diff options
author | Fabian Meumertzheim <meumertzheim@code-intelligence.com> | 2021-05-03 16:29:46 +0200 |
---|---|---|
committer | Fabian Meumertzheim <fabian@meumertzhe.im> | 2021-05-14 11:12:43 +0200 |
commit | 3e1e48a5eae1b322844feba46a99a072a18230ee (patch) | |
tree | 10fb05a1d307ccd1a24f8021e0f630e1d9294660 /agent | |
parent | 0dcaf23ee1472c737bedd92aae5a7b340ce570a6 (diff) | |
download | jazzer-api-3e1e48a5eae1b322844feba46a99a072a18230ee.tar.gz |
Add a sanitizer for insecure deserialization
Diffstat (limited to 'agent')
-rw-r--r-- | agent/BUILD.bazel | 7 | ||||
-rw-r--r-- | agent/src/main/java/com/code_intelligence/jazzer/agent/RuntimeInstrumentor.kt | 2 |
2 files changed, 8 insertions, 1 deletions
diff --git a/agent/BUILD.bazel b/agent/BUILD.bazel index 8203f269..fdb4f2df 100644 --- a/agent/BUILD.bazel +++ b/agent/BUILD.bazel @@ -1,13 +1,18 @@ load("@rules_java//java:defs.bzl", "java_binary") +load("//sanitizers:sanitizers.bzl", "SANITIZER_CLASSES") java_binary( name = "jazzer_agent", create_executable = False, deploy_manifest_lines = [ "Premain-Class: com.code_intelligence.jazzer.agent.Agent", + "Jazzer-Hook-Classes: {}".format(":".join(SANITIZER_CLASSES)), ], visibility = ["//visibility:public"], - runtime_deps = ["//agent/src/main/java/com/code_intelligence/jazzer/agent:agent_lib"], + runtime_deps = [ + "//agent/src/main/java/com/code_intelligence/jazzer/agent:agent_lib", + "//sanitizers", + ], ) java_binary( diff --git a/agent/src/main/java/com/code_intelligence/jazzer/agent/RuntimeInstrumentor.kt b/agent/src/main/java/com/code_intelligence/jazzer/agent/RuntimeInstrumentor.kt index 4439f247..9deb4ca6 100644 --- a/agent/src/main/java/com/code_intelligence/jazzer/agent/RuntimeInstrumentor.kt +++ b/agent/src/main/java/com/code_intelligence/jazzer/agent/RuntimeInstrumentor.kt @@ -42,6 +42,8 @@ private val BASE_EXCLUDED_CLASS_NAME_GLOBS = listOf( "com.code_intelligence.jazzer.**", "com.sun.**", // package for Proxy objects "java.**", + "jaz.Ter", // safe companion of the honeypot class used by sanitizers + "jaz.Zer", // honeypot class used by sanitizers "jdk.**", "kotlin.**", "sun.**", |