diff options
Diffstat (limited to 'tests/src/test/java/com')
19 files changed, 526 insertions, 28 deletions
diff --git a/tests/src/test/java/com/example/AutofuzzAssertionErrorTarget.java b/tests/src/test/java/com/example/AutofuzzAssertionErrorTarget.java new file mode 100644 index 00000000..d692371f --- /dev/null +++ b/tests/src/test/java/com/example/AutofuzzAssertionErrorTarget.java @@ -0,0 +1,23 @@ +/* + * Copyright 2023 Code Intelligence GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example; + +public class AutofuzzAssertionErrorTarget { + public static void autofuzz(byte[] b) { + assert b == null || b.length <= 5 || b[3] != 7; + } +} diff --git a/tests/src/test/java/com/example/AutofuzzCrashingSetterTarget.java b/tests/src/test/java/com/example/AutofuzzCrashingSetterTarget.java new file mode 100644 index 00000000..1af0c7bf --- /dev/null +++ b/tests/src/test/java/com/example/AutofuzzCrashingSetterTarget.java @@ -0,0 +1,21 @@ +/* + * Copyright 2023 Code Intelligence GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example; + +public class AutofuzzCrashingSetterTarget extends Thread { + public void start(final byte[] out) {} +} diff --git a/tests/src/test/java/com/example/AutofuzzIgnoreTarget.java b/tests/src/test/java/com/example/AutofuzzIgnoreTarget.java new file mode 100644 index 00000000..d71ca4d9 --- /dev/null +++ b/tests/src/test/java/com/example/AutofuzzIgnoreTarget.java @@ -0,0 +1,28 @@ +// Copyright 2022 Code Intelligence GmbH +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.example; + +public class AutofuzzIgnoreTarget { + @SuppressWarnings("unused") + public void doStuff(String data) { + if (data.isEmpty()) { + throw new NullPointerException(); + } + if (data.length() < 10) { + throw new IllegalArgumentException(); + } + throw new RuntimeException(); + } +} diff --git a/tests/src/test/java/com/example/CoverageFuzzer.java b/tests/src/test/java/com/example/CoverageFuzzer.java index 8f63639d..1d65d3b7 100644 --- a/tests/src/test/java/com/example/CoverageFuzzer.java +++ b/tests/src/test/java/com/example/CoverageFuzzer.java @@ -18,10 +18,6 @@ package com.example; import com.code_intelligence.jazzer.api.FuzzedDataProvider; import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow; -import com.code_intelligence.jazzer.third_party.org.jacoco.core.data.ExecutionData; -import com.code_intelligence.jazzer.third_party.org.jacoco.core.data.ExecutionDataReader; -import com.code_intelligence.jazzer.third_party.org.jacoco.core.data.ExecutionDataStore; -import com.code_intelligence.jazzer.third_party.org.jacoco.core.data.SessionInfoStore; import java.io.FileInputStream; import java.io.IOException; import java.nio.file.Files; @@ -30,6 +26,10 @@ import java.util.ArrayList; import java.util.List; import java.util.stream.Collectors; import java.util.stream.IntStream; +import org.jacoco.core.data.ExecutionData; +import org.jacoco.core.data.ExecutionDataReader; +import org.jacoco.core.data.ExecutionDataStore; +import org.jacoco.core.data.SessionInfoStore; /** * Test of coverage report and dump. @@ -171,7 +171,7 @@ public final class CoverageFuzzer { assertEquals(7, countHits(coverageFuzzerCoverage.getProbes())); assertEquals("com/example/CoverageFuzzer$ClassToCover", classToCoverCoverage.getName()); - assertEquals(11, countHits(classToCoverCoverage.getProbes())); + assertEquals(10, countHits(classToCoverCoverage.getProbes())); } private static int countHits(boolean[] probes) { diff --git a/tests/src/test/java/com/example/CrashResistantCoverageTarget.java b/tests/src/test/java/com/example/CrashResistantCoverageTarget.java new file mode 100644 index 00000000..c88d4509 --- /dev/null +++ b/tests/src/test/java/com/example/CrashResistantCoverageTarget.java @@ -0,0 +1,37 @@ +// Copyright 2022 Code Intelligence GmbH +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.example; + +import java.time.Instant; + +public class CrashResistantCoverageTarget { + public static void fuzzerTestOneInput(byte[] data) { + if (data.length < 10) { + // Crash immediately on the empty and the first seed input so that we can verify that the + // crash-resistant merge strategy actually works. + throw new IllegalStateException("Crash"); + } + if (data.length < 100) { + someFunction(); + } + } + + public static void someFunction() { + // A non-trivial condition that always evaluates to true. + if (Instant.now().getNano() >= 0) { + System.out.println("Hello, world!"); + } + } +} diff --git a/tests/src/test/java/com/example/DisabledHooksFuzzer.java b/tests/src/test/java/com/example/DisabledHooksFuzzer.java index 430bfa40..f9dbdcba 100644 --- a/tests/src/test/java/com/example/DisabledHooksFuzzer.java +++ b/tests/src/test/java/com/example/DisabledHooksFuzzer.java @@ -23,6 +23,7 @@ import java.lang.invoke.MethodHandle; import java.util.regex.Pattern; import java.util.regex.PatternSyntaxException; +@SuppressWarnings("InvalidPatternSyntax") public class DisabledHooksFuzzer { public static void fuzzerTestOneInput(byte[] data) { triggerCustomHook(); diff --git a/tests/src/test/java/com/example/ExperimentalMutatorComplexProtoFuzzer.java b/tests/src/test/java/com/example/ExperimentalMutatorComplexProtoFuzzer.java new file mode 100644 index 00000000..4c3ed31b --- /dev/null +++ b/tests/src/test/java/com/example/ExperimentalMutatorComplexProtoFuzzer.java @@ -0,0 +1,30 @@ +/* + * Copyright 2023 Code Intelligence GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example; + +import com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium; +import com.code_intelligence.jazzer.mutation.annotation.InRange; +import com.code_intelligence.jazzer.mutation.annotation.NotNull; +import com.code_intelligence.jazzer.protobuf.Proto2.TestProtobuf; + +public class ExperimentalMutatorComplexProtoFuzzer { + public static void fuzzerTestOneInput(@NotNull TestProtobuf proto) { + if (proto.getI32() == 1234 && proto.getStr().equals("abcd")) { + throw new FuzzerSecurityIssueMedium("Secret proto is found!"); + } + } +} diff --git a/tests/src/test/java/com/example/ExperimentalMutatorDynamicProtoFuzzer.java b/tests/src/test/java/com/example/ExperimentalMutatorDynamicProtoFuzzer.java new file mode 100644 index 00000000..bbca1ddc --- /dev/null +++ b/tests/src/test/java/com/example/ExperimentalMutatorDynamicProtoFuzzer.java @@ -0,0 +1,64 @@ +/* + * Copyright 2023 Code Intelligence GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example; + +import com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium; +import com.code_intelligence.jazzer.mutation.annotation.NotNull; +import com.code_intelligence.jazzer.mutation.annotation.proto.WithDefaultInstance; +import com.google.protobuf.DescriptorProtos.DescriptorProto; +import com.google.protobuf.DescriptorProtos.FieldDescriptorProto; +import com.google.protobuf.DescriptorProtos.FieldDescriptorProto.Type; +import com.google.protobuf.DescriptorProtos.FileDescriptorProto; +import com.google.protobuf.Descriptors.Descriptor; +import com.google.protobuf.Descriptors.DescriptorValidationException; +import com.google.protobuf.Descriptors.FieldDescriptor; +import com.google.protobuf.Descriptors.FileDescriptor; +import com.google.protobuf.DynamicMessage; +import com.google.protobuf.Message; + +public class ExperimentalMutatorDynamicProtoFuzzer { + public static void fuzzerTestOneInput(@NotNull @WithDefaultInstance( + "com.example.ExperimentalMutatorDynamicProtoFuzzer#getDefaultInstance") Message proto) { + FieldDescriptor I32 = proto.getDescriptorForType().findFieldByName("i32"); + FieldDescriptor STR = proto.getDescriptorForType().findFieldByName("str"); + if (proto.getField(I32).equals(1234) && proto.getField(STR).equals("abcd")) { + throw new FuzzerSecurityIssueMedium("Secret proto is found!"); + } + } + + @SuppressWarnings("unused") + private static DynamicMessage getDefaultInstance() { + DescriptorProto myMessage = + DescriptorProto.newBuilder() + .setName("my_message") + .addField(FieldDescriptorProto.newBuilder().setNumber(1).setName("i32").setType( + Type.TYPE_INT32)) + .addField(FieldDescriptorProto.newBuilder().setNumber(2).setName("str").setType( + Type.TYPE_STRING)) + .build(); + FileDescriptorProto file = FileDescriptorProto.newBuilder() + .setName("my_protos.proto") + .addMessageType(myMessage) + .build(); + try { + return DynamicMessage.getDefaultInstance(FileDescriptor.buildFrom(file, new FileDescriptor[0]) + .findMessageTypeByName("my_message")); + } catch (DescriptorValidationException e) { + throw new IllegalStateException(e); + } + } +} diff --git a/tests/src/test/java/com/example/ExperimentalMutatorFuzzer.java b/tests/src/test/java/com/example/ExperimentalMutatorFuzzer.java new file mode 100644 index 00000000..9645e817 --- /dev/null +++ b/tests/src/test/java/com/example/ExperimentalMutatorFuzzer.java @@ -0,0 +1,36 @@ +/* + * Copyright 2023 Code Intelligence GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example; + +import com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium; +import com.code_intelligence.jazzer.mutation.annotation.InRange; +import com.code_intelligence.jazzer.mutation.annotation.NotNull; + +public class ExperimentalMutatorFuzzer { + public static void fuzzerTestOneInput( + @InRange(max = -42) short num, @NotNull SimpleProto.MyProto proto) { + if (num > -42) { + throw new IllegalArgumentException(); + } + + if (proto.getNumber() == 12345678) { + if (proto.getMessage().getText().contains("Hello, proto!")) { + throw new FuzzerSecurityIssueMedium("Dangerous proto"); + } + } + } +} diff --git a/tests/src/test/java/com/example/HookDependenciesFuzzer.java b/tests/src/test/java/com/example/HookDependenciesFuzzer.java index 88627f4c..7150ed6c 100644 --- a/tests/src/test/java/com/example/HookDependenciesFuzzer.java +++ b/tests/src/test/java/com/example/HookDependenciesFuzzer.java @@ -26,29 +26,6 @@ import java.util.regex.Pattern; // 2. hooks that are not shipped in the Jazzer agent JAR can still instrument Java standard library // classes. public class HookDependenciesFuzzer { - private static final Field PATTERN_ROOT; - - static { - Field root; - try { - root = Pattern.class.getDeclaredField("root"); - } catch (NoSuchFieldException e) { - root = null; - } - PATTERN_ROOT = root; - } - - @MethodHook(type = HookType.AFTER, targetClassName = "java.util.regex.Matcher", - targetMethod = "matches", targetMethodDescriptor = "()Z", - additionalClassesToHook = {"java.util.regex.Pattern"}) - public static void - matcherMatchesHook(MethodHandle method, Object alwaysNull, Object[] alwaysEmpty, int hookId, - Boolean returnValue) { - if (PATTERN_ROOT != null) { - throw new FuzzerSecurityIssueLow("Hook applied even though it depends on the class to hook"); - } - } - public static void fuzzerTestOneInput(byte[] data) { try { Pattern.matches("foobar", "foobar"); diff --git a/tests/src/test/java/com/example/HookDependenciesFuzzerHooks.java b/tests/src/test/java/com/example/HookDependenciesFuzzerHooks.java new file mode 100644 index 00000000..d4f50dbf --- /dev/null +++ b/tests/src/test/java/com/example/HookDependenciesFuzzerHooks.java @@ -0,0 +1,47 @@ +// Copyright 2022 Code Intelligence GmbH +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package com.example; + +import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow; +import com.code_intelligence.jazzer.api.HookType; +import com.code_intelligence.jazzer.api.MethodHook; +import java.lang.invoke.MethodHandle; +import java.lang.reflect.Field; +import java.util.regex.Pattern; + +public class HookDependenciesFuzzerHooks { + private static final Field PATTERN_ROOT; + + static { + Field root; + try { + root = Pattern.class.getDeclaredField("root"); + } catch (NoSuchFieldException e) { + root = null; + } + PATTERN_ROOT = root; + } + + @MethodHook(type = HookType.AFTER, targetClassName = "java.util.regex.Matcher", + targetMethod = "matches", targetMethodDescriptor = "()Z", + additionalClassesToHook = {"java.util.regex.Pattern"}) + public static void + matcherMatchesHook(MethodHandle method, Object alwaysNull, Object[] alwaysEmpty, int hookId, + Boolean returnValue) { + if (PATTERN_ROOT != null) { + throw new FuzzerSecurityIssueLow("Hook applied even though it depends on the class to hook"); + } + } +} diff --git a/tests/src/test/java/com/example/JUnitAgentConfigurationFuzzTest.java b/tests/src/test/java/com/example/JUnitAgentConfigurationFuzzTest.java new file mode 100644 index 00000000..4f8c2a19 --- /dev/null +++ b/tests/src/test/java/com/example/JUnitAgentConfigurationFuzzTest.java @@ -0,0 +1,43 @@ +/* + * Copyright 2023 Code Intelligence GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example; + +import static java.util.Collections.singletonList; +import static org.junit.jupiter.api.Assertions.assertEquals; + +import com.code_intelligence.jazzer.junit.FuzzTest; +import java.util.function.Supplier; + +class JUnitAgentConfigurationFuzzTest { + @FuzzTest + void testConfiguration(byte[] bytes) { + assertEquals(singletonList("com.example.**"), getLazyOptValue("instrumentationIncludes")); + assertEquals(singletonList("com.example.**"), getLazyOptValue("customHookIncludes")); + } + + private static Object getLazyOptValue(String name) { + try { + Supplier<Object> supplier = + (Supplier<Object>) Class.forName("com.code_intelligence.jazzer.driver.Opt") + .getField(name) + .get(null); + return supplier.get(); + } catch (NoSuchFieldException | ClassNotFoundException | IllegalAccessException e) { + throw new IllegalStateException(e); + } + } +} diff --git a/tests/src/test/java/com/example/JUnitAssertFuzzer.java b/tests/src/test/java/com/example/JUnitAssertFuzzer.java new file mode 100644 index 00000000..d2644281 --- /dev/null +++ b/tests/src/test/java/com/example/JUnitAssertFuzzer.java @@ -0,0 +1,27 @@ +/* + * Copyright 2022 Code Intelligence GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example; + +import static org.junit.jupiter.api.Assertions.assertNotEquals; + +import com.code_intelligence.jazzer.api.FuzzedDataProvider; + +public class JUnitAssertFuzzer { + public static void fuzzerTestOneInput(FuzzedDataProvider data) { + assertNotEquals("JUnit rocks!", data.consumeRemainingAsString()); + } +} diff --git a/tests/src/test/java/com/example/KotlinVararg.kt b/tests/src/test/java/com/example/KotlinVararg.kt new file mode 100644 index 00000000..81974eba --- /dev/null +++ b/tests/src/test/java/com/example/KotlinVararg.kt @@ -0,0 +1,23 @@ +/* + * Copyright 2022 Code Intelligence GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example + +class KotlinVararg(vararg opts: String) { + private val allOpts = opts.toList().joinToString(", ") + + fun doStuff() = allOpts +} diff --git a/tests/src/test/java/com/example/KotlinVarargFuzzer.java b/tests/src/test/java/com/example/KotlinVarargFuzzer.java new file mode 100644 index 00000000..3324e2e8 --- /dev/null +++ b/tests/src/test/java/com/example/KotlinVarargFuzzer.java @@ -0,0 +1,29 @@ +/* + * Copyright 2022 Code Intelligence GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example; + +import com.code_intelligence.jazzer.api.FuzzedDataProvider; +import java.io.IOException; + +public class KotlinVarargFuzzer { + public static void fuzzerTestOneInput(FuzzedDataProvider data) throws IOException { + String out = new KotlinVararg(data.consumeRemainingAsString().split("; ")).doStuff(); + if (out.contains("a, a")) { + throw new IOException(out); + } + } +} diff --git a/tests/src/test/java/com/example/OfflineInstrumentedFuzzer.java b/tests/src/test/java/com/example/OfflineInstrumentedFuzzer.java new file mode 100644 index 00000000..eb7da480 --- /dev/null +++ b/tests/src/test/java/com/example/OfflineInstrumentedFuzzer.java @@ -0,0 +1,23 @@ +/* + * Copyright 2023 Code Intelligence GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example; + +public class OfflineInstrumentedFuzzer { + public static void fuzzerTestOneInput(byte[] data) { + OfflineInstrumentedTarget.someFunction(data); + } +} diff --git a/tests/src/test/java/com/example/OfflineInstrumentedTarget.java b/tests/src/test/java/com/example/OfflineInstrumentedTarget.java new file mode 100644 index 00000000..52347270 --- /dev/null +++ b/tests/src/test/java/com/example/OfflineInstrumentedTarget.java @@ -0,0 +1,25 @@ +/* + * Copyright 2023 Code Intelligence GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example; + +public class OfflineInstrumentedTarget { + public static void someFunction(byte[] data) { + if (new String(data).equals("found it")) { + throw new IllegalStateException("Expected exception"); + } + } +} diff --git a/tests/src/test/java/com/example/SilencedFuzzer.java b/tests/src/test/java/com/example/SilencedFuzzer.java new file mode 100644 index 00000000..d1d8777a --- /dev/null +++ b/tests/src/test/java/com/example/SilencedFuzzer.java @@ -0,0 +1,40 @@ +/* + * Copyright 2023 Code Intelligence GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example; + +import com.code_intelligence.jazzer.api.FuzzerSecurityIssueHigh; +import java.io.OutputStream; +import java.io.PrintStream; + +public class SilencedFuzzer { + private static final PrintStream noopStream = new PrintStream(new OutputStream() { + @Override + public void write(int b) {} + }); + + public static void fuzzerInitialize() { + System.setErr(noopStream); + System.setOut(noopStream); + } + + public static void fuzzerTestOneInput(byte[] input) { + // If the FuzzTargetTestWrapper successfully parses the stack trace emitted by this finding, we + // know that the fuzzer still emitted output despite the fact that System.err and System.out + // have been redirected above. + throw new FuzzerSecurityIssueHigh(); + } +} diff --git a/tests/src/test/java/com/example/TimeoutFuzzer.java b/tests/src/test/java/com/example/TimeoutFuzzer.java new file mode 100644 index 00000000..952113bf --- /dev/null +++ b/tests/src/test/java/com/example/TimeoutFuzzer.java @@ -0,0 +1,24 @@ +/* + * Copyright 2022 Code Intelligence GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.example; + +public class TimeoutFuzzer { + public static void fuzzerTestOneInput(byte[] b) { + while (true) { + } + } +} |