Khaled Yakdan

icon indicating a website link https://code-intelligence.com/ icon indicating an email [email protected]

icon company @CodeIntelligenceTesting icon location Bonn, Germany icon location Co-founder of @CodeIntelligenceTesting

Results 6 issues of Khaled Yakdan

Add an allow list for classes that can be loaded by JXPath

35 comment

Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and...

Support overlay configs

Tools that perform source-to-source translation often generate overlay JSON files that provide replacements for instrumented files. This way go build can use the instrumented source files without having to pollute...

Filter packages to instrument

To enhance fuzzing performance, we can limit coverage instrumentation to packages that we want the fuzzer to explore. This way, the fuzzer will focus on exploring the packages of interest....

XXX run tests on macOS

Ignore unknown addresses in sanitizer reports

Sometimes, the sanitizer logs contain crash addresses marked as _unknown_. Here is an example ASan report due to an abort signal (ABRT): ==528025==ERROR: AddressSanitizer: ABRT on unknown address 0x... (pc...

Add option for regular stats file updates

Honggfuzz updates the stats file only when an increase in coverage (edge, pc, cmp, hw) counters is observed. The stats file includes metrics such as `total_exec` and `exec_per_sec` that are...