diff --git a/projects/jetty/.gitignore b/projects/jetty/.gitignore
new file mode 100644
index 000000000..be62d874c
--- /dev/null
+++ b/projects/jetty/.gitignore
@@ -0,0 +1,4 @@
+project-parent/jetty
+project-parent/fuzz-targets/target
+project-parent/fuzz-targets/src/test/resources
+project-parent/fuzz-targets/pom.xml.versionsBackup
\ No newline at end of file
diff --git a/projects/jetty/Dockerfile b/projects/jetty/Dockerfile
index bbf5ab791..ffd68fdce 100644
--- a/projects/jetty/Dockerfile
+++ b/projects/jetty/Dockerfile
@@ -16,26 +16,21 @@
FROM gcr.io/oss-fuzz-base/base-builder-jvm
-RUN curl -L https://archive.apache.org/dist/maven/maven-3/3.8.6/binaries/apache-maven-3.8.6-bin.zip -o maven.zip && \
+RUN curl -L https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.zip -o maven.zip && \
unzip maven.zip -d $SRC/maven && \
rm -rf maven.zip
-ENV MVN $SRC/maven/apache-maven-3.8.6/bin/mvn
+ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn
-RUN git clone --depth 1 https://github.com/google/fuzzing
-RUN cat fuzzing/dictionaries/http.dict \
- > $SRC/ServerHandlersFuzzer.dict
+# if not set python infra helper cannot be used for local testing
-RUN cat fuzzing/dictionaries/url.dict \
- > $SRC/ServerHandlersFuzzer.dict
+COPY project-parent $SRC/project-parent/
-RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \
- zip -q $SRC/ServerHandlersFuzzer_seed_corpus.zip go-fuzz-corpus/httpreq/corpus/*
+RUN rm -rf $SRC/project-parent/jetty
+RUN git clone --depth 1 https://github.com/eclipse/jetty.project $SRC/project-parent/jetty
-
-RUN git clone --depth 1 https://github.com/eclipse/jetty.project.git
+# required by jetty's asciidoctor-maven-plugin
+RUN apt-get update && apt-get -y install fontconfig
COPY build.sh $SRC/
-COPY *Fuzzer.java $SRC/
-COPY pom.patch $SRC/jetty.project
-WORKDIR $SRC/jetty.project
\ No newline at end of file
+WORKDIR $SRC/
\ No newline at end of file
diff --git a/projects/jetty/build.sh b/projects/jetty/build.sh
index c70a1808b..1c073ac4c 100755
--- a/projects/jetty/build.sh
+++ b/projects/jetty/build.sh
@@ -1,5 +1,5 @@
-#!/bin/bash
-# Copyright 2022 Google LLC
+#!/bin/bash -eu
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,49 +15,71 @@
#
################################################################################
-mv $SRC/{*.zip,*.dict} $OUT
+PROJECT=jetty
+PROJECT_GROUP_ID=org.eclipse.jetty
+PROJECT_ARTIFACT_ID=jetty-project
+MAIN_REPOSITORY=https://github.com/eclipse/jetty.project
-patch pom.xml pom.patch
-export MAVEN_OPTS="-Xmx1G"
-MAVEN_ARGS="-Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15"
-$MVN package $MAVEN_ARGS
-JETTY_VERSION=$($MVN help:evaluate -Dexpression=project.version -q -DforceStdout)
-cp $SRC/jetty.project/jetty-home/target/jetty-home/lib/jetty-http-$JETTY_VERSION.jar $OUT/jetty-http.jar
-cp $SRC/jetty.project/jetty-home/target/jetty-home/lib/jetty-server-$JETTY_VERSION.jar $OUT/jetty-server.jar
-cp $SRC/jetty.project/jetty-home/target/jetty-home/lib/jetty-util-$JETTY_VERSION.jar $OUT/jetty-util.jar
-cp $SRC/jetty.project/jetty-home/target/jetty-home/lib/jetty-io-$JETTY_VERSION.jar $OUT/jetty-io.jar
-cp $SRC/jetty.project/jetty-runner/target/jetty-runner-$JETTY_VERSION.jar $OUT/jetty-runner.jar
+MAVEN_ARGS="-Dmaven.test.skip=true -Djavac.src.version=15 -Djavac.target.version=15 -Denforcer.skip=true -DskipTests"
-ALL_JARS="jetty-util.jar jetty-server.jar jetty-http.jar jetty-io.jar jetty-runner.jar"
-# The classpath at build-time includes the project jars in $OUT as well as the
-# Jazzer API.
-BUILD_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "$OUT/%s:"):$JAZZER_API_PATH
+function set_project_version_in_fuzz_targets_dependency {
+ PROJECT_VERSION=$(cd $PROJECT && $MVN org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout)
+ # set dependency project version in fuzz-targets
+ (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-http -DdepVersion=$PROJECT_VERSION -DforceVersion=true)
+ (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-server -DdepVersion=$PROJECT_VERSION -DforceVersion=true)
+ (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-util -DdepVersion=$PROJECT_VERSION -DforceVersion=true)
+ (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-io -DdepVersion=$PROJECT_VERSION -DforceVersion=true)
+ (cd fuzz-targets && $MVN versions:use-dep-version -Dincludes=$PROJECT_GROUP_ID:jetty-runner -DdepVersion=$PROJECT_VERSION -DforceVersion=true)
+}
-# All .jar and .class files lie in the same directory as the fuzzer at runtime.
-RUNTIME_CLASSPATH=$(echo $ALL_JARS | xargs printf -- "\$this_dir/%s:"):\$this_dir
+cd project-parent
-for fuzzer in $(find $SRC -maxdepth 1 -name '*Fuzzer.java'); do
- fuzzer_basename=$(basename -s .java $fuzzer)
- javac -cp $BUILD_CLASSPATH $fuzzer
- cp $SRC/[$fuzzer_basename]*.class $OUT/
+# LOCAL_DEV env variable need to be set in local development env
+if [[ -v LOCAL_DEV ]]; then
+
+ # checkout latest project version
+ git -C $PROJECT pull || git clone $MAIN_REPOSITORY $PROJECT
+
+ set_project_version_in_fuzz_targets_dependency
+
+ #install
+ (cd $PROJECT && $MVN install $MAVEN_ARGS)
+ $MVN -pl fuzz-targets install
- # Create an execution wrapper that executes Jazzer with the correct arguments.
- echo "#!/bin/bash
-# LLVMFuzzerTestOneInput for fuzzer detection.
-this_dir=\$(dirname \"\$0\")
-if [[ \"\$@\" =~ (^| )-runs=[0-9]+($| ) ]]; then
- mem_settings='-Xmx1900m:-Xss900k'
else
- mem_settings='-Xmx2048m:-Xss1024k'
-fi
-JAVA_HOME=\"\$this_dir/open-jdk/\" \
-LD_LIBRARY_PATH=\"$JVM_LD_LIBRARY_PATH\":\$this_dir \
-\$this_dir/jazzer_driver --agent_path=\$this_dir/jazzer_agent_deploy.jar \
---cp=$RUNTIME_CLASSPATH \
---target_class=$fuzzer_basename \
--rss_limit_mb=0 \
---jvm_args=\"\$mem_settings\" \
-\$@" > $OUT/$fuzzer_basename
- chmod u+x $OUT/$fuzzer_basename
-done
+ # Move seed corpus and dictionary.
+ # mv $SRC/{*.zip,*.dict} $OUT
+
+ set_project_version_in_fuzz_targets_dependency
+
+ #install
+ (cd $PROJECT && $MVN install $MAVEN_ARGS -Dmaven.repo.local=$OUT/m2)
+ $MVN -pl fuzz-targets install -Dmaven.repo.local=$OUT/m2
+
+ # build classpath
+ $MVN -pl fuzz-targets dependency:build-classpath -Dmdep.outputFile=cp.txt -Dmaven.repo.local=$OUT/m2
+ cp -r $SRC/project-parent/fuzz-targets/target/test-classes $OUT/
+ RUNTIME_CLASSPATH_ABSOLUTE="$(cat fuzz-targets/cp.txt):$OUT/test-classes"
+ RUNTIME_CLASSPATH_RELATIVE=$(echo $RUNTIME_CLASSPATH_ABSOLUTE | sed "s|$OUT|.|g")
+
+ for fuzzer in $(find $SRC/project-parent/fuzz-targets -name '*Fuzzer.java'); do
+ fuzzer_basename=$(basename -s .java $fuzzer)
+
+ # Create an execution wrapper for every fuzztarget
+ echo "#!/bin/bash
+ # LLVMFuzzerTestOneInput comment for fuzzer detection by infrastructure.
+ if [[ \"\$@\" =~ (^| )-runs=[0-9]+($| ) ]]; then
+ mem_settings='-Xmx1900m -Xss900k'
+ else
+ mem_settings='-Xmx2048m -Xss1024k'
+ fi
+ java -cp $RUNTIME_CLASSPATH_RELATIVE \
+ \$mem_settings \
+ com.code_intelligence.jazzer.Jazzer \
+ --target_class=com.example.$fuzzer_basename \
+ \$@" > $OUT/$fuzzer_basename
+ chmod u+x $OUT/$fuzzer_basename
+ done
+
+fi
\ No newline at end of file
diff --git a/projects/jetty/pom.patch b/projects/jetty/pom.patch
deleted file mode 100644
index e39e7db6d..000000000
--- a/projects/jetty/pom.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/pom.xml b/pom.xml
-index ff6c4d1e21..be7dd7efb3 100644
---- a/pom.xml
-+++ b/pom.xml
-@@ -244,7 +244,6 @@
- jetty-alpn
- jetty-home
- jetty-bom
-- documentation
- jetty-keystore
- jetty-p2
- jetty-unixdomain-server
-
diff --git a/projects/jetty/project-parent/fuzz-targets/pom.xml b/projects/jetty/project-parent/fuzz-targets/pom.xml
new file mode 100644
index 000000000..c8797dfdd
--- /dev/null
+++ b/projects/jetty/project-parent/fuzz-targets/pom.xml
@@ -0,0 +1,86 @@
+
+
+
+ 4.0.0
+ com.fuzzer
+ fuzz-targets
+ 0.0.1-SNAPSHOT
+ fuzz
+ fuzz
+
+
+ 11
+ 11
+ 11
+
+
+
+
+
+ com.code-intelligence
+ jazzer-junit
+ 0.15.0
+
+
+
+ org.junit.jupiter
+ junit-jupiter-engine
+ 5.9.0
+ test
+
+
+
+ org.eclipse.jetty
+ jetty-http
+ Fuzzing-SNAPSHOT
+
+
+
+ org.eclipse.jetty
+ jetty-server
+ Fuzzing-SNAPSHOT
+
+
+
+ org.eclipse.jetty
+ jetty-util
+ Fuzzing-SNAPSHOT
+
+
+
+ org.eclipse.jetty
+ jetty-io
+ Fuzzing-SNAPSHOT
+
+
+
+ org.eclipse.jetty
+ jetty-runner
+ Fuzzing-SNAPSHOT
+
+
+
+ org.junit.platform
+ junit-platform-launcher
+ 1.9.2
+
+
+
+
+
+
+
+
+ maven-surefire-plugin
+ 2.22.2
+
+
+
+
+ ${project.basedir}/src/test/resources
+
+
+
+
+
\ No newline at end of file
diff --git a/projects/jetty/ServerHandlersFuzzer.java b/projects/jetty/project-parent/fuzz-targets/src/test/java/com/example/ServerHandlersFuzzer.java
similarity index 73%
rename from projects/jetty/ServerHandlersFuzzer.java
rename to projects/jetty/project-parent/fuzz-targets/src/test/java/com/example/ServerHandlersFuzzer.java
index 420c2f6a8..2aa0ecab2 100644
--- a/projects/jetty/ServerHandlersFuzzer.java
+++ b/projects/jetty/project-parent/fuzz-targets/src/test/java/com/example/ServerHandlersFuzzer.java
@@ -14,27 +14,32 @@
//
//////////////////////////////////////////////////////////////////////////////////
+package com.example;
+
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
-import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow;
-
-import org.eclipse.jetty.server.*;
-import org.eclipse.jetty.server.handler.*;
+import com.code_intelligence.jazzer.junit.FuzzTest;
import org.eclipse.jetty.io.NullByteBufferPool;
+import org.eclipse.jetty.server.Handler;
+import org.eclipse.jetty.server.HttpConnectionFactory;
+import org.eclipse.jetty.server.LocalConnector;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.handler.*;
+import org.junit.jupiter.api.BeforeAll;
-import java.io.File;
import java.util.Collection;
-public class ServerHandlersFuzzer {
+class ServerHandlersFuzzer {
static Server _server;
static LocalConnector _connector;
static HandlerCollection handlers;
- static String methods_arr [] = {"GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS", "PATCH"};
- static Handler handler_arr [] = {new AsyncDelayHandler(), new BufferedResponseHandler(), new ContextHandler(), new DefaultHandler(), new ErrorHandler(), new FileBufferedResponseHandler(),
+ static String[] methods_arr = {"GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS", "PATCH"};
+ static Handler[] handler_arr = {new AsyncDelayHandler(), new BufferedResponseHandler(), new ContextHandler(), new DefaultHandler(), new ErrorHandler(), new FileBufferedResponseHandler(),
new HotSwapHandler(), new IdleTimeoutHandler(), new InetAccessHandler(), new MovedContextHandler(), new RequestLogHandler(), new ResourceHandler(), new SecuredRedirectHandler(),
new ThreadLimitHandler()};
- public static void fuzzerInitialize() {
+ @BeforeAll
+ static void setup() {
_server = new Server();
_server.addBean(new NullByteBufferPool());
_connector = new LocalConnector(_server, new HttpConnectionFactory(), null);
@@ -42,7 +47,8 @@ public class ServerHandlersFuzzer {
_server.addConnector(_connector);
}
- public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+ @FuzzTest
+ void getResponse(FuzzedDataProvider data) {
Collection handlersCollection = data.pickValues(handler_arr, data.consumeInt(0, handler_arr.length));
String method = data.pickValue(methods_arr);
String str = data.consumeString(1000);
@@ -64,7 +70,7 @@ public class ServerHandlersFuzzer {
}
try {
- String response = _connector.getResponse(method + " /" + str + " HTTP/1.0\r\n" + str1 + "\r\n\r\n" + str2);
+ _connector.getResponse(method + " /" + str + " HTTP/1.0\r\n" + str1 + "\r\n\r\n" + str2);
} catch (Exception e) {
}
@@ -74,4 +80,5 @@ public class ServerHandlersFuzzer {
throw new RuntimeException("Server stop error!");
}
}
+
}
\ No newline at end of file
diff --git a/projects/jetty/project-parent/pom.xml b/projects/jetty/project-parent/pom.xml
new file mode 100644
index 000000000..29b8aa2cf
--- /dev/null
+++ b/projects/jetty/project-parent/pom.xml
@@ -0,0 +1,16 @@
+
+
+ 4.0.0
+
+ com.fuzzer
+ project-parent
+ 0.1.0
+ pom
+
+
+ jetty
+ fuzz-targets
+
+
+
\ No newline at end of file