From 66f0278fb3be73ddd6d0f14e2d2d75f259aec6eb Mon Sep 17 00:00:00 2001 From: "Patrice.S" Date: Tue, 9 Aug 2022 14:22:27 +0200 Subject: [PATCH] spring-framework: create fuzz target for ApplicationContext (#8191) Create fuzz target for ApplicationContext --- projects/spring-framework/Dockerfile | 8 +++++ .../XmlApplicationContextFuzzer.java | 31 +++++++++++++++++++ projects/spring-framework/build.sh | 6 +++- 3 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 projects/spring-framework/XmlApplicationContextFuzzer.java diff --git a/projects/spring-framework/Dockerfile b/projects/spring-framework/Dockerfile index 3c0343e38..f63316512 100644 --- a/projects/spring-framework/Dockerfile +++ b/projects/spring-framework/Dockerfile @@ -18,6 +18,14 @@ FROM gcr.io/oss-fuzz-base/base-builder-jvm RUN apt update && apt install -y openjdk-17-jdk +RUN git clone --depth 1 https://github.com/google/fuzzing && \ + mv fuzzing/dictionaries/xml.dict $SRC/GenericXmlApplicationContextFuzzer.dict && \ + rm -rf fuzzing + +RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \ + zip -j $SRC/GenericXmlApplicationContextFuzzer_seed_corpus.zip go-fuzz-corpus/xml/corpus/* && \ + rm -rf go-fuzz-corpus + RUN git clone --depth 1 https://github.com/spring-projects/spring-framework COPY build.sh $SRC/ diff --git a/projects/spring-framework/XmlApplicationContextFuzzer.java b/projects/spring-framework/XmlApplicationContextFuzzer.java new file mode 100644 index 000000000..2c6a8d846 --- /dev/null +++ b/projects/spring-framework/XmlApplicationContextFuzzer.java @@ -0,0 +1,31 @@ +import com.code_intelligence.jazzer.api.FuzzedDataProvider; + +import java.util.*; +import java.nio.file.Files; +import org.springframework.context.support.FileSystemXmlApplicationContext; +import org.springframework.context.ApplicationContext; +import java.nio.file.Path; +import java.io.IOException; +import org.springframework.beans.factory.BeanDefinitionStoreException; + +public class XmlApplicationContextFuzzer { + + public static void fuzzerTestOneInput(FuzzedDataProvider data) { + String path = data.consumeString(50); + + try { + Path tempFile = Files.createTempFile("dummy", ".xml"); + Files.writeString(tempFile, data.consumeRemainingAsString()); + + ApplicationContext ctx = new FileSystemXmlApplicationContext("file:" + tempFile.toAbsolutePath().toString()); + + ctx.getApplicationName(); + ctx.getDisplayName(); + ctx.getParent(); + ctx.getResource(path); + ctx.getClassLoader(); + + Files.delete(tempFile); + } catch (IOException|BeanDefinitionStoreException e) {} + } +} diff --git a/projects/spring-framework/build.sh b/projects/spring-framework/build.sh index d13126c0a..1abea1f13 100755 --- a/projects/spring-framework/build.sh +++ b/projects/spring-framework/build.sh @@ -15,6 +15,8 @@ # ################################################################################ +mv $SRC/{*.zip,*.dict} $OUT + export JAVA_HOME="$OUT/open-jdk-17" mkdir -p $JAVA_HOME rsync -aL --exclude=*.zip "/usr/lib/jvm/java-17-openjdk-amd64/" "$JAVA_HOME" @@ -42,8 +44,10 @@ CURRENT_VERSION=$(./gradlew properties --console=plain | sed -nr "s/^version:\ ( ./gradlew shadowJar --build-file spring-core/spring-core.gradle -x javadoc -x test cp "spring-core/build/libs/spring-core-$CURRENT_VERSION-all.jar" "$OUT/spring-core.jar" cp "spring-web/build/libs/spring-web-$CURRENT_VERSION.jar" "$OUT/spring-web.jar" +cp "spring-context/build/libs/spring-context-$CURRENT_VERSION.jar" "$OUT/spring-context.jar" +cp "spring-beans/build/libs/spring-beans-$CURRENT_VERSION.jar" "$OUT/spring-beans.jar" -ALL_JARS="spring-web.jar spring-core.jar" +ALL_JARS="spring-web.jar spring-core.jar spring-context.jar spring-beans.jar" # The classpath at build-time includes the project jars in $OUT as well as the # Jazzer API.