From 488b4f19557385d7db9416ec0a6f27f41c071938 Mon Sep 17 00:00:00 2001 From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> Date: Mon, 8 Aug 2022 12:59:31 +0100 Subject: [PATCH] jackson-databind: increase coverage (#8179) Signed-off-by: AdamKorcz --- .../jackson-databind/ConvertValueFuzzer.java | 64 +++++++++++++++++++ projects/jackson-databind/Dockerfile | 2 +- projects/jackson-databind/ReadTreeFuzzer.java | 49 ++++++++++++-- projects/jackson-databind/build.sh | 5 +- 4 files changed, 109 insertions(+), 11 deletions(-) create mode 100644 projects/jackson-databind/ConvertValueFuzzer.java diff --git a/projects/jackson-databind/ConvertValueFuzzer.java b/projects/jackson-databind/ConvertValueFuzzer.java new file mode 100644 index 000000000..32bf73c71 --- /dev/null +++ b/projects/jackson-databind/ConvertValueFuzzer.java @@ -0,0 +1,64 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +import com.code_intelligence.jazzer.api.FuzzedDataProvider; +import com.fasterxml.jackson.databind.JsonNode; + +import java.util.*; +import java.lang.IllegalArgumentException; +import com.fasterxml.jackson.databind.ObjectMapper; + +public class ConvertValueFuzzer { + public static Class[] classes = { DummyClass.class, Integer.class, String.class, Byte.class, List.class, Map.class, + TreeMap.class, BitSet.class, TimeZone.class, Date.class, Calendar.class, Locale.class }; + + public static void fuzzerTestOneInput(FuzzedDataProvider data) { + ObjectMapper mapper = new ObjectMapper(); + + try { + int idx = data.consumeInt(0, classes.length - 1); + mapper.convertValue(data.consumeRemainingAsString(), classes[idx]); + } catch (IllegalArgumentException e) { } + } + + public static class DummyClass { + public TreeMap _treeMap; + public List _arrayList; + public Set _hashSet; + public Map _hashMap; + public List _asList = Arrays.asList(1, 2, 3); + public int[] _intArray; + public long[] _longArray; + public short[] _shortArray; + public float[] _floatArray; + public double[] _doubleArray; + public byte[] _byteArray; + public char[] _charArray; + public String[] _stringArray; + public BitSet _bitSet; + public Date _date; + public TimeZone _timeZone; + public Calendar _calendar; + public Locale _locale; + public Integer[] _integerArray; + public boolean _boolean; + public char _char; + public byte _byte; + public short _short; + public int _int; + public float _float; + } +} \ No newline at end of file diff --git a/projects/jackson-databind/Dockerfile b/projects/jackson-databind/Dockerfile index 50766ede5..ade366c0e 100644 --- a/projects/jackson-databind/Dockerfile +++ b/projects/jackson-databind/Dockerfile @@ -40,4 +40,4 @@ RUN git clone --depth 1 https://github.com/FasterXML/jackson-annotations RUN git clone --depth 1 https://github.com/FasterXML/jackson-core COPY build.sh $SRC/ -COPY ObjectReaderFuzzer.java ObjectWriterFuzzer.java ReadTreeFuzzer.java $SRC/ \ No newline at end of file +COPY *Fuzzer.java $SRC/ \ No newline at end of file diff --git a/projects/jackson-databind/ReadTreeFuzzer.java b/projects/jackson-databind/ReadTreeFuzzer.java index 08355e070..51d241962 100644 --- a/projects/jackson-databind/ReadTreeFuzzer.java +++ b/projects/jackson-databind/ReadTreeFuzzer.java @@ -18,6 +18,7 @@ import com.code_intelligence.jazzer.api.FuzzedDataProvider; import com.fasterxml.jackson.databind.JsonNode; import java.util.*; +import java.lang.IllegalArgumentException; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.core.JsonProcessingException; @@ -28,11 +29,47 @@ public class ReadTreeFuzzer { try { JsonNode root = mapper.readTree(data.consumeString(1000000)); - String rootValue = data.consumeString(10000); - if (root.get(rootValue) != null ) { - String rootGet = root.get(rootValue).asText(); - } - String json = mapper.writeValueAsString(root); - } catch (JsonProcessingException e) { } + int target = data.consumeInt(); + switch(target%3) { + case 0: + String rootValue = data.consumeString(10000); + if (root.get(rootValue) != null ) { + String rootGet = root.get(rootValue).asText(); + } + case 1: + String json = mapper.writeValueAsString(root); + case 2: + String treeAt = data.consumeString(100000); + JsonNode node = root.at(treeAt); + DummyClass dc = mapper.treeToValue(node, DummyClass.class); + } + } catch (JsonProcessingException | IllegalArgumentException e) { } + } + public static class DummyClass { + public TreeMap _treeMap; + public List _arrayList; + public Set _hashSet; + public Map _hashMap; + public List _asList = Arrays.asList(1, 2, 3); + public int[] _intArray; + public long[] _longArray; + public short[] _shortArray; + public float[] _floatArray; + public double[] _doubleArray; + public byte[] _byteArray; + public char[] _charArray; + public String[] _stringArray; + public BitSet _bitSet; + public Date _date; + public TimeZone _timeZone; + public Calendar _calendar; + public Locale _locale; + public Integer[] _integerArray; + public boolean _boolean; + public char _char; + public byte _byte; + public short _short; + public int _int; + public float _float; } } \ No newline at end of file diff --git a/projects/jackson-databind/build.sh b/projects/jackson-databind/build.sh index 8ded9fef0..f72cf0a55 100755 --- a/projects/jackson-databind/build.sh +++ b/projects/jackson-databind/build.sh @@ -52,10 +52,7 @@ for fuzzer in $(find $SRC -name '*Fuzzer.java'); do fuzzer_basename=$(basename -s .java $fuzzer) javac -cp $BUILD_CLASSPATH $fuzzer cp $SRC/$fuzzer_basename.class $OUT/ - - if [ "$fuzzer_basename" != "ReadTreeFuzzer" ]; then - cp $SRC/$fuzzer_basename\$DummyClass.class $OUT/ - fi + cp $SRC/$fuzzer_basename\$DummyClass.class $OUT/ # Create an execution wrapper that executes Jazzer with the correct arguments. echo "#!/bin/sh