diff --git a/projects/spring-security/Dockerfile b/projects/spring-security/Dockerfile index 16d84b9f5..9ca775939 100644 --- a/projects/spring-security/Dockerfile +++ b/projects/spring-security/Dockerfile @@ -23,6 +23,7 @@ RUN git clone --depth 1 https://github.com/spring-projects/spring-security COPY build.sh $SRC/ COPY *Fuzzer.java $SRC/ COPY oauth2-core/*Fuzzer.java $SRC/ +COPY oauth2-client/*Fuzzer.java $SRC/ COPY acl/*Fuzzer.java $SRC/ COPY *.patch $SRC/ diff --git a/projects/spring-security/build.sh b/projects/spring-security/build.sh index e50e72695..fe99bb1a1 100755 --- a/projects/spring-security/build.sh +++ b/projects/spring-security/build.sh @@ -34,6 +34,7 @@ GRADLE_ARGS="-x test -x javadoc" ./gradlew shadowJar $GRADLE_ARGS -b test/spring-security-test.gradle ./gradlew shadowJar $GRADLE_ARGS -b oauth2/oauth2-core/spring-security-oauth2-core.gradle ./gradlew shadowJar $GRADLE_ARGS -b acl/spring-security-acl.gradle +./gradlew shadowJar $GRADLE_ARGS -b oauth2/oauth2-client/spring-security-oauth2-client.gradle # Copy all shadow jars to the $OUT folder find . -name "*-all.jar" -print0 | while read -d $'\0' file diff --git a/projects/spring-security/diff.patch b/projects/spring-security/diff.patch index ba2b9796c..18b3200fe 100644 --- a/projects/spring-security/diff.patch +++ b/projects/spring-security/diff.patch @@ -1,3 +1,12 @@ +diff --git a/oauth2/oauth2-client/spring-security-oauth2-client.gradle b/oauth2/oauth2-client/spring-security-oauth2-client.gradle +index 0666a90..94c14cd 100644 +--- a/oauth2/oauth2-client/spring-security-oauth2-client.gradle ++++ b/oauth2/oauth2-client/spring-security-oauth2-client.gradle +@@ -1,3 +1,4 @@ ++apply plugin: "com.github.johnrengelman.shadow" + apply plugin: 'io.spring.convention.spring-module' + + dependencies { diff --git a/acl/spring-security-acl.gradle b/acl/spring-security-acl.gradle index 976d8d4..f01b423 100644 --- a/acl/spring-security-acl.gradle diff --git a/projects/spring-security/oauth2-client/ClientRegistrationFuzzer.java b/projects/spring-security/oauth2-client/ClientRegistrationFuzzer.java new file mode 100644 index 000000000..6872703d3 --- /dev/null +++ b/projects/spring-security/oauth2-client/ClientRegistrationFuzzer.java @@ -0,0 +1,102 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +import com.code_intelligence.jazzer.api.FuzzedDataProvider; + +import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails; +import org.springframework.security.oauth2.core.ClientAuthenticationMethod; +import org.springframework.security.oauth2.core.AuthenticationMethod; +import org.springframework.security.oauth2.core.AuthorizationGrantType; + +import java.util.Collections; +import java.util.LinkedHashMap; +import java.util.stream.Stream; +import java.util.Map; +import java.util.Set; + +public class ClientRegistrationFuzzer { + + public static void fuzzerTestOneInput(FuzzedDataProvider data) { + + + String registration = "registration-1"; + String scope = "email"; + String clientName = "Client 1"; + String clientId = "client-1"; + String clientSecret = "secret"; + String uri = "https://example.com"; + String config = "config-1"; + String value = "value-1"; + + int switchInput = data.consumeInt(0,7); + switch(switchInput) { + case 0 : + registration = data.consumeRemainingAsString(); + break; + case 1 : + scope = data.consumeRemainingAsString(); + break; + case 2 : + clientName = data.consumeRemainingAsString(); + break; + case 3 : + clientId = data.consumeRemainingAsString(); + break; + case 4 : + clientSecret = data.consumeRemainingAsString(); + break; + case 5 : + uri = data.consumeRemainingAsString(); + break; + case 6 : + config = data.consumeRemainingAsString(); + break; + case 7 : + value = data.consumeRemainingAsString(); + break; + } + + Map configurationMetadata = new LinkedHashMap<>(); + configurationMetadata.put(config, value); + Map PROVIDER_CONFIGURATION_METADATA = Collections + .unmodifiableMap(configurationMetadata); + + ClientRegistration clientRegistration = null; + try { + clientRegistration = ClientRegistration.withRegistrationId(registration) + .clientId(clientId) + .clientSecret(clientSecret) + .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) + .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) + .redirectUri(uri) + .scope(scope) + .authorizationUri(uri) + .tokenUri(uri) + .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) + .issuerUri(uri) + .providerConfigurationMetadata(null) + .jwkSetUri(uri) + .clientName(clientName) + .build(); + + ProviderDetails pd = clientRegistration.getProviderDetails(); + } + catch (IllegalArgumentException iae){} + + } + +}