Question about support for already running applications

Question

Question about support for already running applications

freedom1b2830 opened this issue 3 years ago · 1 comments

freedom1b2830 commented 3 years ago

Can jqf be used on already running applications using javaagents?

Let's take minecraft as an example.

Server starts with javaagent
java -javaagent:JQFagent.jar server.jar

server load plugin from ./plugins dir (plugin contains @RunWith(JQF.class) @Fuzz code)

maven plugin starts fuzzy instructions
hooks in agent catch exceptions

java agent send exceptions to maven plugin

Answer 1 · 2022-06-06T12:32:38.000Z

Hmm... I've never really tried it but it is worth attempting. JQF can indeed be used with a JavaAgent instead of a Maven plugin. There is a script called bin/jqf-zest which allows invoking JQF on the command-line (sample usage shown in the 101 tutorial). If you follow what the script does, you will reach scripts/jqf-driver.sh, which actually does use the jqf-instrument JAR as a javaagent, where the premain method is in SnoopInstructionTransformer. So, the javaagent itself does the instrumentation and you don't really need the Maven plugin at all.

If you start the JVM with this JavaAgent, then you get instrumentation for free. You can then invoke a fuzz test (i.e., a method annotated with @Fuzz) programmatically by calling GuidedFuzzing.run() with the system classloader (you don't need an instrumenting classloader like the Maven plugin because the javaagent is already instrumenting classes for you).

Now, all of this will only work in your example if the application code to fuzz is in server.jar. If you are connecting remotely over a network, then I am not sure how much coverage feedback you will get even if you can actually invoke the application via RPCs.