1 files changed, 137 insertions, 0 deletions

diff --git a/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetFinder.java b/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetFinder.java
new file mode 100644
index 00000000..c2c41774
--- /dev/null
+++ b/src/main/java/com/code_intelligence/jazzer/driver/FuzzTargetFinder.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2022 Code Intelligence GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.code_intelligence.jazzer.driver;
+
+import static com.code_intelligence.jazzer.runtime.Constants.IS_ANDROID;
+import static java.lang.System.exit;
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import com.code_intelligence.jazzer.driver.FuzzTargetHolder.FuzzTarget;
+import com.code_intelligence.jazzer.utils.Log;
+import com.code_intelligence.jazzer.utils.ManifestUtils;
+import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+import java.util.concurrent.Callable;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+class FuzzTargetFinder {
+  private static final String FUZZER_TEST_ONE_INPUT = "fuzzerTestOneInput";
+  private static final String FUZZER_INITIALIZE = "fuzzerInitialize";
+  private static final String FUZZER_TEAR_DOWN = "fuzzerTearDown";
+
+  static String findFuzzTargetClassName() {
+    if (!Opt.targetClass.isEmpty()) {
+      return Opt.targetClass;
+    }
+    if (IS_ANDROID) {
+      // Fuzz target detection tools aren't supported on android
+      return null;
+    }
+    return ManifestUtils.detectFuzzTargetClass();
+  }
+
+  /**
+   * @throws IllegalArgumentException if the fuzz target method is invalid or couldn't be found
+   * @param targetClassName name of the fuzz target class
+   * @return a {@link FuzzTarget}
+   */
+  static FuzzTarget findFuzzTarget(String targetClassName) {
+    Class<?> fuzzTargetClass;
+    try {
+      fuzzTargetClass =
+          Class.forName(targetClassName, false, FuzzTargetFinder.class.getClassLoader());
+    } catch (ClassNotFoundException e) {
+      Log.error(String.format(
+          "'%s' not found on classpath:%n%n%s%n%nAll required classes must be on the classpath specified via --cp.",
+          targetClassName, System.getProperty("java.class.path")));
+      exit(1);
+      throw new IllegalStateException("Not reached");
+    }
+
+    return findFuzzTargetByMethodName(fuzzTargetClass);
+  }
+
+  // Finds the traditional static fuzzerTestOneInput fuzz target method.
+  private static FuzzTarget findFuzzTargetByMethodName(Class<?> clazz) {
+    Method fuzzTargetMethod;
+    if (Opt.experimentalMutator) {
+      List<Method> fuzzTargetMethods =
+          Arrays.stream(clazz.getMethods())
+              .filter(method -> "fuzzerTestOneInput".equals(method.getName()))
+              .filter(method -> Modifier.isStatic(method.getModifiers()))
+              .collect(Collectors.toList());
+      if (fuzzTargetMethods.size() != 1) {
+        throw new IllegalArgumentException(
+            String.format("%s must define exactly one function of this form:%n"
+                    + "public static void fuzzerTestOneInput(...)%n",
+                clazz.getName()));
+      }
+      fuzzTargetMethod = fuzzTargetMethods.get(0);
+    } else {
+      Optional<Method> bytesFuzzTarget =
+          targetPublicStaticMethod(clazz, FUZZER_TEST_ONE_INPUT, byte[].class);
+      Optional<Method> dataFuzzTarget =
+          targetPublicStaticMethod(clazz, FUZZER_TEST_ONE_INPUT, FuzzedDataProvider.class);
+      if (bytesFuzzTarget.isPresent() == dataFuzzTarget.isPresent()) {
+        throw new IllegalArgumentException(String.format(
+            "%s must define exactly one of the following two functions:%n"
+                + "public static void fuzzerTestOneInput(byte[] ...)%n"
+                + "public static void fuzzerTestOneInput(FuzzedDataProvider ...)%n"
+                + "Note: Fuzz targets returning boolean are no longer supported; exceptions should be thrown instead of returning true.",
+            clazz.getName()));
+      }
+      fuzzTargetMethod = dataFuzzTarget.orElseGet(bytesFuzzTarget::get);
+    }
+
+    Callable<Object> initialize =
+        Stream
+            .of(targetPublicStaticMethod(clazz, FUZZER_INITIALIZE, String[].class)
+                    .map(init -> (Callable<Object>) () -> {
+                      init.invoke(null, (Object) Opt.targetArgs.toArray(new String[] {}));
+                      return null;
+                    }),
+                targetPublicStaticMethod(clazz, FUZZER_INITIALIZE)
+                    .map(init -> (Callable<Object>) () -> {
+                      init.invoke(null);
+                      return null;
+                    }))
+            .filter(Optional::isPresent)
+            .map(Optional::get)
+            .findFirst()
+            .orElse(() -> null);
+
+    return new FuzzTarget(
+        fuzzTargetMethod, initialize, targetPublicStaticMethod(clazz, FUZZER_TEAR_DOWN));
+  }
+
+  private static Optional<Method> targetPublicStaticMethod(
+      Class<?> clazz, String name, Class<?>... parameterTypes) {
+    try {
+      Method method = clazz.getMethod(name, parameterTypes);
+      if (!Modifier.isStatic(method.getModifiers()) || !Modifier.isPublic(method.getModifiers())) {
+        return Optional.empty();
+      }
+      return Optional.of(method);
+    } catch (NoSuchMethodException e) {
+      return Optional.empty();
+    }
+  }
+}