Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .clusterfuzzlite/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
FROM gcr.io/oss-fuzz-base/base-builder-jvm
RUN apt-get update && apt-get install -y maven git \
&& rm -rf /var/lib/apt/lists/*
COPY . $SRC/apis-common
WORKDIR $SRC/apis-common
COPY .clusterfuzzlite/build.sh $SRC/build.sh
54 changes: 54 additions & 0 deletions .clusterfuzzlite/build.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
#!/bin/bash -eu


PROJECT_ROOT="${SRC}/apis-common"
# Pinned apis-bom (same ref as CI in .github/workflows/ci.yml)
APIS_BOM_COMMIT="${APIS_BOM_COMMIT:-266abde1821756ee75bbbdcef1fc746bb66dcc3c}"

rm -rf "${WORK}/apis-bom"
git clone https://github.com/hyphae/apis-bom.git "${WORK}/apis-bom"
pushd "${WORK}/apis-bom" >/dev/null
git checkout "${APIS_BOM_COMMIT}"
"${MVN:-mvn}" -B -DskipTests install
popd >/dev/null

pushd "${PROJECT_ROOT}" >/dev/null
"${MVN:-mvn}" -B -DskipTests package
cp target/apis-common-*.jar "${OUT}/apis-common.jar"
mkdir -p "${OUT}/lib"
"${MVN:-mvn}" -B org.apache.maven.plugins:maven-dependency-plugin:3.6.1:copy-dependencies \
-DoutputDirectory="${OUT}/lib" -DincludeScope=runtime
popd >/dev/null

BUILD_CP="${OUT}/apis-common.jar"
for j in "${OUT}/lib"/*.jar; do
BUILD_CP="${BUILD_CP}:${j}"
done
BUILD_CP="${BUILD_CP}:${JAZZER_API_PATH}"

FUZZER_SRC="${PROJECT_ROOT}/fuzz/ApisCommonFuzzer.java"
javac -cp "${BUILD_CP}" -d "${OUT}" "${FUZZER_SRC}"

RUNTIME_CP=""
for j in "${OUT}/lib"/*.jar; do
RUNTIME_CP="${RUNTIME_CP}\$this_dir/lib/$(basename "${j}"):"
done
RUNTIME_CP="${RUNTIME_CP}\$this_dir/apis-common.jar:\$this_dir"

cat >"${OUT}/ApisCommonFuzzer" <<EOF
#!/bin/bash
# LLVMFuzzerTestOneInput for fuzzer detection.
this_dir=\$(dirname "\$0")
if [[ "\$@" =~ (^| )-runs=[0-9]+($| ) ]]; then
mem_settings='-Xmx1900m:-Xss900k'
else
mem_settings='-Xmx2048m:-Xss1024k'
fi
LD_LIBRARY_PATH="${JVM_LD_LIBRARY_PATH}:\$this_dir" \\
\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \\
--cp=${RUNTIME_CP} \\
--target_class=ApisCommonFuzzer \\
--jvm_args="\$mem_settings" \\
\$@
EOF
chmod u+x "${OUT}/ApisCommonFuzzer"
2 changes: 2 additions & 0 deletions .clusterfuzzlite/project.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# see https://google.github.io/clusterfuzzlite/build-integration/
language: jvm
99 changes: 99 additions & 0 deletions fuzz/ApisCommonFuzzer.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@

import com.code_intelligence.jazzer.api.FuzzedDataProvider;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import jp.co.sony.csl.dcoes.apis.common.util.DateTimeUtil;
import jp.co.sony.csl.dcoes.apis.common.util.NumberUtil;
import jp.co.sony.csl.dcoes.apis.common.util.StringUtil;
import jp.co.sony.csl.dcoes.apis.common.util.vertx.JsonObjectUtil;


public class ApisCommonFuzzer {
public static void fuzzerTestOneInput(FuzzedDataProvider data) {
switch (data.consumeInt(0, 5)) {
case 0:
fuzzStringAndNumber(data);
break;
case 1:
fuzzDateTime(data);
break;
case 2:
fuzzJsonObject(data);
break;
case 3:
fuzzJsonArray(data);
break;
case 4:
fuzzJsonObjectUtil(data);
break;
default:
fuzzStringAndNumber(data);
break;
}
}

private static void fuzzStringAndNumber(FuzzedDataProvider data) {
String s = data.consumeString(4096);
try {
StringUtil.nullIfEmpty(s);
StringUtil.fixFilePath(s);
StringUtil.urlEncode(s);
NumberUtil.toInteger(s);
Float f = data.consumeBoolean() ? data.consumeRegularFloat() : null;
NumberUtil.negativeValue(f);
} catch (RuntimeException ignored) {
}
}

private static void fuzzDateTime(FuzzedDataProvider data) {
String s = data.consumeString(512);
try {
DateTimeUtil.toLocalDateTime(s);
DateTimeUtil.toSystemDefaultZonedDateTime(s);
} catch (RuntimeException ignored) {
}
}

private static void fuzzJsonObject(FuzzedDataProvider data) {
String raw = data.consumeString(8192);
try {
new JsonObject(raw).encode();
} catch (RuntimeException ignored) {
}
}

private static void fuzzJsonArray(FuzzedDataProvider data) {
String raw = data.consumeString(8192);
try {
new JsonArray(raw).encode();
} catch (RuntimeException ignored) {
}
}

private static void fuzzJsonObjectUtil(FuzzedDataProvider data) {
String raw = data.consumeString(8192);
final JsonObject jsonobject;

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One more request - please camelCase

try {
jsonobject = new JsonObject(raw);
} catch (RuntimeException e) {
return;
}
int depth = data.consumeInt(1, 8);
String[] keys = new String[depth];
for (int i = 0; i < depth; i++) {
keys[i] = data.consumeString(64);
}
try {
JsonObjectUtil.getValue(jsonobject, keys);
JsonObjectUtil.getString(jsonobject, keys);
JsonObjectUtil.getFloat(jsonobject, keys);
JsonObjectUtil.getInteger(jsonobject, keys);
JsonObjectUtil.getLong(jsonobject, keys);
JsonObjectUtil.getBoolean(jsonobject, keys);
JsonObjectUtil.getLocalDateTime(jsonobject, keys);
JsonObjectUtil.getJsonArray(jsonobject, keys);
JsonObjectUtil.getJsonObject(jsonobject, keys);
} catch (RuntimeException ignored) {
}
}
}