Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem Faced While Running Offline-Instrumented Jar Files: java.lang.NoClassDefFoundError: com/code_intelligence/jazzer/runtime/CoverageMap #904

Open
MuxiLyuLucy opened this issue Jul 7, 2024 · 0 comments
Open

Problem Faced While Running Offline-Instrumented Jar Files: java.lang.NoClassDefFoundError: com/code_intelligence/jazzer/runtime/CoverageMap #904

MuxiLyuLucy opened this issue Jul 7, 2024 · 0 comments

Comments

@MuxiLyuLucy
Copy link

Hi! I built an experimental class that triggers OS Command Injection sanitizer, similar to OsCommandInjectionRuntimeExec in the exemplar folder of jazzer.

I am trying to offline-instrument the sanitizers of jazzer to my class and then run the instrumented jar file to see if the OS Command Injection sanitizer can be successfully triggered.

Here is how I implemented my class:

import java.util.concurrent.TimeUnit;
import static java.lang.Runtime.getRuntime;
import java.nio.file.*;
import java.io.IOException;
import java.nio.charset.StandardCharsets;

public class OsCommandInjectionRuntimeExec {
    public static void main(String[] args) {
        Path path = Paths.get("the path to an input file generated previously by jazzer");
        try {
            byte[] fileBytes = Files.readAllBytes(path);
            System.out.println("File read successfully.");
            String fileContent = new String(fileBytes, StandardCharsets.US_ASCII);
            System.out.println("File content as ASCII string:");
            System.out.println(fileContent);
            Process process = getRuntime().exec(fileContent, new String[] {});
            if (!process.waitFor(10, TimeUnit.MILLISECONDS)) {
                process.destroyForcibly();
            }
        } catch (IOException e) {
            e.printStackTrace();
        } catch (Exception ignored) {
            // Ignore execution and setup exceptions
        }
    }
}

Here is the script of how I tried to build the instrumented jar and run it:

mvn clean package
jazzer/jazzer --instrument_only=target/jazzer-jqf-test-1.0-SNAPSHOT.jar --dump_classes_dir=/tmp
java -cp jazzer-jqf-test-1.0-SNAPSHOT.instrumented.jar:$(find jazzer -name '*.jar' | tr '\n' ':') OsCommandInjectionRuntimeExec

These are the jar files in $(find jazzer -name '*.jar' | tr '\n' ':'):

jazzer-0.22.1.jar  jazzer-api-0.22.1.jar  jazzer-junit-0.22.1.jar  jazzer_standalone.jar

After I run my script, here is the error message:

Exception in thread "main" java.lang.NoClassDefFoundError: com/code_intelligence/jazzer/runtime/CoverageMap
        at OsCommandInjectionRuntimeExec.main(OsCommandInjectionRuntimeExec.java:25)
Caused by: java.lang.ClassNotFoundException: com.code_intelligence.jazzer.runtime.CoverageMap
        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
        at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:525)
        ... 1 more

I am wondering why this class (com/code_intelligence/jazzer/runtime/CoverageMap) is not included in jazzer-0.22.1.jar. What will be the correct way to run offline-instrumented jar files?

Thanks!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MuxiLyuLucy