diff --git a/projects/jetty/.gitignore b/projects/jetty/.gitignore new file mode 100644 index 000000000..be62d874c --- /dev/null +++ b/projects/jetty/.gitignore @@ -0,0 +1,4 @@ +project-parent/jetty +project-parent/fuzz-targets/target +project-parent/fuzz-targets/src/test/resources +project-parent/fuzz-targets/pom.xml.versionsBackup \ No newline at end of file diff --git a/projects/jetty/Dockerfile b/projects/jetty/Dockerfile index bbf5ab791..ffd68fdce 100644 --- a/projects/jetty/Dockerfile +++ b/projects/jetty/Dockerfile @@ -16,26 +16,21 @@ FROM gcr.io/oss-fuzz-base/base-builder-jvm -RUN curl -L https://archive.apache.org/dist/maven/maven-3/3.8.6/binaries/apache-maven-3.8.6-bin.zip -o maven.zip && \ +RUN curl -L https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip -o maven.zip && \ unzip maven.zip -d $SRC/maven && \ rm -rf maven.zip -ENV MVN $SRC/maven/apache-maven-3.8.6/bin/mvn +ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn -RUN git clone --depth 1 https://github.com/google/fuzzing -RUN cat fuzzing/dictionaries/http.dict \ - > $SRC/ServerHandlersFuzzer.dict +# if not set python infra helper cannot be used for local testing -RUN cat fuzzing/dictionaries/url.dict \ - > $SRC/ServerHandlersFuzzer.dict +COPY project-parent $SRC/project-parent/ -RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \ - zip -q $SRC/ServerHandlersFuzzer_seed_corpus.zip go-fuzz-corpus/httpreq/corpus/* +RUN rm -rf $SRC/project-parent/jetty +RUN git clone --depth 1 https://github.com/eclipse/jetty.project $SRC/project-parent/jetty - -RUN git clone --depth 1 https://github.com/eclipse/jetty.project.git +# required by jetty's asciidoctor-maven-plugin +RUN apt-get update && apt-get -y install fontconfig COPY build.sh $SRC/ -COPY *Fuzzer.java $SRC/ -COPY pom.patch $SRC/jetty.project -WORKDIR $SRC/jetty.project \ No newline at end of file +WORKDIR $SRC/ \ No newline at end of file diff --git a/projects/jetty/build.sh b/projects/jetty/build.sh index c70a1808b..1c073ac4c 100755 --- a/projects/jetty/build.sh +++ b/projects/jetty/build.sh @@ -1,5 +1,5 @@ -#!/bin/bash -# Copyright 2022 Google LLC +#!/bin/bash -eu +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,49 +15,71 @@ # ################################################################################ -mv $SRC/{*.zip,*.dict} $OUT +PROJECT=jetty +PROJECT_GROUP_ID=org.eclipse.jetty +PROJECT_ARTIFACT_ID=jetty-project +MAIN_REPOSITORY=https://github.com/eclipse/jetty.project -patch pom.xml pom.patch -export MAVEN_OPTS="-Xmx1G" -MAVEN_ARGS="-Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15" -$MVN package $MAVEN_ARGS -JETTY_VERSION=$($MVN help:evaluate -Dexpression=project.version -q -DforceStdout) -cp $SRC/jetty.project/jetty-home/target/jetty-home/lib/jetty-http-$JETTY_VERSION.jar $OUT/jetty-http.jar -cp $SRC/jetty.project/jetty-home/target/jetty-home/lib/jetty-server-$JETTY_VERSION.jar $OUT/jetty-server.jar -cp $SRC/jetty.project/jetty-home/target/jetty-home/lib/jetty-util-$JETTY_VERSION.jar $OUT/jetty-util.jar -cp $SRC/jetty.project/jetty-home/target/jetty-home/lib/jetty-io-$JETTY_VERSION.jar $OUT/jetty-io.jar -cp $SRC/jetty.project/jetty-runner/target/jetty-runner-$JETTY_VERSION.jar $OUT/jetty-runner.jar +MAVEN_ARGS="-Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15 -Denforcer.skip=true -DskipTests" -ALL_JARS="jetty-util.jar jetty-server.jar jetty-http.jar jetty-io.jar jetty-runner.jar" -# The classpath at build-time includes the project jars in $OUT as well as the -# Jazzer API. -BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH +function set_project_version_in_fuzz_targets_dependency { + PROJECT_VERSION=$(cd $PROJECT && $MVN org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout) + # set dependency project version in fuzz-targets + (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-http -DdepVersion=$PROJECT_VERSION -DforceVersion=true) + (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-server -DdepVersion=$PROJECT_VERSION -DforceVersion=true) + (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-util -DdepVersion=$PROJECT_VERSION -DforceVersion=true) + (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-io -DdepVersion=$PROJECT_VERSION -DforceVersion=true) + (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-runner -DdepVersion=$PROJECT_VERSION -DforceVersion=true) +} -# All .jar and .class files lie in the same directory as the fuzzer at runtime. -RUNTIME_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir +cd project-parent -for fuzzer in $(find $SRC -maxdepth 1 -name '*Fuzzer.java'); do - fuzzer_basename=$(basename -s .java $fuzzer) - javac -cp $BUILD_CLASSPATH $fuzzer - cp $SRC/[$fuzzer_basename]*.class $OUT/ +# LOCAL_DEV env variable need to be set in local development env +if [[ -v LOCAL_DEV ]]; then + + # checkout latest project version + git -C $PROJECT pull || git clone $MAIN_REPOSITORY $PROJECT + + set_project_version_in_fuzz_targets_dependency + + #install + (cd $PROJECT && $MVN install $MAVEN_ARGS) + $MVN -pl fuzz-targets install - # Create an execution wrapper that executes Jazzer with the correct arguments. - echo "#!/bin/bash -# LLVMFuzzerTestOneInput for fuzzer detection. -this_dir=\$(dirname \"\$0\") -if [[ \"\$@\" =~ (^| )-runs=[0-9]+($| ) ]]; then - mem_settings='-Xmx1900m:-Xss900k' else - mem_settings='-Xmx2048m:-Xss1024k' -fi -JAVA_HOME=\"\$this_dir/open-jdk/\" \ -LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \ -\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \ ---cp=$RUNTIME_CLASSPATH \ ---target_class=$fuzzer_basename \ --rss_limit_mb=0 \ ---jvm_args=\"\$mem_settings\" \ -\$@" > $OUT/$fuzzer_basename - chmod u+x $OUT/$fuzzer_basename -done + # Move seed corpus and dictionary. + # mv $SRC/{*.zip,*.dict} $OUT + + set_project_version_in_fuzz_targets_dependency + + #install + (cd $PROJECT && $MVN install $MAVEN_ARGS -Dmaven.repo.local=$OUT/m2) + $MVN -pl fuzz-targets install -Dmaven.repo.local=$OUT/m2 + + # build classpath + $MVN -pl fuzz-targets dependency:build-classpath -Dmdep.outputFile=cp.txt -Dmaven.repo.local=$OUT/m2 + cp -r $SRC/project-parent/fuzz-targets/target/test-classes $OUT/ + RUNTIME_CLASSPATH_ABSOLUTE="$(cat fuzz-targets/cp.txt):$OUT/test-classes" + RUNTIME_CLASSPATH_RELATIVE=$(echo $RUNTIME_CLASSPATH_ABSOLUTE | sed "s|$OUT|.|g") + + for fuzzer in $(find $SRC/project-parent/fuzz-targets -name '*Fuzzer.java'); do + fuzzer_basename=$(basename -s .java $fuzzer) + + # Create an execution wrapper for every fuzztarget + echo "#!/bin/bash + # LLVMFuzzerTestOneInput comment for fuzzer detection by infrastructure. + if [[ \"\$@\" =~ (^| )-runs=[0-9]+($| ) ]]; then + mem_settings='-Xmx1900m -Xss900k' + else + mem_settings='-Xmx2048m -Xss1024k' + fi + java -cp $RUNTIME_CLASSPATH_RELATIVE \ + \$mem_settings \ + com.code_intelligence.jazzer.Jazzer \ + --target_class=com.example.$fuzzer_basename \ + \$@" > $OUT/$fuzzer_basename + chmod u+x $OUT/$fuzzer_basename + done + +fi \ No newline at end of file diff --git a/projects/jetty/pom.patch b/projects/jetty/pom.patch deleted file mode 100644 index e39e7db6d..000000000 --- a/projects/jetty/pom.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/pom.xml b/pom.xml -index ff6c4d1e21..be7dd7efb3 100644 ---- a/pom.xml -+++ b/pom.xml -@@ -244,7 +244,6 @@ - jetty-alpn - jetty-home - jetty-bom -- documentation - jetty-keystore - jetty-p2 - jetty-unixdomain-server - diff --git a/projects/jetty/project-parent/fuzz-targets/pom.xml b/projects/jetty/project-parent/fuzz-targets/pom.xml new file mode 100644 index 000000000..c8797dfdd --- /dev/null +++ b/projects/jetty/project-parent/fuzz-targets/pom.xml @@ -0,0 +1,86 @@ + + + + 4.0.0 + com.fuzzer + fuzz-targets + 0.0.1-SNAPSHOT + fuzz + fuzz + + + 11 + 11 + 11 + + + + + + com.code-intelligence + jazzer-junit + 0.15.0 + + + + org.junit.jupiter + junit-jupiter-engine + 5.9.0 + test + + + + org.eclipse.jetty + jetty-http + Fuzzing-SNAPSHOT + + + + org.eclipse.jetty + jetty-server + Fuzzing-SNAPSHOT + + + + org.eclipse.jetty + jetty-util + Fuzzing-SNAPSHOT + + + + org.eclipse.jetty + jetty-io + Fuzzing-SNAPSHOT + + + + org.eclipse.jetty + jetty-runner + Fuzzing-SNAPSHOT + + + + org.junit.platform + junit-platform-launcher + 1.9.2 + + + + + + + + + maven-surefire-plugin + 2.22.2 + + + + + ${project.basedir}/src/test/resources + + + + + \ No newline at end of file diff --git a/projects/jetty/ServerHandlersFuzzer.java b/projects/jetty/project-parent/fuzz-targets/src/test/java/com/example/ServerHandlersFuzzer.java similarity index 73% rename from projects/jetty/ServerHandlersFuzzer.java rename to projects/jetty/project-parent/fuzz-targets/src/test/java/com/example/ServerHandlersFuzzer.java index 420c2f6a8..2aa0ecab2 100644 --- a/projects/jetty/ServerHandlersFuzzer.java +++ b/projects/jetty/project-parent/fuzz-targets/src/test/java/com/example/ServerHandlersFuzzer.java @@ -14,27 +14,32 @@ // ////////////////////////////////////////////////////////////////////////////////// +package com.example; + import com.code_intelligence.jazzer.api.FuzzedDataProvider; -import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow; - -import org.eclipse.jetty.server.*; -import org.eclipse.jetty.server.handler.*; +import com.code_intelligence.jazzer.junit.FuzzTest; import org.eclipse.jetty.io.NullByteBufferPool; +import org.eclipse.jetty.server.Handler; +import org.eclipse.jetty.server.HttpConnectionFactory; +import org.eclipse.jetty.server.LocalConnector; +import org.eclipse.jetty.server.Server; +import org.eclipse.jetty.server.handler.*; +import org.junit.jupiter.api.BeforeAll; -import java.io.File; import java.util.Collection; -public class ServerHandlersFuzzer { +class ServerHandlersFuzzer { static Server _server; static LocalConnector _connector; static HandlerCollection handlers; - static String methods_arr [] = {"GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS", "PATCH"}; - static Handler handler_arr [] = {new AsyncDelayHandler(), new BufferedResponseHandler(), new ContextHandler(), new DefaultHandler(), new ErrorHandler(), new FileBufferedResponseHandler(), + static String[] methods_arr = {"GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS", "PATCH"}; + static Handler[] handler_arr = {new AsyncDelayHandler(), new BufferedResponseHandler(), new ContextHandler(), new DefaultHandler(), new ErrorHandler(), new FileBufferedResponseHandler(), new HotSwapHandler(), new IdleTimeoutHandler(), new InetAccessHandler(), new MovedContextHandler(), new RequestLogHandler(), new ResourceHandler(), new SecuredRedirectHandler(), new ThreadLimitHandler()}; - public static void fuzzerInitialize() { + @BeforeAll + static void setup() { _server = new Server(); _server.addBean(new NullByteBufferPool()); _connector = new LocalConnector(_server, new HttpConnectionFactory(), null); @@ -42,7 +47,8 @@ public class ServerHandlersFuzzer { _server.addConnector(_connector); } - public static void fuzzerTestOneInput(FuzzedDataProvider data) { + @FuzzTest + void getResponse(FuzzedDataProvider data) { Collection handlersCollection = data.pickValues(handler_arr, data.consumeInt(0, handler_arr.length)); String method = data.pickValue(methods_arr); String str = data.consumeString(1000); @@ -64,7 +70,7 @@ public class ServerHandlersFuzzer { } try { - String response = _connector.getResponse(method + " /" + str + " HTTP/1.0\r\n" + str1 + "\r\n\r\n" + str2); + _connector.getResponse(method + " /" + str + " HTTP/1.0\r\n" + str1 + "\r\n\r\n" + str2); } catch (Exception e) { } @@ -74,4 +80,5 @@ public class ServerHandlersFuzzer { throw new RuntimeException("Server stop error!"); } } + } \ No newline at end of file diff --git a/projects/jetty/project-parent/pom.xml b/projects/jetty/project-parent/pom.xml new file mode 100644 index 000000000..29b8aa2cf --- /dev/null +++ b/projects/jetty/project-parent/pom.xml @@ -0,0 +1,16 @@ + + + 4.0.0 + + com.fuzzer + project-parent + 0.1.0 + pom + + + jetty + fuzz-targets + + + \ No newline at end of file