Fuzzing for JavaScript Engine Incomplete Security Patches
| Engine | Alias | Source |
|---|---|---|
| JerryScript | jerry | https://github.com/pando-project/jerryscript |
| SpiderMonkey | sm | Firefox js/src |
| JavaScriptCore | jsc | WebKit |
| V8 | v8 | Chrome |
| ChakraCore | chakra | Microsoft Edge Legacy |
cd <engine_repo>
git log --date=short -m --name-status | python3 main.py <output_dir> <engine> <repo_dir># JerryScript
cd /data/workspace/jerryscript
git log --date=short -m --name-status | python3 /data/workspace/patchfuzz/main.py /data/workspace/patchfuzz/output jerry /data/workspace/jerryscript
# SpiderMonkey
cd /data/workspace/firefox
git log --date=short -m --name-status | python3 /data/workspace/patchfuzz/main.py /data/workspace/patchfuzz/output sm /data/workspace/firefox
# JavaScriptCore
cd /data/workspace/WebKit
git log --date=short -m --name-status | python3 /data/workspace/patchfuzz/main.py /data/workspace/patchfuzz/output jsc /data/workspace/WebKit
# V8
cd /data/workspace/chromium
git log --date=short -m --name-status | python3 /data/workspace/patchfuzz/main.py /data/workspace/patchfuzz/output v8 /data/workspace/chromium
# ChakraCore
cd /data/workspace/ChakraCore
git log --date=short -m --name-status | python3 /data/workspace/patchfuzz/main.py /data/workspace/patchfuzz/output chakra /data/workspace/ChakraCoreoutput/<engine>/
├── <engine>_<date>.csv # Extracted commit info
├── <engine>_allowlist.txt # AFL instrumentation allowlist
├── test/<date>/ # Raw extracted JS files
└── poc/ # Preprocessed POC files for fuzzing
./fuzzJSC.sh <poc_dir> <output_dir> <num_instances>
./fuzzV8.sh <poc_dir> <output_dir> <num_instances>
./fuzzSM.sh <poc_dir> <output_dir> <num_instances>