Skip to content

Commit 49c0b19

Browse files
committed
chore: update/extend tests; explicitly set mutation framework usage
1 parent 13929a3 commit 49c0b19

File tree

19 files changed

+192
-78
lines changed

19 files changed

+192
-78
lines changed

examples/BUILD.bazel

Lines changed: 54 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -123,17 +123,22 @@ java_fuzz_target_test(
123123
target_class = "com.example.ExampleValueProfileFuzzer",
124124
)
125125

126-
java_fuzz_target_test(
127-
name = "MazeFuzzer",
126+
[java_fuzz_target_test(
127+
name = "MazeFuzzer_" + mode,
128128
srcs = [
129129
"src/main/java/com/example/MazeFuzzer.java",
130130
],
131131
allowed_findings = ["com.example.MazeFuzzer$$TreasureFoundException"],
132+
env = {"JAZZER_MUTATOR_FRAMEWORK": "false"} if mode == "classic" else {},
132133
target_class = "com.example.MazeFuzzer",
133-
)
134-
135-
java_fuzz_target_test(
136-
name = "ExampleOutOfMemoryFuzzer",
134+
verify_crash_reproducer = True if mode == "classic" else False,
135+
) for mode in [
136+
"classic",
137+
"mutationFramework",
138+
]]
139+
140+
[java_fuzz_target_test(
141+
name = "ExampleOutOfMemoryFuzzer_" + mode,
137142
timeout = "short",
138143
srcs = [
139144
"src/main/java/com/example/ExampleOutOfMemoryFuzzer.java",
@@ -142,23 +147,33 @@ java_fuzz_target_test(
142147
"com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow",
143148
"java.lang.OutOfMemoryError",
144149
],
150+
env = {"JAZZER_MUTATOR_FRAMEWORK": "false"} if mode == "classic" else {},
145151
fuzzer_args = ["--jvm_args=-Xmx512m"],
146152
target_class = "com.example.ExampleOutOfMemoryFuzzer",
147-
)
148-
149-
java_fuzz_target_test(
150-
name = "ExampleStackOverflowFuzzer",
153+
verify_crash_reproducer = True if mode == "classic" else False,
154+
) for mode in [
155+
"classic",
156+
"mutationFramework",
157+
]]
158+
159+
[java_fuzz_target_test(
160+
name = "ExampleStackOverflowFuzzer_" + mode,
151161
srcs = [
152162
"src/main/java/com/example/ExampleStackOverflowFuzzer.java",
153163
],
154164
allowed_findings = [
155165
"com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow",
156166
"java.lang.StackOverflowError",
157167
],
168+
env = {"JAZZER_MUTATOR_FRAMEWORK": "false"} if mode == "classic" else {},
158169
target_class = "com.example.ExampleStackOverflowFuzzer",
159170
# Crashes with a segfault before any stack trace printing is reached.
160171
target_compatible_with = SKIP_ON_MACOS,
161-
)
172+
verify_crash_reproducer = True if mode == "classic" else False,
173+
) for mode in [
174+
"classic",
175+
"mutationFramework",
176+
]]
162177

163178
# WARNING: This fuzz target uses a vulnerable version of log4j, which could result in the execution
164179
# of arbitrary code during fuzzing if executed with an older JDK. Use at your own risk.
@@ -207,27 +222,32 @@ java_fuzz_target_test(
207222
],
208223
)
209224

210-
java_fuzz_target_test(
211-
name = "JpegImageParserFuzzer",
225+
[java_fuzz_target_test(
226+
name = "JpegImageParserFuzzer_" + mode,
212227
size = "enormous",
213228
srcs = [
214229
"src/main/java/com/example/JpegImageParserFuzzer.java",
215230
],
216231
allowed_findings = ["java.lang.NegativeArraySizeException"],
232+
env = {"JAZZER_MUTATOR_FRAMEWORK": "false"} if mode == "classic" else {},
217233
fuzzer_args = [
218234
"-fork=2",
219235
],
220236
tags = ["exclusive-if-local"],
221237
target_class = "com.example.JpegImageParserFuzzer",
222238
# The exit codes of the forked libFuzzer processes are not picked up correctly.
223239
target_compatible_with = SKIP_ON_MACOS,
240+
verify_crash_reproducer = True if mode == "classic" else False,
224241
deps = [
225242
"@maven//:org_apache_commons_commons_imaging",
226243
],
227-
)
244+
) for mode in [
245+
"classic",
246+
"mutationFramework",
247+
]]
228248

229-
java_fuzz_target_test(
230-
name = "GifImageParserFuzzer",
249+
[java_fuzz_target_test(
250+
name = "GifImageParserFuzzer_" + mode,
231251
srcs = [
232252
"src/main/java/com/example/GifImageParserFuzzer.java",
233253
],
@@ -236,11 +256,16 @@ java_fuzz_target_test(
236256
"java.lang.IllegalArgumentException",
237257
"java.lang.OutOfMemoryError",
238258
],
259+
env = {"JAZZER_MUTATOR_FRAMEWORK": "false"} if mode == "classic" else {},
239260
target_class = "com.example.GifImageParserFuzzer",
261+
verify_crash_reproducer = True if mode == "classic" else False,
240262
deps = [
241263
"@maven//:org_apache_commons_commons_imaging",
242264
],
243-
)
265+
) for mode in [
266+
"classic",
267+
"mutationFramework",
268+
]]
244269

245270
java_fuzz_target_test(
246271
name = "TiffImageParserFuzzer",
@@ -355,19 +380,24 @@ java_fuzz_target_test(
355380
],
356381
)
357382

358-
java_fuzz_target_test(
359-
name = "JacksonCborFuzzer",
383+
[java_fuzz_target_test(
384+
name = "JacksonCborFuzzer_" + mode,
360385
srcs = [
361386
"src/main/java/com/example/JacksonCborFuzzer.java",
362387
],
363388
allowed_findings = ["java.lang.NullPointerException"],
389+
env = {"JAZZER_MUTATOR_FRAMEWORK": "false"} if mode == "classic" else {},
364390
target_class = "com.example.JacksonCborFuzzer",
391+
verify_crash_reproducer = True if mode == "classic" else False,
365392
deps = [
366393
"@maven//:com_fasterxml_jackson_core_jackson_core",
367394
"@maven//:com_fasterxml_jackson_core_jackson_databind",
368395
"@maven//:com_fasterxml_jackson_dataformat_jackson_dataformat_cbor",
369396
],
370-
)
397+
) for mode in [
398+
"classic",
399+
"mutationFramework",
400+
]]
371401

372402
java_fuzz_target_test(
373403
name = "FastJsonFuzzer",
@@ -499,8 +529,10 @@ java_binary(
499529
":ExampleFuzzer_target_deploy.jar",
500530
":ExampleValueProfileFuzzer_target_deploy.jar",
501531
":FastJsonFuzzer_target_deploy.jar",
502-
":JacksonCborFuzzer_target_deploy.jar",
503-
":JpegImageParserFuzzer_target_deploy.jar",
532+
":JacksonCborFuzzer_classic_target_deploy.jar",
533+
":JacksonCborFuzzer_mutationFramework_target_deploy.jar",
534+
":JpegImageParserFuzzer_classic_target_deploy.jar",
535+
":JpegImageParserFuzzer_mutationFramework_target_deploy.jar",
504536
":JsonSanitizerDenylistFuzzer_target_deploy.jar",
505537
],
506538
)

examples/junit/src/test/java/com/example/BUILD.bazel

Lines changed: 29 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -49,10 +49,11 @@ java_fuzz_target_test(
4949
],
5050
)
5151

52-
java_fuzz_target_test(
53-
name = "ByteFuzzTest",
52+
[java_fuzz_target_test(
53+
name = "ByteFuzzTest_" + mode,
5454
srcs = ["ByteFuzzTest.java"],
5555
allowed_findings = ["org.opentest4j.AssertionFailedError"],
56+
env = {"JAZZER_MUTATOR_FRAMEWORK": "false"} if mode == "classic" else {},
5657
fuzzer_args = [
5758
"-runs=0",
5859
],
@@ -67,7 +68,10 @@ java_fuzz_target_test(
6768
"//src/main/java/com/code_intelligence/jazzer/junit:fuzz_test",
6869
"@maven//:org_junit_jupiter_junit_jupiter_api",
6970
],
70-
)
71+
) for mode in [
72+
"classic",
73+
"mutationFramework",
74+
]]
7175

7276
java_fuzz_target_test(
7377
name = "PerExecutionLifecycleFuzzTest",
@@ -94,10 +98,11 @@ java_fuzz_target_test(
9498
],
9599
)
96100

97-
java_fuzz_target_test(
98-
name = "PerExecutionLifecycleWithFindingFuzzTest",
101+
[java_fuzz_target_test(
102+
name = "PerExecutionLifecycleWithFindingFuzzTest_" + mode,
99103
srcs = ["PerExecutionLifecycleWithFindingFuzzTest.java"],
100104
allowed_findings = ["java.io.IOException"],
105+
env = {"JAZZER_MUTATOR_FRAMEWORK": "false"} if mode == "classic" else {},
101106
expected_warning_or_error = "ERROR: com.example.TestSuccessfulException: Lifecycle methods invoked as expected",
102107
fuzzer_args = [
103108
"-runs=3",
@@ -116,7 +121,10 @@ java_fuzz_target_test(
116121
"@maven//:com_google_truth_truth",
117122
"@maven//:org_junit_jupiter_junit_jupiter_api",
118123
],
119-
)
124+
) for mode in [
125+
"classic",
126+
"mutationFramework",
127+
]]
120128

121129
java_fuzz_target_test(
122130
name = "PerTestLifecycleFuzzTest",
@@ -183,13 +191,14 @@ java_fuzz_target_test(
183191
)
184192

185193
# Verifies that fuzzer command-line arguments are honored for @FuzzTests.
186-
java_fuzz_target_test(
187-
name = "CommandLineFuzzTest",
194+
[java_fuzz_target_test(
195+
name = "CommandLineFuzzTest_" + mode,
188196
srcs = ["CommandLineFuzzTest.java"],
189197
allowed_findings = ["java.lang.Error"],
198+
env = {"JAZZER_MUTATOR_FRAMEWORK": "false"} if mode == "classic" else {},
190199
fuzzer_args = [
191200
# Ignore the first two findings.
192-
"--ignore=d5e250a5298b81e6,d86371e6d41739ec",
201+
"--ignore=d5abe997b6e1c738,c4c41efd6aa94d6c",
193202
],
194203
target_class = "com.example.CommandLineFuzzTest",
195204
verify_crash_reproducer = False,
@@ -201,7 +210,10 @@ java_fuzz_target_test(
201210
"//src/main/java/com/code_intelligence/jazzer/junit:fuzz_test",
202211
"@maven//:org_junit_jupiter_junit_jupiter_api",
203212
],
204-
)
213+
) for mode in [
214+
"classic",
215+
"mutationFramework",
216+
]]
205217

206218
# Verify that Mockito is properly ignored.
207219
# Using version 5+ could otherwise introduce cyclic instrumentation.
@@ -285,11 +297,11 @@ java_fuzz_target_test(
285297
],
286298
)
287299

288-
java_fuzz_target_test(
289-
name = "JavaBinarySeedFuzzTest",
300+
[java_fuzz_target_test(
301+
name = "JavaBinarySeedFuzzTest_" + mode,
290302
srcs = ["JavaBinarySeedFuzzTest.java"],
291303
allowed_findings = ["java.lang.Error"],
292-
env = {"JAZZER_FUZZ": "1"},
304+
env = {"JAZZER_FUZZ": "1"} | ({"JAZZER_MUTATOR_FRAMEWORK": "false"} if mode == "classic" else {}),
293305
target_class = "com.example.JavaBinarySeedFuzzTest",
294306
verify_crash_reproducer = False,
295307
runtime_deps = [
@@ -300,7 +312,10 @@ java_fuzz_target_test(
300312
"@maven//:org_junit_jupiter_junit_jupiter_api",
301313
"@maven//:org_junit_jupiter_junit_jupiter_params",
302314
],
303-
)
315+
) for mode in [
316+
"classic",
317+
"mutationFramework",
318+
]]
304319

305320
[
306321
java_fuzz_target_test(

examples/junit/src/test/java/com/example/ByteFuzzTest.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,11 @@
1919
import static org.junit.jupiter.api.Assertions.fail;
2020

2121
import com.code_intelligence.jazzer.junit.FuzzTest;
22+
import com.code_intelligence.jazzer.mutation.annotation.NotNull;
2223

2324
class ByteFuzzTest {
2425
@FuzzTest
25-
void byteFuzz(byte[] data) {
26+
void byteFuzz(byte @NotNull [] data) {
2627
if (data.length < 1) {
2728
return;
2829
}

examples/junit/src/test/java/com/example/JavaBinarySeedFuzzTest.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
import static org.junit.jupiter.api.Assumptions.assumeTrue;
2323

2424
import com.code_intelligence.jazzer.junit.FuzzTest;
25+
import com.code_intelligence.jazzer.mutation.annotation.NotNull;
2526
import java.security.MessageDigest;
2627
import java.security.NoSuchAlgorithmException;
2728
import java.util.Base64;
@@ -52,7 +53,7 @@ protected Object convert(Object source, Class<?> targetType)
5253

5354
@ValueSource(strings = {"red herring", "tH15_1S-4_53Cr3T.fl4Ga"})
5455
@FuzzTest
55-
void fuzzTheFlag(@ConvertWith(Utf8BytesConverter.class) byte[] bytes)
56+
void fuzzTheFlag(@ConvertWith(Utf8BytesConverter.class) byte @NotNull [] bytes)
5657
throws NoSuchAlgorithmException {
5758
assumeTrue(bytes.length > 0);
5859
MessageDigest digest = MessageDigest.getInstance("SHA-256");

examples/junit/src/test/java/com/example/PerExecutionLifecycleWithFindingFuzzTest.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020

2121
import com.code_intelligence.jazzer.junit.FuzzTest;
2222
import com.code_intelligence.jazzer.junit.Lifecycle;
23+
import com.code_intelligence.jazzer.mutation.annotation.NotNull;
2324
import java.io.IOException;
2425
import java.util.ArrayList;
2526
import java.util.List;
@@ -35,7 +36,7 @@ static void beforeAll() {
3536
}
3637

3738
@FuzzTest(maxExecutions = RUNS, lifecycle = Lifecycle.PER_EXECUTION)
38-
void lifecycleFuzz(byte[] data) throws IOException {
39+
void lifecycleFuzz(byte @NotNull [] data) throws IOException {
3940
addEvent("lifecycleFuzz");
4041
if (data.length != 0) {
4142
throw new IOException(

examples/src/main/java/com/example/ExampleOutOfMemoryFuzzer.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,12 @@
1616

1717
package com.example;
1818

19+
import com.code_intelligence.jazzer.mutation.annotation.NotNull;
20+
1921
public class ExampleOutOfMemoryFuzzer {
2022
public static long[] leak;
2123

22-
public static void fuzzerTestOneInput(byte[] input) {
24+
public static void fuzzerTestOneInput(byte @NotNull [] input) {
2325
if (input.length == 0) {
2426
return;
2527
}

examples/src/main/java/com/example/GifImageParserFuzzer.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616

1717
package com.example;
1818

19+
import com.code_intelligence.jazzer.mutation.annotation.NotNull;
1920
import java.io.IOException;
2021
import java.util.HashMap;
2122
import org.apache.commons.imaging.ImageReadException;
@@ -25,7 +26,7 @@
2526
// Found https://issues.apache.org/jira/browse/IMAGING-277 and
2627
// https://issues.apache.org/jira/browse/IMAGING-278.
2728
public class GifImageParserFuzzer {
28-
public static void fuzzerTestOneInput(byte[] input) {
29+
public static void fuzzerTestOneInput(byte @NotNull [] input) {
2930
try {
3031
new GifImageParser().getBufferedImage(new ByteSourceArray(input), new HashMap<>());
3132
} catch (IOException | ImageReadException ignored) {

examples/src/main/java/com/example/JacksonCborFuzzer.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616

1717
package com.example;
1818

19+
import com.code_intelligence.jazzer.mutation.annotation.NotNull;
1920
import com.fasterxml.jackson.databind.ObjectMapper;
2021
import com.fasterxml.jackson.dataformat.cbor.CBORFactory;
2122
import java.io.IOException;
@@ -24,7 +25,7 @@
2425
// https://github.com/FasterXML/jackson-databind/pull/3032 if executed with
2526
// `--keep_going=3 -seed=2735196724`.
2627
public class JacksonCborFuzzer {
27-
public static void fuzzerTestOneInput(byte[] input) {
28+
public static void fuzzerTestOneInput(byte @NotNull [] input) {
2829
CBORFactory factory = new CBORFactory();
2930
ObjectMapper mapper = new ObjectMapper(factory);
3031
mapper.enableDefaultTyping();

examples/src/main/java/com/example/JpegImageParserFuzzer.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616

1717
package com.example;
1818

19+
import com.code_intelligence.jazzer.mutation.annotation.NotNull;
1920
import java.io.IOException;
2021
import java.util.HashMap;
2122
import org.apache.commons.imaging.ImageReadException;
@@ -24,7 +25,7 @@
2425

2526
// Found https://issues.apache.org/jira/browse/IMAGING-275.
2627
public class JpegImageParserFuzzer {
27-
public static void fuzzerTestOneInput(byte[] input) {
28+
public static void fuzzerTestOneInput(byte @NotNull [] input) {
2829
try {
2930
new JpegImageParser().getBufferedImage(new ByteSourceArray(input), new HashMap<>());
3031
} catch (IOException | ImageReadException ignored) {

0 commit comments

Comments
 (0)