CTF
Search…
Untitled

Introduction

During my research into Javascript Engine (V8), I have created a tool to help you view recent V8 bugs on a single page. This is useful to analyze V8 vulnerabilities, detect different bug patterns or patch gapping. For patch gapping, there was also a case that developers pushed the regression test file before the patch was applied to Chrome (see Twitter 0day)

How It Works

The tool simply parsed all regress-* files under the directory and sub-directory of /src/v8/test/mjsunit/
From there, I used git log to retrieve information related to the regress file.
1
git log -1 --name-only /path/to/regress/file
Copied!
Each regress will contain these information :
The output of each regress will look like this
Output
Using this method, I have gathered a large set of PoCs/Regression tests with related information, ordered by committed time and divided by year, from 2016 to 2021. See V8 Harvest.

How To Use

Install following python3 lib
1
python3 -m pip install GitPython
2
python3 -m pip install tqdm
Copied!
Clone the V8 git repo to your local machine
1
git clone https://github.com/v8/v8.git
Copied!
Put v8Harvest.py in V8's folder and run it, output will be named output.md
Note: Big thank to Jacob for helping me with cleaning my clumsy code and porting it to python3
Last modified 5mo ago