[jetty] fix build failure, migrate to jazzer-junit (#9704)

2023-02-15 15:45:57 +01:00 · 2023-02-15 15:45:57 +01:00 · 6b039458bc
parent a74e976d46
commit 6b039458bc
7 changed files with 196 additions and 79 deletions
--- a/projects/jetty/.gitignore
+++ b/projects/jetty/.gitignore
@ -0,0 +1,4 @@
+project-parent/jetty
+project-parent/fuzz-targets/target
+project-parent/fuzz-targets/src/test/resources
+project-parent/fuzz-targets/pom.xml.versionsBackup
--- a/projects/jetty/Dockerfile
+++ b/projects/jetty/Dockerfile
@ -16,26 +16,21 @@

 FROM gcr.io/oss-fuzz-base/base-builder-jvm

-RUN curl -L https://archive.apache.org/dist/maven/maven-3/3.8.6/binaries/apache-maven-3.8.6-bin.zip -o maven.zip && \
+RUN curl -L https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip -o maven.zip && \
    unzip maven.zip -d $SRC/maven && \
    rm -rf maven.zip

-ENV MVN $SRC/maven/apache-maven-3.8.6/bin/mvn
+ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn

-RUN git clone --depth 1 https://github.com/google/fuzzing
-RUN cat fuzzing/dictionaries/http.dict \
-      > $SRC/ServerHandlersFuzzer.dict
+# if not set python infra helper cannot be used for local testing

-RUN cat fuzzing/dictionaries/url.dict \
-      > $SRC/ServerHandlersFuzzer.dict
+COPY project-parent $SRC/project-parent/

-RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \
-    zip -q $SRC/ServerHandlersFuzzer_seed_corpus.zip go-fuzz-corpus/httpreq/corpus/*
+RUN rm -rf $SRC/project-parent/jetty
+RUN git clone --depth 1 https://github.com/eclipse/jetty.project $SRC/project-parent/jetty

-
-RUN git clone --depth 1 https://github.com/eclipse/jetty.project.git
+# required by jetty's asciidoctor-maven-plugin
+RUN apt-get update && apt-get -y install fontconfig

 COPY build.sh $SRC/
-COPY *Fuzzer.java $SRC/
-COPY pom.patch $SRC/jetty.project
-WORKDIR $SRC/jetty.project
+WORKDIR $SRC/
--- a/projects/jetty/build.sh
+++ b/projects/jetty/build.sh
@ -1,5 +1,5 @@
-#!/bin/bash
-# Copyright 2022 Google LLC
+#!/bin/bash -eu
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -15,49 +15,71 @@
 #
 ################################################################################

-mv $SRC/{*.zip,*.dict} $OUT
+PROJECT=jetty
+PROJECT_GROUP_ID=org.eclipse.jetty
+PROJECT_ARTIFACT_ID=jetty-project
+MAIN_REPOSITORY=https://github.com/eclipse/jetty.project

-patch pom.xml pom.patch
-export MAVEN_OPTS="-Xmx1G"
-MAVEN_ARGS="-Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15"
-$MVN package $MAVEN_ARGS
-JETTY_VERSION=$($MVN help:evaluate -Dexpression=project.version -q -DforceStdout)
-cp $SRC/jetty.project/jetty-home/target/jetty-home/lib/jetty-http-$JETTY_VERSION.jar $OUT/jetty-http.jar
-cp $SRC/jetty.project/jetty-home/target/jetty-home/lib/jetty-server-$JETTY_VERSION.jar $OUT/jetty-server.jar
-cp $SRC/jetty.project/jetty-home/target/jetty-home/lib/jetty-util-$JETTY_VERSION.jar $OUT/jetty-util.jar
-cp $SRC/jetty.project/jetty-home/target/jetty-home/lib/jetty-io-$JETTY_VERSION.jar $OUT/jetty-io.jar
-cp $SRC/jetty.project/jetty-runner/target/jetty-runner-$JETTY_VERSION.jar $OUT/jetty-runner.jar
+MAVEN_ARGS="-Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15 -Denforcer.skip=true -DskipTests"

-ALL_JARS="jetty-util.jar jetty-server.jar jetty-http.jar jetty-io.jar jetty-runner.jar"

-# The classpath at build-time includes the project jars in $OUT as well as the
-# Jazzer API.
-BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH
+function set_project_version_in_fuzz_targets_dependency {
+  PROJECT_VERSION=$(cd $PROJECT && $MVN org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout)
+  # set dependency project version in fuzz-targets
+  (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-http -DdepVersion=$PROJECT_VERSION -DforceVersion=true)
+  (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-server -DdepVersion=$PROJECT_VERSION -DforceVersion=true)
+  (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-util -DdepVersion=$PROJECT_VERSION -DforceVersion=true)
+  (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-io -DdepVersion=$PROJECT_VERSION -DforceVersion=true)
+  (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-runner -DdepVersion=$PROJECT_VERSION -DforceVersion=true)
+}

-# All .jar and .class files lie in the same directory as the fuzzer at runtime.
-RUNTIME_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir
+cd project-parent

-for fuzzer in $(find $SRC -maxdepth 1 -name '*Fuzzer.java'); do
-  fuzzer_basename=$(basename -s .java $fuzzer)
-  javac -cp $BUILD_CLASSPATH $fuzzer
-  cp $SRC/[$fuzzer_basename]*.class $OUT/
+# LOCAL_DEV env variable need to be set in local development env
+if [[ -v LOCAL_DEV ]]; then
+
+  # checkout latest project version
+  git -C $PROJECT pull || git clone $MAIN_REPOSITORY $PROJECT
+
+  set_project_version_in_fuzz_targets_dependency
+
+  #install
+  (cd $PROJECT && $MVN install $MAVEN_ARGS) 
+  $MVN -pl fuzz-targets install

-  # Create an execution wrapper that executes Jazzer with the correct arguments.
-  echo "#!/bin/bash
-# LLVMFuzzerTestOneInput for fuzzer detection.
-this_dir=\$(dirname \"\$0\")
-if [[ \"\$@\" =~ (^| )-runs=[0-9]+($| ) ]]; then
-  mem_settings='-Xmx1900m:-Xss900k'
 else
-  mem_settings='-Xmx2048m:-Xss1024k'
-fi
-JAVA_HOME=\"\$this_dir/open-jdk/\" \
-LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \
-\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \
--cp=$RUNTIME_CLASSPATH \
--target_class=$fuzzer_basename \
-rss_limit_mb=0 \
--jvm_args=\"\$mem_settings\" \
-\$@" > $OUT/$fuzzer_basename
-  chmod u+x $OUT/$fuzzer_basename
-done
+  # Move seed corpus and dictionary.
+  # mv $SRC/{*.zip,*.dict} $OUT
+  
+  set_project_version_in_fuzz_targets_dependency
+
+  #install
+  (cd $PROJECT && $MVN install $MAVEN_ARGS -Dmaven.repo.local=$OUT/m2)
+  $MVN -pl fuzz-targets install -Dmaven.repo.local=$OUT/m2
+
+  # build classpath
+  $MVN -pl fuzz-targets dependency:build-classpath -Dmdep.outputFile=cp.txt -Dmaven.repo.local=$OUT/m2
+  cp -r $SRC/project-parent/fuzz-targets/target/test-classes $OUT/
+  RUNTIME_CLASSPATH_ABSOLUTE="$(cat fuzz-targets/cp.txt):$OUT/test-classes"
+  RUNTIME_CLASSPATH_RELATIVE=$(echo $RUNTIME_CLASSPATH_ABSOLUTE | sed "s|$OUT|.|g")
+
+  for fuzzer in $(find $SRC/project-parent/fuzz-targets -name '*Fuzzer.java'); do
+    fuzzer_basename=$(basename -s .java $fuzzer)
+
+    # Create an execution wrapper for every fuzztarget
+    echo "#!/bin/bash
+  # LLVMFuzzerTestOneInput comment for fuzzer detection by infrastructure.
+  if [[ \"\$@\" =~ (^| )-runs=[0-9]+($| ) ]]; then
+    mem_settings='-Xmx1900m -Xss900k'
+  else
+    mem_settings='-Xmx2048m -Xss1024k'
+  fi
+  java -cp $RUNTIME_CLASSPATH_RELATIVE \
+  \$mem_settings \
+  com.code_intelligence.jazzer.Jazzer \
+  --target_class=com.example.$fuzzer_basename \
+  \$@" > $OUT/$fuzzer_basename
+    chmod u+x $OUT/$fuzzer_basename
+  done
+
+fi
--- a/projects/jetty/pom.patch
+++ b/projects/jetty/pom.patch
@ -1,13 +0,0 @@
-diff --git a/pom.xml b/pom.xml
-index ff6c4d1e21..be7dd7efb3 100644
--- a/pom.xml
-+++ b/pom.xml
-@@ -244,7 +244,6 @@
-     <module>jetty-alpn</module>
-     <module>jetty-home</module>
-     <module>jetty-bom</module>
-    <module>documentation</module>
-     <module>jetty-keystore</module>
-     <module>jetty-p2</module>
-     <module>jetty-unixdomain-server</module>
-
--- a/projects/jetty/project-parent/fuzz-targets/pom.xml
+++ b/projects/jetty/project-parent/fuzz-targets/pom.xml
@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.fuzzer</groupId>
+    <artifactId>fuzz-targets</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <name>fuzz</name>
+    <description>fuzz</description>
+
+    <properties>
+        <java.version>11</java.version>
+        <maven.compiler.source>11</maven.compiler.source>
+        <maven.compiler.target>11</maven.compiler.target>
+    </properties>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>com.code-intelligence</groupId>
+            <artifactId>jazzer-junit</artifactId>
+            <version>0.15.0</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-engine</artifactId>
+            <version>5.9.0</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-http</artifactId>
+            <version>Fuzzing-SNAPSHOT</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-server</artifactId>
+            <version>Fuzzing-SNAPSHOT</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-util</artifactId>
+            <version>Fuzzing-SNAPSHOT</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-io</artifactId>
+            <version>Fuzzing-SNAPSHOT</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-runner</artifactId>
+            <version>Fuzzing-SNAPSHOT</version>
+        </dependency>
+
+        <dependency>
+        <groupId>org.junit.platform</groupId>
+        <artifactId>junit-platform-launcher</artifactId>
+        <version>1.9.2</version>
+        </dependency>
+
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.22.2</version>
+            </plugin>
+        </plugins>
+        <testResources>
+            <testResource>
+                <directory>${project.basedir}/src/test/resources</directory>
+            </testResource>
+        </testResources>
+    </build>
+
+</project>
--- a/projects/jetty/project-parent/fuzz-targets/src/test/java/com/example/ServerHandlersFuzzer.java
+++ b/projects/jetty/project-parent/fuzz-targets/src/test/java/com/example/ServerHandlersFuzzer.java
@ -14,27 +14,32 @@
 //
 //////////////////////////////////////////////////////////////////////////////////

+package com.example;
+
 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
-import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow;
-
-import org.eclipse.jetty.server.*;
-import org.eclipse.jetty.server.handler.*;
+import com.code_intelligence.jazzer.junit.FuzzTest;
 import org.eclipse.jetty.io.NullByteBufferPool;
+import org.eclipse.jetty.server.Handler;
+import org.eclipse.jetty.server.HttpConnectionFactory;
+import org.eclipse.jetty.server.LocalConnector;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.handler.*;
+import org.junit.jupiter.api.BeforeAll;

-import java.io.File;
 import java.util.Collection;


-public class ServerHandlersFuzzer {
+class ServerHandlersFuzzer {
    static Server _server;
    static LocalConnector _connector;
    static HandlerCollection handlers;
-    static String methods_arr [] = {"GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS", "PATCH"};
-    static Handler handler_arr [] = {new AsyncDelayHandler(), new BufferedResponseHandler(), new ContextHandler(), new DefaultHandler(), new ErrorHandler(), new FileBufferedResponseHandler(),
+    static String[] methods_arr = {"GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS", "PATCH"};
+    static Handler[] handler_arr = {new AsyncDelayHandler(), new BufferedResponseHandler(), new ContextHandler(), new DefaultHandler(), new ErrorHandler(), new FileBufferedResponseHandler(),
            new HotSwapHandler(), new IdleTimeoutHandler(), new InetAccessHandler(), new MovedContextHandler(), new RequestLogHandler(), new ResourceHandler(), new SecuredRedirectHandler(),
            new ThreadLimitHandler()};

-    public static void fuzzerInitialize() {
+    @BeforeAll
+    static void setup() {
        _server = new Server();
        _server.addBean(new NullByteBufferPool());
        _connector = new LocalConnector(_server, new HttpConnectionFactory(), null);
@ -42,7 +47,8 @@ public class ServerHandlersFuzzer {
        _server.addConnector(_connector);
    }

-    public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+    @FuzzTest
+    void getResponse(FuzzedDataProvider data) {
        Collection<Handler> handlersCollection = data.pickValues(handler_arr, data.consumeInt(0, handler_arr.length));
        String method = data.pickValue(methods_arr);
        String str = data.consumeString(1000);
@ -64,7 +70,7 @@ public class ServerHandlersFuzzer {
        }

        try {
-            String response = _connector.getResponse(method + " /" + str + " HTTP/1.0\r\n" + str1 + "\r\n\r\n" + str2);
+            _connector.getResponse(method + " /" + str + " HTTP/1.0\r\n" + str1 + "\r\n\r\n" + str2);
        } catch (Exception e) {
        }

@ -74,4 +80,5 @@ public class ServerHandlersFuzzer {
            throw new RuntimeException("Server stop error!");
        }
    }
+
 }
--- a/projects/jetty/project-parent/pom.xml
+++ b/projects/jetty/project-parent/pom.xml
@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>com.fuzzer</groupId>
+  <artifactId>project-parent</artifactId>
+  <version>0.1.0</version>
+  <packaging>pom</packaging>
+
+  <modules>
+    <module>jetty</module>
+    <module>fuzz-targets</module>
+  </modules>
+
+</project>