Update fuzz target to ignore class injection (#7657)

see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47102
2022-05-02 17:12:20 +02:00 · 2022-05-02 17:12:20 +02:00 · 45377fdef2
parent ee65beab15
commit 45377fdef2
1 changed files with 8 additions and 1 deletions
--- a/projects/logback/JoranFuzzer.java
+++ b/projects/logback/JoranFuzzer.java
@ -22,7 +22,14 @@ public class JoranFuzzer {
    }

    public static void fuzzerTestOneInput(FuzzedDataProvider data) {
-        InputStream xmlcontent = new ByteArrayInputStream(data.consumeString(1000).getBytes());
+        String content = data.consumeString(1000);
+
+        // https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47102
+        if (content.contains("class=\"")) {
+            return;
+        }
+
+        InputStream xmlcontent = new ByteArrayInputStream(content.getBytes());
        try {
            configurator.doConfigure(xmlcontent);
            logger.debug(data.consumeRemainingAsString());