1 // Copyright 2023 Code Intelligence GmbH 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package com.example; 16 17 import com.code_intelligence.jazzer.api.BugDetectors; 18 import com.code_intelligence.jazzer.api.FuzzedDataProvider; 19 import com.code_intelligence.jazzer.api.Jazzer; 20 import java.io.IOException; 21 import java.net.InetSocketAddress; 22 import java.net.Socket; 23 24 public class SsrfSocketConnectToHost { 25 // We don't actually care about establishing a connection and thus choose the lowest possible 26 // timeout. 27 private static final int CONNECTION_TIMEOUT_MS = 1; 28 fuzzerTestOneInput(FuzzedDataProvider data)29 public static void fuzzerTestOneInput(FuzzedDataProvider data) throws Exception { 30 String host = data.consumeAsciiString(15); 31 int port = data.consumeInt(1, 65535); 32 33 try (AutoCloseable ignored = BugDetectors.allowNetworkConnections()) { 34 // Verify that policies nest properly. 35 try (AutoCloseable ignored1 = BugDetectors.allowNetworkConnections( 36 (String h, Integer p) -> h.equals("localhost"))) { 37 try (AutoCloseable ignored2 = BugDetectors.allowNetworkConnections()) { 38 } 39 try (Socket s = new Socket()) { 40 s.connect(new InetSocketAddress(host, port), CONNECTION_TIMEOUT_MS); 41 } catch (IOException ignored3) { 42 } 43 } 44 } 45 } 46 } 47