[json-sanitizer] Add severity markup (#5350)

Annotates the findings of the various json-sanitizer fuzzers with
severities as follows:

* XSS: High
* Comment injection: Medium
* Invalid JSON: Low
* Failure to be idempotent: Not a security issue
* Undeclared exceptions: Not a security issue

This commit takes advantage of the support for severity markers in stack
traces introduced in https://github.com/google/clusterfuzz/pull/2270.

1 files changed, 6 insertions, 3 deletions

diff --git a/projects/json-sanitizer/ValidJsonFuzzer.java b/projects/json-sanitizer/ValidJsonFuzzer.java
index 7430b9c92..c8fbe0386 100644
--- a/projects/json-sanitizer/ValidJsonFuzzer.java
+++ b/projects/json-sanitizer/ValidJsonFuzzer.java
@@ -15,6 +15,7 @@
 ////////////////////////////////////////////////////////////////////////////////
 
 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow;
 
 import com.google.gson.Gson;
 import com.google.gson.JsonElement;
@@ -33,12 +34,14 @@ public class ValidJsonFuzzer {
       // exceeded.
       return;
     }
+
+    // Check that the output is valid JSON. Invalid JSON may crash other parts
+    // of the application that trust the output of the sanitizer.
     try {
+      Gson gson = new Gson();
       gson.fromJson(output, JsonElement.class);
     } catch (Exception e) {
-      System.err.println("input  : " + input);
-      System.err.println("output : " + output);
-      throw e;
+      throw new FuzzerSecurityIssueLow("Output is invalid JSON", e);
     }
   }
 }