Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

jackson-core: Extend fuzzers (#8128) 

Signed-off-by: AdamKorcz <adam@adalogics.com>
This commit is contained in:
AdamKorcz 2022-08-02 16:48:04 +01:00 committed by GitHub
parent 1f30f70eeb
commit a21e0f2eaf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 80 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
projects/jackson-core/Dockerfile
View File

@ -31,5 +31,5 @@ RUN git clone --depth 1 --branch=$JACKSON_BRANCH https://github.com/FasterXML/ja
RUN git clone --depth 1 --branch=$JACKSON_BRANCH https://github.com/FasterXML/jackson-annotations
COPY build.sh $SRC/
COPY JsonFuzzer.java FuzzParseNextToken.java UTF8GeneratorFuzzer.java $SRC/
COPY *Fuzzer.java $SRC/
WORKDIR $SRC/

16
projects/jackson-core/FuzzParseNextToken.java → projects/jackson-core/ParseNextTokenFuzzer.java
View File

@ -14,7 +14,6 @@
//
////////////////////////////////////////////////////////////////////////////////
import java.io.ByteArrayOutputStream;
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
import com.fasterxml.jackson.core.JsonParser;
@ -23,21 +22,30 @@ import com.fasterxml.jackson.core.Base64Variants;
import com.fasterxml.jackson.core.JsonFactory;
import java.io.IOException;
import java.io.ByteArrayOutputStream;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
public class FuzzParseNextToken {
public class ParseNextTokenFuzzer {
public static void fuzzerTestOneInput(FuzzedDataProvider data) {
JsonFactory jf = new JsonFactory();
JsonParser jp;
try {
JsonParser jp = jf.createParser(data.consumeRemainingAsBytes());
jp = jf.createParser(data.consumeRemainingAsBytes());
if (data.consumeBoolean()) {
} else {
InputStream myInputStream = new ByteArrayInputStream(data.consumeRemainingAsBytes());
jp = jf.createParser(myInputStream);
}
jp.nextFieldName();
ByteArrayOutputStream bytes = new ByteArrayOutputStream();
Base64Variant orig = Base64Variants.PEM;
jp.readBinaryValue(orig, bytes);
while (jp.nextToken() != null) {
;
}
jp.readBinaryValue(orig, bytes);
} catch (IOException | IllegalArgumentException ignored) {
}
}

111
projects/jackson-core/UTF8GeneratorFuzzer.java
View File

@ -15,7 +15,9 @@
////////////////////////////////////////////////////////////////////////////////
import java.io.ByteArrayOutputStream;
import java.io.ByteArrayInputStream;
import java.io.StringReader;
import java.io.InputStream;
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
import com.fasterxml.jackson.core.Base64Variant;
@ -34,6 +36,9 @@ public class UTF8GeneratorFuzzer {
ByteArrayOutputStream out = new ByteArrayOutputStream();
String fuzzString;
JsonGenerator g;
int offset;
byte[] b;
Base64Variant b64v;
try {
g = jf.createGenerator(out);
@ -41,56 +46,74 @@ public class UTF8GeneratorFuzzer {
return;
}
try {
int apiType = data.consumeInt();
switch(apiType%7) {
case 0:
fuzzString = data.consumeString(1000000);
StringReader targetReader = new StringReader(fuzzString);
g.writeStartArray();
g.writeString(targetReader, fuzzString.length());
g.writeEndArray();
case 1:
fuzzString = data.consumeString(1000000);
g.writeStartArray();
g.writeString(fuzzString);
g.writeEndArray();
case 2:
fuzzString = data.consumeString(1000000);
SerializableString ss = new SerializedString(fuzzString);
g.writeStartArray();
g.writeString(ss);
g.writeEndArray();
case 3:
fuzzString = data.consumeString(1000000);
g.writeStartArray();
g.writeRaw(fuzzString);
g.writeEndArray();
case 4:
fuzzString = data.consumeString(1000000);
g.writeStartArray();
g.writeRaw(fuzzString, 0, fuzzString.length());
g.writeEndArray();
case 5:
String key = data.consumeString(50000);
String value = data.consumeString(50000);
g.writeStartObject();
g.writeStringField(key, value);
g.writeEndObject();
case 6:
Base64Variant b64v = Base64Variants.getDefaultVariant();
byte[] b = data.consumeRemainingAsBytes();
g.writeStartArray();
g.writeBinary(b64v, b, 0, b.length);
g.writeEndArray();
int numberOfOps = data.consumeInt();
for (int i = 0; i < numberOfOps%20; i++) {
try {
int apiType = data.consumeInt();
switch(apiType%9) {
case 0:
fuzzString = data.consumeString(1000000);
StringReader targetReader = new StringReader(fuzzString);
g.writeStartArray();
g.writeString(targetReader, fuzzString.length());
g.writeEndArray();
case 1:
fuzzString = data.consumeString(1000000);
g.writeStartArray();
g.writeString(fuzzString);
g.writeEndArray();
case 2:
fuzzString = data.consumeString(1000000);
SerializableString ss = new SerializedString(fuzzString);
g.writeStartArray();
g.writeString(ss);
g.writeEndArray();
case 3:
fuzzString = data.consumeString(1000000);
g.writeStartArray();
g.writeRaw(fuzzString);
g.writeEndArray();
case 4:
fuzzString = data.consumeString(1000000);
offset = data.consumeInt();
g.writeStartArray();
g.writeRaw(fuzzString, offset, fuzzString.length());
g.writeEndArray();
case 5:
String key = data.consumeString(1000000);
String value = data.consumeString(1000000);
g.writeStartObject();
g.writeStringField(key, value);
g.writeEndObject();
case 6:
b64v = Base64Variants.getDefaultVariant();
b = data.consumeBytes(1000000);
offset = data.consumeInt();
g.writeStartArray();
g.writeBinary(b64v, b, offset, b.length);
g.writeEndArray();
case 7:
b = data.consumeBytes(1000000);
offset = data.consumeInt();
g.writeStartObject();
g.writeUTF8String(b, offset, b.length);
g.writeEndObject();
case 8:
b64v = Base64Variants.getDefaultVariant();
b = data.consumeBytes(1000000);
offset = data.consumeInt();
InputStream targetStream = new ByteArrayInputStream(b);
g.writeStartArray();
g.writeBinary(b64v, targetStream, b.length);
g.writeEndArray();
}
} catch (IOException | IllegalArgumentException ignored) {
}
} catch (IOException | IllegalArgumentException ignored) {
}
try {
g.close();
} catch (IOException ignored) {
return;
}
}