diff options
Diffstat (limited to 'projects/json-sanitizer/IdempotenceFuzzer.java')
-rw-r--r-- | projects/json-sanitizer/IdempotenceFuzzer.java | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/projects/json-sanitizer/IdempotenceFuzzer.java b/projects/json-sanitizer/IdempotenceFuzzer.java new file mode 100644 index 000000000..a42c91af9 --- /dev/null +++ b/projects/json-sanitizer/IdempotenceFuzzer.java @@ -0,0 +1,38 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +import com.code_intelligence.jazzer.api.FuzzedDataProvider; + +import com.google.json.JsonSanitizer; + +public class IdempotenceFuzzer { + public static void fuzzerTestOneInput(FuzzedDataProvider data) { + String input = data.consumeRemainingAsString(); + String output; + try { + output = JsonSanitizer.sanitize(input, 10); + } catch (ArrayIndexOutOfBoundsException e) { + // ArrayIndexOutOfBoundsException is expected if nesting depth is + // exceeded. + return; + } + + // Ensure that sanitizing twice does not give different output + // (idempotence). Since failure to be idempotent is not a security issue in + // itself, fail with a regular AssertionError. + assert JsonSanitizer.sanitize(output).equals(output) : "Not idempotent"; + } +} |