1 /* 2 * Copyright 2023 Code Intelligence GmbH 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.example; 18 19 import com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium; 20 import com.code_intelligence.jazzer.mutation.annotation.NotNull; 21 import com.code_intelligence.jazzer.mutation.annotation.proto.WithDefaultInstance; 22 import com.google.protobuf.DescriptorProtos.DescriptorProto; 23 import com.google.protobuf.DescriptorProtos.FieldDescriptorProto; 24 import com.google.protobuf.DescriptorProtos.FieldDescriptorProto.Type; 25 import com.google.protobuf.DescriptorProtos.FileDescriptorProto; 26 import com.google.protobuf.Descriptors.Descriptor; 27 import com.google.protobuf.Descriptors.DescriptorValidationException; 28 import com.google.protobuf.Descriptors.FieldDescriptor; 29 import com.google.protobuf.Descriptors.FileDescriptor; 30 import com.google.protobuf.DynamicMessage; 31 import com.google.protobuf.Message; 32 33 public class ExperimentalMutatorDynamicProtoFuzzer { fuzzerTestOneInput(@otNull @ithDefaultInstance "com.example.ExperimentalMutatorDynamicProtoFuzzer#getDefaultInstance") Message proto)34 public static void fuzzerTestOneInput(@NotNull @WithDefaultInstance( 35 "com.example.ExperimentalMutatorDynamicProtoFuzzer#getDefaultInstance") Message proto) { 36 FieldDescriptor I32 = proto.getDescriptorForType().findFieldByName("i32"); 37 FieldDescriptor STR = proto.getDescriptorForType().findFieldByName("str"); 38 if (proto.getField(I32).equals(1234) && proto.getField(STR).equals("abcd")) { 39 throw new FuzzerSecurityIssueMedium("Secret proto is found!"); 40 } 41 } 42 43 @SuppressWarnings("unused") getDefaultInstance()44 private static DynamicMessage getDefaultInstance() { 45 DescriptorProto myMessage = 46 DescriptorProto.newBuilder() 47 .setName("my_message") 48 .addField(FieldDescriptorProto.newBuilder().setNumber(1).setName("i32").setType( 49 Type.TYPE_INT32)) 50 .addField(FieldDescriptorProto.newBuilder().setNumber(2).setName("str").setType( 51 Type.TYPE_STRING)) 52 .build(); 53 FileDescriptorProto file = FileDescriptorProto.newBuilder() 54 .setName("my_protos.proto") 55 .addMessageType(myMessage) 56 .build(); 57 try { 58 return DynamicMessage.getDefaultInstance(FileDescriptor.buildFrom(file, new FileDescriptor[0]) 59 .findMessageTypeByName("my_message")); 60 } catch (DescriptorValidationException e) { 61 throw new IllegalStateException(e); 62 } 63 } 64 } 65