diff options
author | Fabian Meumertzheim <meumertzheim@code-intelligence.com> | 2021-10-18 18:48:23 +0200 |
---|---|---|
committer | Fabian Meumertzheim <fabian@meumertzhe.im> | 2021-10-19 11:07:51 +0200 |
commit | fe90d4a42153739a15b5af3eaac9da59b726df02 (patch) | |
tree | f7dd1512b7accdf4cd500a18f1cda4973da98708 /agent | |
parent | aa60a2e68aa011c45a273e5349c07f1b9007e7b2 (diff) | |
download | jazzer-api-fe90d4a42153739a15b5af3eaac9da59b726df02.tar.gz |
Allow fuzzing constructors
Syntax is String::new, just like for method references.
Diffstat (limited to 'agent')
-rw-r--r-- | agent/src/main/java/com/code_intelligence/jazzer/autofuzz/FuzzTarget.java | 48 |
1 files changed, 32 insertions, 16 deletions
diff --git a/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/FuzzTarget.java b/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/FuzzTarget.java index b5b97fd6..b38cb9c5 100644 --- a/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/FuzzTarget.java +++ b/agent/src/main/java/com/code_intelligence/jazzer/autofuzz/FuzzTarget.java @@ -17,6 +17,8 @@ package com.code_intelligence.jazzer.autofuzz; import com.code_intelligence.jazzer.api.FuzzedDataProvider; import com.code_intelligence.jazzer.utils.Utils; import java.io.UnsupportedEncodingException; +import java.lang.reflect.Constructor; +import java.lang.reflect.Executable; import java.lang.reflect.Method; import java.net.URLDecoder; import java.util.Arrays; @@ -29,8 +31,8 @@ public class FuzzTarget { private static final long MAX_EXECUTIONS_WITHOUT_INVOCATION = 100; private static String methodReference; - private static Method[] targetMethods; - private static Map<Method, Class<?>[]> throwsDeclarations; + private static Executable[] targetExecutables; + private static Map<Executable, Class<?>[]> throwsDeclarations; private static long executionsSinceLastInvocation = 0; public static void fuzzerInitialize(String[] args) { @@ -77,13 +79,23 @@ public class FuzzTarget { return; } - targetMethods = Arrays.stream(targetClass.getMethods()) - .filter(method - -> method.getName().equals(methodName) - && (descriptor == null - || Utils.getReadableDescriptor(method).equals(descriptor))) - .toArray(Method[] ::new); - if (targetMethods.length == 0) { + if (methodName.equals("new")) { + targetExecutables = + Arrays.stream(targetClass.getConstructors()) + .filter(constructor + -> descriptor == null + || Utils.getReadableDescriptor(constructor).equals(descriptor)) + .toArray(Executable[] ::new); + } else { + targetExecutables = + Arrays.stream(targetClass.getMethods()) + .filter(method + -> method.getName().equals(methodName) + && (descriptor == null + || Utils.getReadableDescriptor(method).equals(descriptor))) + .toArray(Executable[] ::new); + } + if (targetExecutables.length == 0) { if (descriptor == null) { System.err.printf("Failed to find accessible methods named %s in class %s for autofuzz.%n" + "Accessible methods:%n%s", @@ -122,7 +134,7 @@ public class FuzzTarget { }) .collect(Collectors.toList()); throwsDeclarations = - Arrays.stream(targetMethods) + Arrays.stream(targetExecutables) .collect(Collectors.toMap(method -> method, method @@ -131,14 +143,18 @@ public class FuzzTarget { } public static void fuzzerTestOneInput(FuzzedDataProvider data) throws Throwable { - Method targetMethod; - if (targetMethods.length == 1) { - targetMethod = targetMethods[0]; + Executable targetExecutable; + if (FuzzTarget.targetExecutables.length == 1) { + targetExecutable = FuzzTarget.targetExecutables[0]; } else { - targetMethod = data.pickValue(targetMethods); + targetExecutable = data.pickValue(FuzzTarget.targetExecutables); } try { - Meta.autofuzz(data, targetMethod); + if (targetExecutable instanceof Method) { + Meta.autofuzz(data, (Method) targetExecutable); + } else { + Meta.autofuzz(data, (Constructor<?>) targetExecutable); + } executionsSinceLastInvocation = 0; } catch (AutofuzzConstructionException e) { if (Meta.isDebug()) { @@ -159,7 +175,7 @@ public class FuzzTarget { Throwable cause = e.getCause(); Class<?> causeClass = cause.getClass(); // Do not report exceptions declared to be thrown by the method under test. - for (Class<?> declaredThrow : throwsDeclarations.get(targetMethod)) { + for (Class<?> declaredThrow : throwsDeclarations.get(targetExecutable)) { if (declaredThrow.isAssignableFrom(causeClass)) { return; } |