $ sudo apt install nodejs npm $ npm i email@example.com
dotnet depends on OS version, so please refer this link.
- Clone and build
$ git clone https://github.com/SoftSec-KAIST/CodeAlchemist $ cd CodeAlchemist $ make
- Prepare to start
Prepare JS seed files, a configuration file, and the requirements in the configuration. Please refer conf/README.md for writing the configuration file.
- Preprocess JS seed files
$ dotnet bin/Main.dll rewrite <conf ABSPATH> $ dotnet bin/Main.dll instrument <conf ABSPATH>
- Run fuzzing process
$ dotnet bin/Main.dll fuzz <conf ABSPATH>
There are four optional parameters for our JS code generation algorithm.
iMax(default: 8): The maximum number of iterations of the generation algorithm.
pBlk(default: 16): The probability of reinventing block statements.
iBlk(default: 3): The maximum number of iteration for generating a block statement.
dMax(default: 3): The maximum nesting level for a reassembling block statement.
You can specify parameters with following commands.
$ dotnet bin/Main.dll fuzz <conf ABSPATH> --iMax 8 --pBlk 16 --iBlk 3 --dMax 3
If you find bugs and get CVEs by running CodeAlchemist, please let us know by sending a PR for ./docs/CVE.md.
This research project has been conducted by SoftSec Lab at KAIST.
If you plan to use CodeAlchemist in your own research. Please consider citing our paper: