1 /* 2 * Copyright 2022 Code Intelligence GmbH 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.example; 18 19 import com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium; 20 import com.code_intelligence.jazzer.junit.FuzzTest; 21 import java.util.Base64; 22 23 class ValueProfileFuzzTest { 24 // Only passed with the configuration parameter jazzer.valueprofile=true. 25 @FuzzTest(maxDuration = "20s") valueProfileFuzz(byte[] data)26 void valueProfileFuzz(byte[] data) { 27 // Trigger some coverage even with value profiling disabled. 28 if (data.length < 1 || data[0] > 100) { 29 return; 30 } 31 if (base64(data).equals("SmF6emVy")) { 32 throw new FuzzerSecurityIssueMedium(); 33 } 34 } 35 base64(byte[] input)36 private static String base64(byte[] input) { 37 return Base64.getEncoder().encodeToString(input); 38 } 39 } 40