diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 05:09:17 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 05:09:17 +0000 |
| commit | 9c1babbb2eff7f4ea133f4e049ecc340d0a66521 (patch) | |
| tree | 3243e58e56d3a8dee60c582a2c917d18edc9bd5a /sanitizers/src/test/java/com/example/LdapDnInjection.java | |
| parent | a74c14e5721cfd85dd0d0ebc3789ac0657564b7b (diff) | |
| parent | ba37c2e361c2ba91bacc47fcae5383c52e50f6be (diff) | |
| download | jazzer-api-android14-mainline-sdkext-release.tar.gz | |
Snap for 10453563 from ba37c2e361c2ba91bacc47fcae5383c52e50f6be to mainline-sdkext-releaseaml_sdk_341710000aml_sdk_341510000aml_sdk_341410000aml_sdk_341110080aml_sdk_341110000aml_sdk_341010000aml_sdk_340912010android14-mainline-sdkext-release
Change-Id: I75e517760138919b7691d8120888c254d8a9f04f
Diffstat (limited to 'sanitizers/src/test/java/com/example/LdapDnInjection.java')
| -rw-r--r-- | sanitizers/src/test/java/com/example/LdapDnInjection.java | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/sanitizers/src/test/java/com/example/LdapDnInjection.java b/sanitizers/src/test/java/com/example/LdapDnInjection.java new file mode 100644 index 00000000..911db1dc --- /dev/null +++ b/sanitizers/src/test/java/com/example/LdapDnInjection.java @@ -0,0 +1,39 @@ +// Copyright 2021 Code Intelligence GmbH +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.example; + +import com.code_intelligence.jazzer.api.FuzzedDataProvider; +import java.util.Hashtable; +import javax.naming.Context; +import javax.naming.NamingException; +import javax.naming.directory.InitialDirContext; +import javax.naming.directory.SearchControls; + +public class LdapDnInjection { + private static InitialDirContext ctx; + + public static void fuzzerInitialize() throws NamingException { + Hashtable<String, String> env = new Hashtable<>(); + env.put(Context.INITIAL_CONTEXT_FACTORY, "com.example.ldap.MockInitialContextFactory"); + ctx = new InitialDirContext(env); + } + + public static void fuzzerTestOneInput(FuzzedDataProvider fuzzedDataProvider) throws Exception { + // Externally provided DN input needs to be escaped properly + String ou = fuzzedDataProvider.consumeRemainingAsString(); + String base = "ou=" + ou + ",dc=example,dc=com"; + ctx.search(base, "(&(uid=foo)(cn=bar))", new SearchControls()); + } +} |