diff options
author | Fabian Meumertzheim <fabian@meumertzhe.im> | 2022-09-12 18:33:51 +0200 |
---|---|---|
committer | Fabian Meumertzheim <fabian@meumertzhe.im> | 2022-09-14 10:35:02 +0200 |
commit | 0b5e0f118af6de9d53845b3f0c826580755cfd4a (patch) | |
tree | 62e02b731cab8b46c075509ea8fb1e1e1b989fc2 /examples | |
parent | 043af9a9833b75cadb6d13fff2ed307d30f69c9b (diff) | |
download | jazzer-api-0b5e0f118af6de9d53845b3f0c826580755cfd4a.tar.gz |
tests: Verify the stack traces printed in tests
New logic in the FuzzTargetTestWrapper verifies that:
1. stack traces correspond to findings;
2. stack traces contain no frames for Jazzer-internal classes.
This makes it possible to verify that findings are produced as expected
even in cases where the reproducer doesn't reproduce the finding (e.g.,
because it comes from a hook). This caught the issue with UBSan fuzzing
fixed in a previous commit.
Diffstat (limited to 'examples')
-rw-r--r-- | examples/BUILD.bazel | 17 | ||||
-rw-r--r-- | examples/junit/src/test/java/com/example/BUILD.bazel | 2 |
2 files changed, 16 insertions, 3 deletions
diff --git a/examples/BUILD.bazel b/examples/BUILD.bazel index 89913757..2b3c1704 100644 --- a/examples/BUILD.bazel +++ b/examples/BUILD.bazel @@ -17,8 +17,11 @@ java_fuzz_target_test( java_fuzz_target_test( name = "ExampleFuzzer", srcs = ["src/main/java/com/example/ExampleFuzzer.java"], + expected_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium"], hook_jar = "ExampleFuzzerHooks_deploy.jar", target_class = "com.example.ExampleFuzzer", + # Does not crash due to not using the hook. + verify_crash_reproducer = False, ) java_binary( @@ -48,6 +51,7 @@ java_jni_library( java_fuzz_target_test( name = "ExampleFuzzerWithASan", + expected_findings = ["thread_dump"], fuzzer_args = ["--jvm_args=-Djazzer.native_lib=native_asan"], sanitizer = "address", target_class = "com.example.ExampleFuzzerWithNative", @@ -60,6 +64,7 @@ java_fuzz_target_test( java_fuzz_target_test( name = "ExampleFuzzerWithUBSan", + expected_findings = ["thread_dump"], fuzzer_args = ["--jvm_args=-Djazzer.native_lib=native_ubsan"], sanitizer = "undefined", target_class = "com.example.ExampleFuzzerWithNative", @@ -84,8 +89,10 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/ExamplePathTraversalFuzzer.java", ], + expected_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueHigh"], hook_jar = "ExamplePathTraversalFuzzerHooks_deploy.jar", target_class = "com.example.ExamplePathTraversalFuzzer", + verify_crash_reproducer = False, ) java_fuzz_target_test( @@ -114,7 +121,10 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/ExampleOutOfMemoryFuzzer.java", ], - expected_findings = ["java.lang.OutOfMemoryError"], + expected_findings = [ + "com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow", + "java.lang.OutOfMemoryError", + ], fuzzer_args = ["--jvm_args=-Xmx512m"], target_class = "com.example.ExampleOutOfMemoryFuzzer", ) @@ -124,7 +134,10 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/ExampleStackOverflowFuzzer.java", ], - expected_findings = ["java.lang.StackOverflowError"], + expected_findings = [ + "com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow", + "java.lang.StackOverflowError", + ], target_class = "com.example.ExampleStackOverflowFuzzer", # Crashes with a segfault before any stack trace printing is reached. target_compatible_with = SKIP_ON_MACOS, diff --git a/examples/junit/src/test/java/com/example/BUILD.bazel b/examples/junit/src/test/java/com/example/BUILD.bazel index f45738fa..3f13db40 100644 --- a/examples/junit/src/test/java/com/example/BUILD.bazel +++ b/examples/junit/src/test/java/com/example/BUILD.bazel @@ -37,7 +37,7 @@ java_fuzz_target_test( name = "ByteFuzzTest", srcs = ["ValidFuzzTests.java"], args = ["-runs=0"], - expected_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium"], + expected_findings = ["org.opentest4j.AssertionFailedError"], target_class = "com.example.ValidFuzzTests", target_method = "byteFuzz", verify_crash_reproducer = False, |