From 4548411f98c1b823472f5096b4d44c7425a2381e Mon Sep 17 00:00:00 2001
From: aschaich <108736614+aschaich@users.noreply.github.com>
Date: Tue, 14 Feb 2023 01:09:31 +0900
Subject: [PATCH] [eclipse-equinox] Initial integration for org.eclipse.osgi
 (#9699)

---
 projects/eclipse-equinox/Dockerfile           | 65 ++++++++++++++
 projects/eclipse-equinox/build.sh             | 87 +++++++++++++++++++
 .../eclipse-equinox/equinox-fuzzer/pom.xml    | 77 ++++++++++++++++
 .../org/eclipse/osgi/ConditionInfoFuzzer.java | 46 ++++++++++
 projects/eclipse-equinox/maven-settings.xml   |  3 +
 projects/eclipse-equinox/maven-toolchains.xml | 30 +++++++
 projects/eclipse-equinox/project.yaml         | 15 ++++
 7 files changed, 323 insertions(+)
 create mode 100644 projects/eclipse-equinox/Dockerfile
 create mode 100644 projects/eclipse-equinox/build.sh
 create mode 100644 projects/eclipse-equinox/equinox-fuzzer/pom.xml
 create mode 100644 projects/eclipse-equinox/equinox-fuzzer/src/main/java/org/eclipse/osgi/ConditionInfoFuzzer.java
 create mode 100644 projects/eclipse-equinox/maven-settings.xml
 create mode 100644 projects/eclipse-equinox/maven-toolchains.xml
 create mode 100644 projects/eclipse-equinox/project.yaml

diff --git a/projects/eclipse-equinox/Dockerfile b/projects/eclipse-equinox/Dockerfile
new file mode 100644
index 000000000..6f923274b
--- /dev/null
+++ b/projects/eclipse-equinox/Dockerfile
@@ -0,0 +1,65 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder-jvm
+
+#
+# install maven configuration, which is also used by gradles's publishToMavenLocal
+#
+ADD maven-settings.xml ${SRC}/
+RUN apt-get install -y xmlstarlet
+RUN mkdir -p ~/.m2 && \
+	xmlstarlet ed \
+		-u "settings/localRepository" -v "${OUT}/m2/repository" \
+	< ${SRC}/maven-settings.xml > ~/.m2/settings.xml
+
+#
+# install maven and gradle
+#
+RUN curl -L https://downloads.apache.org/maven/maven-3/3.8.7/binaries/apache-maven-3.8.7-bin.zip -o maven.zip && \
+	unzip maven.zip -d $SRC/maven-3.8.7 && \
+	rm -rf maven.zip
+
+ENV MVN $SRC/maven-3.8.7/apache-maven-3.8.7/bin/mvn
+
+RUN curl -L https://services.gradle.org/distributions/gradle-7.6-bin.zip -o gradle.zip && \
+    unzip gradle.zip -d $SRC/gradle && \
+    rm -rf gradle.zip
+
+ENV GRADLE $SRC/gradle/gradle-7.6/bin/gradle
+
+ENV LIBRARY_NAME equinox
+WORKDIR ${SRC}
+#
+# Clone repository. eclipse-equinox has an auxillary repository, which
+# also has to be cloned...
+#
+RUN git clone https://github.com/eclipse-equinox/equinox
+RUN git clone https://github.com/eclipse-equinox/equinox.binaries
+
+#
+# Multiple JDK versions are required in order to build equinox, and they
+# also need to be configured into a maven toolchain for concurrent use.
+#
+RUN apt update && apt install -y openjdk-8-jdk-headless openjdk-11-jdk-headless openjdk-17-jdk-headless
+ENV JAVA_HOME /usr/lib/jvm/java-17-openjdk-amd64
+ADD maven-toolchains.xml ${SRC}/ 
+RUN mkdir -p ~/.m2 && \
+	cp ${SRC}/maven-toolchains.xml ~/.m2/toolchains.xml
+
+ADD build.sh ${SRC}/
+ADD ${LIBRARY_NAME}-fuzzer ${SRC}/${LIBRARY_NAME}-fuzzer/
+WORKDIR ${SRC}/${LIBRARY_NAME}
\ No newline at end of file
diff --git a/projects/eclipse-equinox/build.sh b/projects/eclipse-equinox/build.sh
new file mode 100644
index 000000000..3520a3dfd
--- /dev/null
+++ b/projects/eclipse-equinox/build.sh
@@ -0,0 +1,87 @@
+#!/bin/bash -eu
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+SRC_SUBDIR=""
+#MVN_FLAGS="-Djavac.src.version=17 -Djavac.target.version=17 -DskipTests -Drt.equinox.binaries.loc=${SRC}/equinox.binaries"
+MVN_FLAGS="-DskipTests -Drt.equinox.binaries.loc=${SRC}/equinox.binaries -Pbuild-individual-bundles -Pbree-libs -Papi-check -Dcompare-version-with-baselines.skip=false -Dproject.build.sourceEncoding=UTF-8 -Dmaven.test.failure.ignore=true"
+ALL_JARS=""
+
+# Install the build servers' jazzer-api into the maven repository.
+pushd "/tmp"
+	${MVN} install:install-file -Dfile=${JAZZER_API_PATH} \
+		-DgroupId="com.code-intelligence" \
+		-DartifactId="jazzer-api" \
+		-Dversion="0.14.0" \
+		-Dpackaging=jar
+popd
+
+# Build needs to be run in the CVSROOT
+pushd "${SRC}/${LIBRARY_NAME}/${SRC_SUBDIR}"
+	${MVN} install ${MVN_FLAGS}
+popd
+
+# ... while the subprojects have varying versions
+pushd "${SRC}/${LIBRARY_NAME}/bundles/org.eclipse.osgi"
+	CURRENT_VERSION=$(${MVN} org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout)
+popd
+
+pushd "${SRC}/${LIBRARY_NAME}-fuzzer"
+	${MVN} package -DfuzzedLibaryVersion="${CURRENT_VERSION}" ${MVN_FLAGS}
+	install -v target/${LIBRARY_NAME}-fuzzer-${CURRENT_VERSION}.jar ${OUT}/${LIBRARY_NAME}-fuzzer-${CURRENT_VERSION}.jar
+	ALL_JARS="${ALL_JARS} ${LIBRARY_NAME}-fuzzer-${CURRENT_VERSION}.jar"
+popd
+
+
+
+# The classpath at build-time includes the project jars in $OUT as well as the
+# Jazzer API.
+BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH
+
+# All .jar and .class files lie in the same directory as the fuzzer at runtime.
+RUNTIME_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir
+
+MVN_FUZZERS_PREFIX="src/main/java"
+
+for fuzzer in $(find ${SRC} -name '*Fuzzer.java'); do
+	# Find our fuzzer inside the maven structure
+	stripped_path=$(echo ${fuzzer} | sed \
+		-e 's|^.*src/main/java/\(.*\).java$|\1|' \
+		-e 's|^.*src/test/java/\(.*\).java$|\1|' \
+	);
+	# The .java suffix was stripped by sed.
+	if (echo ${stripped_path} | grep ".java$"); then
+		continue;
+	fi
+	
+	fuzzer_basename=$(basename -s .java $fuzzer)
+	fuzzer_classname=$(echo ${stripped_path} | sed 's|/|.|g');
+	
+	# Create an execution wrapper that executes Jazzer with the correct arguments.
+	
+	echo "#!/bin/sh
+# LLVMFuzzerTestOneInput Magic String required for infra/base-images/base-runner/test_all.py. DO NOT REMOVE
+
+
+this_dir=\$(dirname \"\$0\")
+LD_LIBRARY_PATH=\"\$JVM_LD_LIBRARY_PATH\":\$this_dir \
+\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \
+--cp=${RUNTIME_CLASSPATH} \
+--target_class=${fuzzer_classname} \
+--jvm_args=\"-Xmx2048m\" \
+\$@" > $OUT/${fuzzer_basename}
+	chmod u+x $OUT/${fuzzer_basename}
+done
\ No newline at end of file
diff --git a/projects/eclipse-equinox/equinox-fuzzer/pom.xml b/projects/eclipse-equinox/equinox-fuzzer/pom.xml
new file mode 100644
index 000000000..945ab4f7c
--- /dev/null
+++ b/projects/eclipse-equinox/equinox-fuzzer/pom.xml
@@ -0,0 +1,77 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<groupId>ossfuzz</groupId>
+	<artifactId>equinox-fuzzer</artifactId>
+	<version>${fuzzedLibaryVersion}</version>
+	<packaging>jar</packaging>
+	
+	<properties>
+		<maven.compiler.source>15</maven.compiler.source>
+		<maven.compiler.target>15</maven.compiler.target>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<fuzzedLibaryVersion>3.18.200</fuzzedLibaryVersion>
+	</properties>
+
+	<!-- This repositories list is copy and pasted from the projects' main BOM -->
+	
+	<dependencies>
+		<!--
+			On the CI, install the jazzer file with
+		
+				mvn install:install-file -Dfile=${JAZZER_API_PATH} \
+					-DgroupId="com.code-intelligence" \
+					-DartifactId="jazzer-api" \
+					-Dversion="0.14.0" \
+					-Dpackaging=jar
+		
+			in order to avoid mismatching driver/api versions.
+		-->
+		<dependency>
+			<groupId>com.code-intelligence</groupId>
+			<artifactId>jazzer-api</artifactId>
+			<version>0.14.0</version>
+		</dependency>
+		<dependency>
+			<groupId>org.eclipse.osgi</groupId>
+			<artifactId>org.eclipse.osgi</artifactId>
+			<version>${fuzzedLibaryVersion}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.eclipse.platform</groupId>
+			<artifactId>org.eclipse.core.runtime</artifactId>
+			<version>3.26.100</version>
+		</dependency>
+	</dependencies>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-shade-plugin</artifactId>
+				<version>3.3.0</version>
+				<configuration>
+					<filters>
+						<filter>
+							<artifact>*:*</artifact>
+							<excludes>
+								<exclude>META-INF/*.SF</exclude>
+								<exclude>META-INF/*.DSA</exclude>
+								<exclude>META-INF/*.RSA</exclude>
+							</excludes>
+						</filter>
+					</filters>
+				</configuration>
+				<executions>
+					<execution>
+						<phase>package</phase>
+						<goals>
+							<goal>shade</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+		</plugins>
+	</build>
+</project>
\ No newline at end of file
diff --git a/projects/eclipse-equinox/equinox-fuzzer/src/main/java/org/eclipse/osgi/ConditionInfoFuzzer.java b/projects/eclipse-equinox/equinox-fuzzer/src/main/java/org/eclipse/osgi/ConditionInfoFuzzer.java
new file mode 100644
index 000000000..ea8bb7430
--- /dev/null
+++ b/projects/eclipse-equinox/equinox-fuzzer/src/main/java/org/eclipse/osgi/ConditionInfoFuzzer.java
@@ -0,0 +1,46 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+package org.eclipse.osgi;
+
+import org.osgi.service.condpermadmin.ConditionInfo;
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+
+
+public class ConditionInfoFuzzer {
+
+    private FuzzedDataProvider fuzzedDataProvider;
+
+    public ConditionInfoFuzzer(FuzzedDataProvider fuzzedDataProvider) throws Exception {
+        this.fuzzedDataProvider = fuzzedDataProvider;
+    }
+
+    void test() {
+        try {
+            ConditionInfo info = new ConditionInfo(fuzzedDataProvider.consumeRemainingAsAsciiString());
+            info.toString();
+        } catch (IllegalArgumentException ex) {
+            /* ignore */
+        }
+    }
+
+    public static void fuzzerTestOneInput(FuzzedDataProvider fuzzedDataProvider)  throws Exception {
+
+        ConditionInfoFuzzer fixture = new ConditionInfoFuzzer(fuzzedDataProvider);
+        fixture.test();
+    }
+}
\ No newline at end of file
diff --git a/projects/eclipse-equinox/maven-settings.xml b/projects/eclipse-equinox/maven-settings.xml
new file mode 100644
index 000000000..4359e57ec
--- /dev/null
+++ b/projects/eclipse-equinox/maven-settings.xml
@@ -0,0 +1,3 @@
+<settings>
+	<localRepository>${user.home}/.m2/repository</localRepository>
+</settings>
\ No newline at end of file
diff --git a/projects/eclipse-equinox/maven-toolchains.xml b/projects/eclipse-equinox/maven-toolchains.xml
new file mode 100644
index 000000000..8cd4ea353
--- /dev/null
+++ b/projects/eclipse-equinox/maven-toolchains.xml
@@ -0,0 +1,30 @@
+<toolchains>
+	<!-- JDK toolchains -->
+	<toolchain>
+		<type>jdk</type>
+		<provides>
+			<id>JavaSE-1.8</id>
+		</provides>
+		<configuration>
+			<jdkHome>/usr/lib/jvm/java-8-openjdk-amd64</jdkHome>
+		</configuration>
+	</toolchain>
+	<toolchain>
+		<type>jdk</type>
+		<provides>
+			<version>11</version>
+		</provides>
+		<configuration>
+			<jdkHome>/usr/lib/jvm/java-11-openjdk-amd64</jdkHome>
+		</configuration>
+	</toolchain>
+	<toolchain>
+		<type>jdk</type>
+		<provides>
+			<version>17</version>
+		</provides>
+		<configuration>
+			<jdkHome>/usr/lib/jvm/java-17-openjdk-amd64</jdkHome>
+		</configuration>
+	</toolchain>
+</toolchains>
\ No newline at end of file
diff --git a/projects/eclipse-equinox/project.yaml b/projects/eclipse-equinox/project.yaml
new file mode 100644
index 000000000..35610d1b7
--- /dev/null
+++ b/projects/eclipse-equinox/project.yaml
@@ -0,0 +1,15 @@
+homepage: "https://github.com/eclipse-equinox/equinox"
+language: jvm
+main_repo: "https://github.com/eclipse-equinox/equinox"
+fuzzing_engines:
+  - libfuzzer
+sanitizers:
+  - address
+vendor_ccs:
+  - "wagner@code-intelligence.com"
+  - "yakdan@code-intelligence.com"
+  - "glendowne@code-intelligence.com"
+  - "patrice.salathe@code-intelligence.com"
+  - "hlin@code-intelligence.com"
+  - "schaich@code-intelligence.com"
+  - "bug-disclosure@code-intelligence.com"