aboutsummaryrefslogtreecommitdiff
path: root/projects/json-sanitizer/ValidJsonFuzzer.java
diff options
context:
space:
mode:
Diffstat (limited to 'projects/json-sanitizer/ValidJsonFuzzer.java')
-rw-r--r--projects/json-sanitizer/ValidJsonFuzzer.java9
1 files changed, 6 insertions, 3 deletions
diff --git a/projects/json-sanitizer/ValidJsonFuzzer.java b/projects/json-sanitizer/ValidJsonFuzzer.java
index 7430b9c92..c8fbe0386 100644
--- a/projects/json-sanitizer/ValidJsonFuzzer.java
+++ b/projects/json-sanitizer/ValidJsonFuzzer.java
@@ -15,6 +15,7 @@
////////////////////////////////////////////////////////////////////////////////
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow;
import com.google.gson.Gson;
import com.google.gson.JsonElement;
@@ -33,12 +34,14 @@ public class ValidJsonFuzzer {
// exceeded.
return;
}
+
+ // Check that the output is valid JSON. Invalid JSON may crash other parts
+ // of the application that trust the output of the sanitizer.
try {
+ Gson gson = new Gson();
gson.fromJson(output, JsonElement.class);
} catch (Exception e) {
- System.err.println("input : " + input);
- System.err.println("output : " + output);
- throw e;
+ throw new FuzzerSecurityIssueLow("Output is invalid JSON", e);
}
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 00:27:36 +0000