Allow adding additional ObjectGroups to environment using Profile #419
Conversation
| logger.verbose("Loaded additional builtins from profile: \(profile.additionalBuiltins.map { $0.key })") | ||
| } | ||
| if !profile.additionalObjectGroups.isEmpty { | ||
| logger.verbose("Loaded additional ObjectGroups from profile: \(profile.additionalObjectGroups.map { $0.name })") |
There was a problem hiding this comment.
| logger.verbose("Loaded additional builtins from profile: \(profile.additionalBuiltins.map { $0.key })") | |
| } | |
| if !profile.additionalObjectGroups.isEmpty { | |
| logger.verbose("Loaded additional ObjectGroups from profile: \(profile.additionalObjectGroups.map { $0.name })") | |
| logger.info("Loaded additional builtins from profile: \(profile.additionalBuiltins.map { $0.key })") | |
| } | |
| if !profile.additionalObjectGroups.isEmpty { | |
| logger.info("Loaded additional ObjectGroups from profile: \(profile.additionalObjectGroups.map { $0.name })") |
What are your thoughts on using logger.info instead logger.verbose here?
There was a problem hiding this comment.
I don't think this logging is necessary as we will also print all registered builtins in the initialize function in the JavaScriptEnvironment. So if you want to keep this for visibility then we should use .verbose, otherwise I think we could also drop this, your choice :)
There was a problem hiding this comment.
Ah, I noticed that initialize in JavaScriptEnvironment prints all the registered builtins and objectGroups. Since we fuzz using quite a few Fuzzilli profiles, I think we'd find it helpful to have which of the objectGroups and builtins were loaded from the profile without having to search through the full list of objectGroups and builtins in our logs
| logger.verbose("Loaded additional builtins from profile: \(profile.additionalBuiltins.map { $0.key })") | ||
| } | ||
| if !profile.additionalObjectGroups.isEmpty { | ||
| logger.verbose("Loaded additional ObjectGroups from profile: \(profile.additionalObjectGroups.map { $0.name })") |
There was a problem hiding this comment.
I don't think this logging is necessary as we will also print all registered builtins in the initialize function in the JavaScriptEnvironment. So if you want to keep this for visibility then we should use .verbose, otherwise I think we could also drop this, your choice :)
|
Thanks for the review, Carl! :) |
Summary: For easier maintenance when pulling in future changes from upstream Related PR: googleprojectzero/fuzzilli#419 Reviewed By: werew Differential Revision: D54571292 fbshipit-source-id: 763b8ae1ae11aa458bd0b432f67640e0c1ab7668
Summary: Original Author: [email protected] Original Git: 5e22aeb Original Reviewed By: werew Original Revision: D54571292 For easier maintenance when pulling in future changes from upstream Related PR: googleprojectzero/fuzzilli#419 Reviewed By: neildhar Differential Revision: D58849769 fbshipit-source-id: 02ea7874d8cbdafc07a54499ca731f4620d58dc1
As far as I'm aware, currently the only way to add additional ObjectGroups to the JS environment requires maintaining a separate fork of Fuzzilli. I thought allowing users of Fuzzilli to supply additional ObjectGroups in their Profiles would remove the need to maintain a separate fork to have a different JS environment from the main branch of Fuzzilli.
An example of a fork that could've benefited from this change is fuzzilli4wasm
Example use case
For Hermes, we want to fuzz the TextEncoder web API (facebook/hermes@3863a36, facebook/hermes@7f9d9d5, facebook/hermes@14790c9):
Test plan
Fuzzilli.JavaScriptEnvironment.groupsandFuzzilli.JavaScriptEnvironment.builtinTypesaccess control modifiers fromprivatetopublicenvironment.groupsandenvironment.builtinTypesin FuzzilliCli/main.swiftswift run FuzzilliCli --profile=hermes ../fuzzilli_build/bin/fuzzilli --storagePath=./corpus --logLevel=verboseTextEncoderis in the output forenvironment.groupsandenvironment.builtinTypes