// Copyright 2022 Code Intelligence GmbH // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package com.code_intelligence.jazzer.junit; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; import org.junit.jupiter.api.Tag; import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.parallel.ResourceAccessMode; import org.junit.jupiter.api.parallel.ResourceLock; import org.junit.jupiter.api.parallel.Resources; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.ArgumentsSource; /** * A parameterized test with parameters generated automatically by the Java fuzzer Jazzer. * *
Methods annotated with {@link FuzzTest} can take either of the following types of parameters: * *
When the environment variable {@code JAZZER_FUZZ} is set to any non-empty value, fuzz tests * run in "fuzzing" mode. In this mode, the method annotated with {@link FuzzTest} are invoked * repeatedly with inputs that Jazzer generates and mutates based on feedback obtained from * instrumentation it applies to the test and every class loaded by it. * *
When an assertion in the test fails, an exception is thrown but not caught, or Jazzer's * instrumentation detects a security issue (e.g. SQL injection or insecure deserialization), the * fuzz test is reported as failed and the input is collected in the inputs directory for the test * class (see "Regression testing" for details). * *
When no issue has been found after the configured {@link FuzzTest#maxDuration()}, the test * passes. * *
Only a single fuzz test per test run will be executed in fuzzing mode. All other fuzz tests * will be skipped. * *
By default, a fuzz test is executed as a regular JUnit {@link ParameterizedTest} running on a * fixed set of inputs. It can be run together with regular unit tests and used to verify that past * findings remain fixed. In IDEs with JUnit 5 integration, it can also be used to conveniently * debug individual findings. * *
Fuzz tests are always executed on the empty input as well as all input files contained in the
* resource directory called {@code This option has no effect during regression testing.
*/
String maxDuration() default "5m";
}
// Internal use only.
// These wrappers are needed only because the container annotation for @ArgumentsSource,
// @ArgumentsSources, can't be applied to annotations.
@Target({ElementType.ANNOTATION_TYPE})
@Retention(RetentionPolicy.RUNTIME)
@ArgumentsSource(AgentConfiguringArgumentsProvider.class)
@interface AgentConfiguringArgumentsProviderArgumentsSource {}
@Target({ElementType.ANNOTATION_TYPE})
@Retention(RetentionPolicy.RUNTIME)
@ArgumentsSource(FuzzingArgumentsProvider.class)
@interface FuzzingArgumentsProviderArgumentsSource {}