Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[kryo] Initial integration (#5762)

This commit is contained in:
Roman Wagner 2021-05-21 15:14:12 +02:00 committed by GitHub
parent e7207a204c
commit 1f096f75e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 282 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
projects/kryo/DeserializeCollectionsFuzzer.java Normal file
View File

@ -0,0 +1,69 @@
// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
import com.esotericsoftware.kryo.Kryo;
import com.esotericsoftware.kryo.io.Input;
import com.esotericsoftware.kryo.KryoException;
import com.esotericsoftware.kryo.serializers.CompatibleFieldSerializer;
import java.util.*;
public class DeserializeCollectionsFuzzer {
public static void fuzzerTestOneInput(FuzzedDataProvider data) {
Kryo kryo = new Kryo();
kryo.register(SomeClass.class);
kryo.setReferences(data.consumeBoolean());
if (data.consumeBoolean())
kryo.setDefaultSerializer(CompatibleFieldSerializer.class);
Input in = new Input(data.consumeRemainingAsBytes());
try {
kryo.readObject(in, SomeClass.class);
} catch (KryoException e) {
} finally {
in.close();
}
}
public static final class SomeClass {
List<String> _emptyList = Collections.emptyList();
Set<String> _emptySet = Collections.emptySet();
Map<String, String> _emptyMap = Collections.emptyMap();
List<String> _singletonList = Collections.singletonList("foo");
Set<String> _singletonSet = Collections.emptySet();
Map<String, String> _singletonMap;
TreeSet<String> _treeSet;
TreeMap<String, Integer> _treeMap;
List<String> _arrayList;
Set<String> _hashSet;
Map<String, Integer> _hashMap;
List<Integer> _asList = Arrays.asList(1, 2, 3);
int[] _intArray;
long[] _longArray;
short[] _shortArray;
float[] _floatArray;
double[] _doubleArray;
byte[] _byteArray;
char[] _charArray;
String[] _stringArray;
Integer[] _integerArray;
BitSet _bitSet;
}
}

76
projects/kryo/DeserializeNumbersFuzzer.java Normal file
View File

@ -0,0 +1,76 @@
// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
import com.esotericsoftware.kryo.Kryo;
import com.esotericsoftware.kryo.io.Input;
import com.esotericsoftware.kryo.KryoException;
import com.esotericsoftware.kryo.serializers.CompatibleFieldSerializer;
import java.util.*;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicLong;
import java.math.BigDecimal;
import java.math.BigInteger;
public class DeserializeNumbersFuzzer {
public static void fuzzerTestOneInput(FuzzedDataProvider data) {
Kryo kryo = new Kryo();
kryo.register(SomeClass.class);
kryo.setReferences(data.consumeBoolean());
if (data.consumeBoolean())
kryo.setDefaultSerializer(CompatibleFieldSerializer.class);
Input in = new Input(data.consumeRemainingAsBytes());
try {
kryo.readObject(in, SomeClass.class);
} catch (KryoException e) {
} finally {
in.close();
}
}
public static final class SomeClass {
Date _date;
TimeZone _timeZone;
Calendar _calendar;
Locale _locale;
Integer[] _integerArray;
boolean _boolean;
char _char;
byte _byte;
short _short;
int _int1;
int _int2;
long _long;
float _float;
double _double;
Boolean _Boolean;
Character _Character;
Byte _Byte;
Short _Short;
Integer _Integer;
Long _Long;
Float _Float;
Double _Double;
BigInteger _bigInteger;
BigDecimal _bigDecimal;
AtomicInteger _atomicInteger;
AtomicLong _atomicLong;
}
}

45
projects/kryo/DeserializeStringFuzzer.java Normal file
View File

@ -0,0 +1,45 @@
// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
import com.esotericsoftware.kryo.Kryo;
import com.esotericsoftware.kryo.io.Input;
import com.esotericsoftware.kryo.KryoException;
import com.esotericsoftware.kryo.serializers.CompatibleFieldSerializer;
public class DeserializeStringFuzzer {
public static void fuzzerTestOneInput(FuzzedDataProvider data) {
Kryo kryo = new Kryo();
kryo.register(SomeClass.class);
kryo.setReferences(data.consumeBoolean());
if (data.consumeBoolean())
kryo.setDefaultSerializer(CompatibleFieldSerializer.class);
Input in = new Input(data.consumeRemainingAsBytes());
try {
kryo.readObject(in, SomeClass.class);
} catch (KryoException e) {
} finally {
in.close();
}
}
public static final class SomeClass {
String value;
}
}

29
projects/kryo/Dockerfile Normal file
View File

@ -0,0 +1,29 @@
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
RUN curl -L https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip -o maven.zip && \
unzip maven.zip -d $SRC/maven && \
rm -rf maven.zip
ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn
RUN git clone --depth 1 https://github.com/EsotericSoftware/kryo
COPY build.sh $SRC/
COPY DeserializeCollectionsFuzzer.java DeserializeNumbersFuzzer.java DeserializeStringFuzzer.java $SRC/
WORKDIR $SRC/kryo

51
projects/kryo/build.sh Normal file
View File

@ -0,0 +1,51 @@
#!/bin/bash -eu
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
MAVEN_ARGS="-Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15"
$MVN package org.apache.maven.plugins:maven-shade-plugin:3.2.4:shade $MAVEN_ARGS
current_version=$($MVN org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate \
-Dexpression=project.version -q -DforceStdout)
cp "target/kryo-$current_version.jar" $OUT/kryo.jar
ALL_JARS="kryo.jar"
# The classpath at build-time includes the project jars in $OUT as well as the
# Jazzer API.
BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH
# All .jar and .class files lie in the same directory as the fuzzer at runtime.
RUNTIME_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir
for fuzzer in $(find $SRC -name '*Fuzzer.java'); do
fuzzer_basename=$(basename -s .java $fuzzer)
javac --enable-preview --release 15 -cp $BUILD_CLASSPATH $fuzzer
cp $SRC/$fuzzer_basename.class $OUT/
cp $SRC/${fuzzer_basename}\$SomeClass.class $OUT/
# Create an execution wrapper that executes Jazzer with the correct arguments.
echo "#!/bin/sh
# LLVMFuzzerTestOneInput for fuzzer detection.
this_dir=\$(dirname \"\$0\")
LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \
\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \
--cp=$RUNTIME_CLASSPATH \
--target_class=$fuzzer_basename \
--jvm_args=\"-Xmx2048m;--enable-preview\" \
\$@" > $OUT/$fuzzer_basename
chmod +x $OUT/$fuzzer_basename
done

12
projects/kryo/project.yaml Normal file
View File

@ -0,0 +1,12 @@
homepage: "http://esotericsoftware.com/"
language: jvm
primary_contact: "thomas@umschalt.com"
auto_ccs:
- "meumertzheim@code-intelligence.com"
- "wagner@code-intelligence.com"
- "meumertzheim@code-intelligence.com"
fuzzing_engines:
- libfuzzer
main_repo: "https://github.com/EsotericSoftware/kryo"
sanitizers:
- address