diff options
Diffstat (limited to 'examples/BUILD.bazel')
-rw-r--r-- | examples/BUILD.bazel | 187 |
1 files changed, 155 insertions, 32 deletions
diff --git a/examples/BUILD.bazel b/examples/BUILD.bazel index 599b8261..1a7da538 100644 --- a/examples/BUILD.bazel +++ b/examples/BUILD.bazel @@ -2,14 +2,13 @@ load("@io_bazel_rules_kotlin//kotlin:jvm.bzl", "kt_jvm_library") load("@fmeum_rules_jni//jni:defs.bzl", "java_jni_library") load("//bazel:compat.bzl", "SKIP_ON_MACOS", "SKIP_ON_WINDOWS") load("//bazel:fuzz_target.bzl", "java_fuzz_target_test") +load("//bazel:kotlin.bzl", "ktlint") java_fuzz_target_test( name = "Autofuzz", - expected_findings = ["java.lang.ArrayIndexOutOfBoundsException"], + allowed_findings = ["java.lang.ArrayIndexOutOfBoundsException"], fuzzer_args = [ "--autofuzz=com.google.json.JsonSanitizer::sanitize", - # Exit after the first finding for testing purposes. - "--keep_going=1", ], runtime_deps = [ "@maven//:com_mikesamuel_json_sanitizer", @@ -18,13 +17,22 @@ java_fuzz_target_test( java_fuzz_target_test( name = "ExampleFuzzer", - srcs = [ - "src/main/java/com/example/ExampleFuzzer.java", - "src/main/java/com/example/ExampleFuzzerHooks.java", - ], - # Comment out the next line to keep the fuzzer running indefinitely. - hook_classes = ["com.example.ExampleFuzzerHooks"], + srcs = ["src/main/java/com/example/ExampleFuzzer.java"], + allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium"], + hook_jar = "ExampleFuzzerHooks_deploy.jar", target_class = "com.example.ExampleFuzzer", + # Does not crash due to not using the hook. + verify_crash_reproducer = False, +) + +java_binary( + name = "ExampleFuzzerHooks", + srcs = ["src/main/java/com/example/ExampleFuzzerHooks.java"], + create_executable = False, + # Comment out the next line to keep the ExampleFuzzer running indefinitely - without the hook, it will never be able + # to pass the comparison with the random number. + deploy_manifest_lines = ["Jazzer-Hook-Classes: com.example.ExampleFuzzerHooks"], + deps = ["//src/main/java/com/code_intelligence/jazzer/api:hooks"], ) java_jni_library( @@ -38,14 +46,21 @@ java_jni_library( ], visibility = ["//examples/src/main/native/com/example:__pkg__"], deps = [ - "//agent:jazzer_api_compile_only", + "//deploy:jazzer-api", ], ) java_fuzz_target_test( name = "ExampleFuzzerWithASan", - fuzzer_args = ["--jvm_args=-Djazzer.native_lib=native_asan"], - sanitizer = "address", + allowed_findings = ["native"], + env = {"EXAMPLE_NATIVE_LIB": "native_asan"}, + env_inherit = ["CC"], + fuzzer_args = [ + "--asan", + ], + # The shell launcher generated by Jazzer is killed in CI, even with codesigning disabled on the + # Java binary. This is not reproducible locally or with JDK 17. + tags = ["no-macos-x86_64-jdk8"], target_class = "com.example.ExampleFuzzerWithNative", target_compatible_with = SKIP_ON_WINDOWS, verify_crash_reproducer = False, @@ -56,8 +71,15 @@ java_fuzz_target_test( java_fuzz_target_test( name = "ExampleFuzzerWithUBSan", - fuzzer_args = ["--jvm_args=-Djazzer.native_lib=native_ubsan"], - sanitizer = "undefined", + allowed_findings = ["native"], + env = {"EXAMPLE_NATIVE_LIB": "native_ubsan"}, + env_inherit = ["CC"], + fuzzer_args = [ + "--ubsan", + ], + # The shell launcher generated by Jazzer is killed in CI, even with codesigning disabled on the + # Java binary. This is not reproducible locally or with JDK 17. + tags = ["no-macos-x86_64-jdk8"], target_class = "com.example.ExampleFuzzerWithNative", # Crashes at runtime without an error message. target_compatible_with = SKIP_ON_WINDOWS, @@ -67,14 +89,23 @@ java_fuzz_target_test( ], ) +java_binary( + name = "ExamplePathTraversalFuzzerHooks", + srcs = ["src/main/java/com/example/ExamplePathTraversalFuzzerHooks.java"], + create_executable = False, + deploy_manifest_lines = ["Jazzer-Hook-Classes: com.example.ExamplePathTraversalFuzzerHooks"], + deps = ["//src/main/java/com/code_intelligence/jazzer/api:hooks"], +) + java_fuzz_target_test( name = "ExamplePathTraversalFuzzer", srcs = [ "src/main/java/com/example/ExamplePathTraversalFuzzer.java", - "src/main/java/com/example/ExamplePathTraversalFuzzerHooks.java", ], - hook_classes = ["com.example.ExamplePathTraversalFuzzerHooks"], + allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueHigh"], + hook_jar = "ExamplePathTraversalFuzzerHooks_deploy.jar", target_class = "com.example.ExamplePathTraversalFuzzer", + verify_crash_reproducer = False, ) java_fuzz_target_test( @@ -82,7 +113,7 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/ExampleValueProfileFuzzer.java", ], - expected_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], + allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], # Comment out the next line to keep the fuzzer running indefinitely. fuzzer_args = ["-use_value_profile=1"], target_class = "com.example.ExampleValueProfileFuzzer", @@ -93,17 +124,21 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/MazeFuzzer.java", ], - expected_findings = ["com.example.MazeFuzzer$$TreasureFoundException"], + allowed_findings = ["com.example.MazeFuzzer$$TreasureFoundException"], fuzzer_args = ["-use_value_profile=1"], target_class = "com.example.MazeFuzzer", ) java_fuzz_target_test( name = "ExampleOutOfMemoryFuzzer", + timeout = "short", srcs = [ "src/main/java/com/example/ExampleOutOfMemoryFuzzer.java", ], - expected_findings = ["java.lang.OutOfMemoryError"], + allowed_findings = [ + "com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow", + "java.lang.OutOfMemoryError", + ], fuzzer_args = ["--jvm_args=-Xmx512m"], target_class = "com.example.ExampleOutOfMemoryFuzzer", ) @@ -113,7 +148,10 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/ExampleStackOverflowFuzzer.java", ], - expected_findings = ["java.lang.StackOverflowError"], + allowed_findings = [ + "com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow", + "java.lang.StackOverflowError", + ], target_class = "com.example.ExampleStackOverflowFuzzer", # Crashes with a segfault before any stack trace printing is reached. target_compatible_with = SKIP_ON_MACOS, @@ -141,16 +179,37 @@ java_fuzz_target_test( ], ) +# WARNING: This fuzz target uses a vulnerable version of Apache Commons Text, which could result in the execution +# of arbitrary code during fuzzing if executed with an older JDK. Use at your own risk. +java_fuzz_target_test( + name = "CommonsTextFuzzer", + size = "enormous", + srcs = [ + "src/main/java/com/example/CommonsTextFuzzer.java", + ], + fuzzer_args = [ + "-fork=8", + "-use_value_profile=1", + ], + tags = ["manual"], + target_class = "com.example.CommonsTextFuzzer", + verify_crash_reproducer = False, + deps = [ + "@maven//:org_apache_commons_commons_text", + ], +) + java_fuzz_target_test( name = "JpegImageParserFuzzer", size = "enormous", srcs = [ "src/main/java/com/example/JpegImageParserFuzzer.java", ], - expected_findings = ["java.lang.NegativeArraySizeException"], + allowed_findings = ["java.lang.NegativeArraySizeException"], fuzzer_args = [ "-fork=2", ], + tags = ["exclusive-if-local"], target_class = "com.example.JpegImageParserFuzzer", # The exit codes of the forked libFuzzer processes are not picked up correctly. target_compatible_with = SKIP_ON_MACOS, @@ -164,7 +223,7 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/GifImageParserFuzzer.java", ], - expected_findings = [ + allowed_findings = [ "java.lang.ArrayIndexOutOfBoundsException", "java.lang.IllegalArgumentException", "java.lang.OutOfMemoryError", @@ -192,7 +251,7 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/JsonSanitizerCrashFuzzer.java", ], - expected_findings = ["java.lang.IndexOutOfBoundsException"], + allowed_findings = ["java.lang.IndexOutOfBoundsException"], target_class = "com.example.JsonSanitizerCrashFuzzer", deps = [ "@maven//:com_mikesamuel_json_sanitizer", @@ -204,7 +263,7 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/JsonSanitizerDenylistFuzzer.java", ], - expected_findings = ["java.lang.AssertionError"], + allowed_findings = ["java.lang.AssertionError"], target_class = "com.example.JsonSanitizerDenylistFuzzer", deps = [ "@maven//:com_mikesamuel_json_sanitizer", @@ -219,7 +278,7 @@ java_binary( main_class = "com.code_intelligence.jazzer.replay.Replayer", runtime_deps = [ ":JsonSanitizerDenylistFuzzer_target_deploy.jar", - "//agent/src/main/java/com/code_intelligence/jazzer/replay:Replayer_deploy.jar", + "//src/main/java/com/code_intelligence/jazzer/replay:Replayer_deploy.jar", ], ) @@ -245,7 +304,7 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/JsonSanitizerIdempotenceFuzzer.java", ], - expected_findings = ["java.lang.AssertionError"], + allowed_findings = ["java.lang.AssertionError"], target_class = "com.example.JsonSanitizerIdempotenceFuzzer", deps = [ "@maven//:com_mikesamuel_json_sanitizer", @@ -257,7 +316,7 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/JsonSanitizerValidJsonFuzzer.java", ], - expected_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], + allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], target_class = "com.example.JsonSanitizerValidJsonFuzzer", deps = [ "@maven//:com_google_code_gson_gson", @@ -270,7 +329,7 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/JacksonCborFuzzer.java", ], - expected_findings = ["java.lang.NullPointerException"], + allowed_findings = ["java.lang.NullPointerException"], target_class = "com.example.JacksonCborFuzzer", deps = [ "@maven//:com_fasterxml_jackson_core_jackson_core", @@ -284,7 +343,7 @@ java_fuzz_target_test( srcs = [ "src/main/java/com/example/FastJsonFuzzer.java", ], - expected_findings = ["java.lang.NumberFormatException"], + allowed_findings = ["java.lang.NumberFormatException"], target_class = "com.example.FastJsonFuzzer", deps = [ "@maven//:com_alibaba_fastjson", @@ -297,17 +356,18 @@ kt_jvm_library( "src/main/java/com/example/KlaxonFuzzer.kt", ], deps = [ - "//agent:jazzer_api_compile_only", + "//deploy:jazzer-api", "@maven//:com_beust_klaxon", ], ) java_fuzz_target_test( name = "KlaxonFuzzer", - expected_findings = [ + allowed_findings = [ "java.lang.ClassCastException", "java.lang.IllegalStateException", "java.lang.NumberFormatException", + "java.lang.NullPointerException", ], fuzzer_args = [ "--keep_going=7", @@ -316,6 +376,47 @@ java_fuzz_target_test( runtime_deps = [":KlaxonFuzzTarget"], ) +kt_jvm_library( + name = "ExampleKotlinFuzzTarget", + srcs = [ + "src/main/java/com/example/ExampleKotlinFuzzer.kt", + ], + deps = [ + "//deploy:jazzer-api", + ], +) + +java_fuzz_target_test( + name = "ExampleKotlinFuzzer", + allowed_findings = [ + "com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium", + ], + target_class = "com.example.ExampleKotlinFuzzer", + runtime_deps = [":ExampleKotlinFuzzTarget"], +) + +kt_jvm_library( + name = "ExampleKotlinValueProfileFuzzTarget", + srcs = [ + "src/main/java/com/example/ExampleKotlinValueProfileFuzzer.kt", + ], + deps = [ + "//deploy:jazzer-api", + ], +) + +java_fuzz_target_test( + name = "ExampleKotlinValueProfileFuzzer", + allowed_findings = [ + "com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium", + ], + fuzzer_args = [ + "-use_value_profile=1", + ], + target_class = "com.example.ExampleKotlinValueProfileFuzzer", + runtime_deps = [":ExampleKotlinValueProfileFuzzTarget"], +) + java_fuzz_target_test( name = "TurboJpegFuzzer", srcs = [ @@ -327,8 +428,8 @@ java_fuzz_target_test( fuzzer_args = [ "-rss_limit_mb=8196", "--jvm_args=-Djava.library.path=../libjpeg_turbo", + "--ubsan", ], - sanitizer = "address", tags = ["manual"], target_class = "com.example.TurboJpegFuzzer", deps = [ @@ -336,11 +437,31 @@ java_fuzz_target_test( ], ) +java_fuzz_target_test( + name = "BatikTranscoderFuzzer", + srcs = [ + "src/main/java/com/example/BatikTranscoderFuzzer.java", + ], + allowed_findings = [ + "com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium", + ], + target_class = "com.example.BatikTranscoderFuzzer", + verify_crash_reproducer = False, + deps = [ + "@maven//:org_apache_xmlgraphics_batik_anim", + "@maven//:org_apache_xmlgraphics_batik_bridge", + "@maven//:org_apache_xmlgraphics_batik_css", + "@maven//:org_apache_xmlgraphics_batik_transcoder", + "@maven//:org_apache_xmlgraphics_batik_util", + ], +) + java_binary( name = "examples", create_executable = False, visibility = ["//visibility:public"], runtime_deps = [ + ":BatikTranscoderFuzzer_target_deploy.jar", ":ExampleFuzzer_target_deploy.jar", ":ExampleValueProfileFuzzer_target_deploy.jar", ":FastJsonFuzzer_target_deploy.jar", @@ -349,3 +470,5 @@ java_binary( ":JsonSanitizerDenylistFuzzer_target_deploy.jar", ], ) + +ktlint() |