• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2022 Code Intelligence GmbH
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 package com.example;
16 
17 import static org.junit.jupiter.api.Assertions.fail;
18 
19 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
20 import com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium;
21 import com.code_intelligence.jazzer.junit.FuzzTest;
22 import java.io.IOException;
23 import java.util.regex.Pattern;
24 
25 @SuppressWarnings("InvalidPatternSyntax")
26 class ValidFuzzTests {
27   @FuzzTest
dataFuzz(FuzzedDataProvider data)28   void dataFuzz(FuzzedDataProvider data) {
29     switch (data.consumeRemainingAsString()) {
30       case "no_crash":
31         return;
32       case "assert":
33         fail("JUnit assert failed");
34       case "honeypot":
35         try {
36           Class.forName("jaz.Zer").newInstance();
37         } catch (ClassNotFoundException | InstantiationException | IllegalAccessException ignored) {
38           // Ignored, but the honeypot class should still throw an exception.
39         }
40       case "sanitizer_internal_class":
41         try {
42           new ProcessBuilder("jazze").start();
43         } catch (IOException ignored) {
44           // Ignored, but the sanitizer should still throw an exception.
45         }
46       case "sanitizer_user_class":
47         try {
48           Pattern.compile("[");
49         } catch (Throwable ignored) {
50           // Ignored, but the JUnit test should report an error even though all throwables are
51           // caught - just like Jazzer would.
52         }
53       case "":
54       default:
55         throw new FuzzerSecurityIssueMedium();
56     }
57   }
58 
59   @FuzzTest
byteFuzz(byte[] data)60   void byteFuzz(byte[] data) {
61     if (data.length < 1) {
62       return;
63     }
64     if (data[0] % 2 == 0) {
65       fail();
66     }
67   }
68 
69   @FuzzTest(maxDuration = "10s")
noCrashFuzz(byte[] data)70   void noCrashFuzz(byte[] data) {
71     if (data.length < 10) {
72       return;
73     }
74     Parser.parse(data);
75   }
76 }
77