• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2023 Code Intelligence GmbH
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.example;
18 
19 import static java.nio.charset.StandardCharsets.UTF_8;
20 import static org.junit.jupiter.api.Assertions.assertEquals;
21 import static org.junit.jupiter.api.Assertions.assertTrue;
22 import static org.junit.jupiter.api.Assumptions.assumeTrue;
23 
24 import com.code_intelligence.jazzer.junit.FuzzTest;
25 import java.security.MessageDigest;
26 import java.security.NoSuchAlgorithmException;
27 import java.util.Base64;
28 import org.junit.jupiter.params.converter.ArgumentConversionException;
29 import org.junit.jupiter.params.converter.ConvertWith;
30 import org.junit.jupiter.params.converter.SimpleArgumentConverter;
31 import org.junit.jupiter.params.provider.ValueSource;
32 
33 class JavaBinarySeedFuzzTest {
34   // Generated via:
35   // printf 'tH15_1S-4_53Cr3T.fl4G' | openssl dgst -binary -sha256 | openssl base64 -A
36   // Luckily the fuzzer can't read comments ;-)
37   private static final byte[] FLAG_SHA256 =
38       Base64.getDecoder().decode("q0vPdz5oeJIW3k2U4VJ+aWDufzzZbKAcevc9cNoUTSM=");
39 
40   static class Utf8BytesConverter extends SimpleArgumentConverter {
41     @Override
convert(Object source, Class<?> targetType)42     protected Object convert(Object source, Class<?> targetType)
43         throws ArgumentConversionException {
44       assertEquals(byte[].class, targetType);
45       assertTrue(source instanceof byte[] || source instanceof String);
46       if (source instanceof byte[]) {
47         return source;
48       }
49       return ((String) source).getBytes(UTF_8);
50     }
51   }
52 
53   @ValueSource(strings = {"red herring", "tH15_1S-4_53Cr3T.fl4Ga"})
54   @FuzzTest
fuzzTheFlag(@onvertWithUtf8BytesConverter.class) byte[] bytes)55   void fuzzTheFlag(@ConvertWith(Utf8BytesConverter.class) byte[] bytes)
56       throws NoSuchAlgorithmException {
57     assumeTrue(bytes.length > 0);
58     MessageDigest digest = MessageDigest.getInstance("SHA-256");
59     digest.update(bytes, 0, bytes.length - 1);
60     byte[] hash = digest.digest();
61     byte secret = bytes[bytes.length - 1];
62     if (MessageDigest.isEqual(hash, FLAG_SHA256) && secret == 's') {
63       throw new Error("Fl4g 4nd s3cr3et f0und!");
64     }
65   }
66 }
67