jackson-databind: fix broken build (#10594)

1. Change java parser 2. Add seed for `RandomClass` fuzzer 3. Bump branch to fuzz. Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-06-26 13:36:18 +01:00 · 2023-06-26 13:36:18 +01:00 · 54fcd7868c
parent c9485cb75e
commit 54fcd7868c
3 changed files with 16 additions and 17 deletions
--- a/projects/jackson-databind/Dockerfile
+++ b/projects/jackson-databind/Dockerfile
@ -30,9 +30,9 @@ RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \
    zip -q $SRC/ObjectWriterFuzzer_seed_corpus.zip go-fuzz-corpus/json/corpus/* && \
    rm -rf go-fuzz-corpus

-RUN git clone --depth 1 --branch 2.15 https://github.com/FasterXML/jackson-databind
+RUN git clone --depth 1 --branch 2.16 https://github.com/FasterXML/jackson-databind

-RUN git clone --depth 1 https://github.com/forge/roaster
+RUN git clone --depth 1 https://github.com/javaparser/javaparser

 # Seed files
 RUN git clone --depth 1 https://github.com/AdamKorcz/github-samples
--- a/projects/jackson-databind/ObjectReaderRandomClassFuzzer.java
+++ b/projects/jackson-databind/ObjectReaderRandomClassFuzzer.java
@ -43,8 +43,8 @@ import javax.tools.StandardJavaFileManager;
 import javax.tools.StandardLocation; 
 import javax.tools.ToolProvider;

-import org.jboss.forge.roaster.Roaster;
-import org.jboss.forge.roaster.Problem;
+import static com.github.javaparser.StaticJavaParser.*;
+import com.github.javaparser.ParseProblemException;

 import java.nio.file.Files;
 import java.nio.file.Path;
@ -57,11 +57,8 @@ public class ObjectReaderRandomClassFuzzer {

        // Sanity check: Do we have valid java code? If not, exit early.
        try {
-            List<Problem> problems = Roaster.validateSnippet(classString);
-            if (problems.size()>0) {
-                return;
-            }            
-        } catch (ArrayIndexOutOfBoundsException e) {
+	    parse(classString); // StaticJavaParser.parse()
+        } catch (ArrayIndexOutOfBoundsException | ParseProblemException e) {
            return;
        }

@ -178,11 +175,12 @@ public class ObjectReaderRandomClassFuzzer {
            ///////////////////////////

            // create an empty source file 
-            sourceFile = File.createTempFile("RandomFuzz", ".java"); 
+	    sourceFile = new File("/tmp/RandomFuzzClass.java");
+	    sourceFile.createNewFile();
            sourceFile.deleteOnExit();
     
            // generate the source code, using the source filename as the class name
-            classname = sourceFile.getName().split("\\.")[0]; 
+	    classname = "RandomFuzzClass";
            String sourceCode = "public class " + classname + "{" + classString + "}";
     
            // write the source code into the source file
@ -309,4 +307,4 @@ public class ObjectReaderRandomClassFuzzer {
           return;
        }
    }
-}
+}
--- a/projects/jackson-databind/build.sh
+++ b/projects/jackson-databind/build.sh
@ -15,15 +15,16 @@
 #
 ################################################################################

-cd $SRC/roaster
-$MVN clean install
-cp ./api/target/roaster-api-2.28.1-SNAPSHOT.jar $OUT/roaster.jar
-cp ./impl/target/roaster-jdt-2.28.1-SNAPSHOT.jar $OUT/roaster-jdt.jar
+cd $SRC/javaparser
+$MVN package -DskipTests
+cp javaparser-core/target/javaparser-core-3.25.4-SNAPSHOT.jar $OUT/javaparser-core.jar
+cp javaparser-symbol-solver-core/target/javaparser-symbol-solver-core-3.25.4-SNAPSHOT.jar $OUT/javaparser-symbol-solver.jar
 cd $SRC/jackson-databind

 # Move seed corpus and dictionary.
 mv $SRC/{*.zip,*.dict} $OUT
 mv $SRC/github-samples/jackson/*.zip $OUT/
+zip $OUT/ObjectReaderRandomClassFuzzer_seed_corpus.zip $SRC/javaparser/javaparser-core/src/main/java/com/github/javaparser/Processor.java

 # jackson-databind
 MAVEN_ARGS="-Djavac.src.version=15 -Djavac.target.version=15 -DskipTests"
@ -46,7 +47,7 @@ CURRENT_VERSION=$($MVN org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate
 -Dexpression=project.version -q -DforceStdout -f "jackson-annotations/pom.xml")
 cp "jackson-annotations/target/jackson-annotations-$CURRENT_VERSION.jar" "$OUT/jackson-annotations.jar"

-ALL_JARS="jackson-databind.jar jackson-core.jar jackson-annotations.jar roaster.jar roaster-jdt.jar"
+ALL_JARS="jackson-databind.jar jackson-core.jar jackson-annotations.jar javaparser-symbol-solver.jar javaparser-core.jar"

 # The classpath at build-time includes the project jars in $OUT as well as the
 # Jazzer API.