spring-security: initial integration spring-security-oauth2-client (#8745)

2022-10-12 19:54:07 +02:00 · 2022-10-12 19:54:07 +02:00 · 47979d0064
parent 610bc8e53e
commit 47979d0064
4 changed files with 113 additions and 0 deletions
--- a/projects/spring-security/Dockerfile
+++ b/projects/spring-security/Dockerfile
@ -23,6 +23,7 @@ RUN git clone --depth 1 https://github.com/spring-projects/spring-security
 COPY build.sh $SRC/
 COPY *Fuzzer.java $SRC/
 COPY oauth2-core/*Fuzzer.java $SRC/
+COPY oauth2-client/*Fuzzer.java $SRC/
 COPY acl/*Fuzzer.java $SRC/
 COPY *.patch $SRC/

--- a/projects/spring-security/build.sh
+++ b/projects/spring-security/build.sh
@ -34,6 +34,7 @@ GRADLE_ARGS="-x test -x javadoc"
 ./gradlew shadowJar $GRADLE_ARGS -b test/spring-security-test.gradle
 ./gradlew shadowJar $GRADLE_ARGS -b oauth2/oauth2-core/spring-security-oauth2-core.gradle
 ./gradlew shadowJar $GRADLE_ARGS -b acl/spring-security-acl.gradle
+./gradlew shadowJar $GRADLE_ARGS -b oauth2/oauth2-client/spring-security-oauth2-client.gradle

 # Copy all shadow jars to the $OUT folder
 find . -name "*-all.jar" -print0 | while read -d $'\0' file
--- a/projects/spring-security/diff.patch
+++ b/projects/spring-security/diff.patch
@ -1,3 +1,12 @@
+diff --git a/oauth2/oauth2-client/spring-security-oauth2-client.gradle b/oauth2/oauth2-client/spring-security-oauth2-client.gradle
+index 0666a90..94c14cd 100644
+--- a/oauth2/oauth2-client/spring-security-oauth2-client.gradle
+++ b/oauth2/oauth2-client/spring-security-oauth2-client.gradle
+@@ -1,3 +1,4 @@
+apply plugin: "com.github.johnrengelman.shadow"
+ apply plugin: 'io.spring.convention.spring-module'
+ 
+ dependencies {
 diff --git a/acl/spring-security-acl.gradle b/acl/spring-security-acl.gradle
 index 976d8d4..f01b423 100644
 --- a/acl/spring-security-acl.gradle
--- a/projects/spring-security/oauth2-client/ClientRegistrationFuzzer.java
+++ b/projects/spring-security/oauth2-client/ClientRegistrationFuzzer.java
@ -0,0 +1,102 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+import org.springframework.security.oauth2.core.AuthenticationMethod;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.stream.Stream;
+import java.util.Map;
+import java.util.Set;
+
+public class ClientRegistrationFuzzer {
+
+     public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+
+        
+        String registration = "registration-1";
+        String scope = "email";
+        String clientName = "Client 1";
+        String clientId = "client-1";
+        String clientSecret = "secret";
+        String uri = "https://example.com";
+        String config = "config-1";
+        String value = "value-1";
+
+        int switchInput = data.consumeInt(0,7);
+        switch(switchInput) {
+            case 0 : 
+                registration = data.consumeRemainingAsString();
+                break;
+            case 1 :
+                scope = data.consumeRemainingAsString();
+                break;
+            case 2 :
+                clientName = data.consumeRemainingAsString();
+                break;
+            case 3 :
+                clientId = data.consumeRemainingAsString();
+                break;
+            case 4 :
+                clientSecret = data.consumeRemainingAsString();
+                break;
+            case 5 :
+                uri = data.consumeRemainingAsString();
+                break;
+            case 6 :
+                config = data.consumeRemainingAsString();
+                break;
+            case 7 :
+                value = data.consumeRemainingAsString();
+                break;
+        }
+
+        Map<String, Object> configurationMetadata = new LinkedHashMap<>();
+            configurationMetadata.put(config, value);
+        Map<String, Object> PROVIDER_CONFIGURATION_METADATA = Collections
+            .unmodifiableMap(configurationMetadata);
+
+        ClientRegistration clientRegistration = null;
+        try {
+            clientRegistration = ClientRegistration.withRegistrationId(registration)
+                .clientId(clientId)
+                .clientSecret(clientSecret)
+                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
+                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+                .redirectUri(uri)
+                .scope(scope)
+                .authorizationUri(uri)
+                .tokenUri(uri)
+                .userInfoAuthenticationMethod(AuthenticationMethod.HEADER)
+                .issuerUri(uri)
+                .providerConfigurationMetadata(null)
+                .jwkSetUri(uri)
+                .clientName(clientName)
+                .build();
+
+            ProviderDetails pd = clientRegistration.getProviderDetails();
+        }
+        catch (IllegalArgumentException iae){}
+
+    }
+
+}