1 /* 2 * Copyright 2022 Code Intelligence GmbH 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.example; 18 19 import com.code_intelligence.jazzer.api.HookType; 20 import com.code_intelligence.jazzer.api.Jazzer; 21 import com.code_intelligence.jazzer.api.MethodHook; 22 import java.lang.invoke.MethodHandle; 23 import java.util.regex.Pattern; 24 import java.util.regex.PatternSyntaxException; 25 26 public class DisabledHooksFuzzer { fuzzerTestOneInput(byte[] data)27 public static void fuzzerTestOneInput(byte[] data) { 28 triggerCustomHook(); 29 triggerBuiltinHook(); 30 } 31 triggerCustomHook()32 private static void triggerCustomHook() {} 33 triggerBuiltinHook()34 private static void triggerBuiltinHook() { 35 // Trigger the built-in regex injection detector if it is enabled, but catch the exception 36 // thrown if it isn't. 37 try { 38 Pattern.compile("["); 39 } catch (PatternSyntaxException ignored) { 40 } 41 } 42 } 43 44 class DisabledHook { 45 @MethodHook(type = HookType.BEFORE, targetClassName = "com.example.DisabledHooksFuzzer", 46 targetMethod = "triggerCustomHook", targetMethodDescriptor = "()V") 47 public static void triggerCustomHookHook(MethodHandle method, Object thisObject, Object[] arguments, int hookId)48 triggerCustomHookHook(MethodHandle method, Object thisObject, Object[] arguments, int hookId) { 49 Jazzer.reportFindingFromHook( 50 new IllegalStateException("hook on triggerCustomHook should have been disabled")); 51 } 52 } 53