[js-yaml] Initial integration (#10615)

projects/js-yaml/Dockerfile

@@ -0,0 +1,25 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder-javascript
+
+COPY build.sh $SRC/
+
+RUN  git clone --depth 1 https://github.com/nodeca/js-yaml
+
+COPY fuzz.js $SRC/js-yaml
+
+WORKDIR $SRC/js-yaml

projects/js-yaml/build.sh

@@ -0,0 +1,23 @@
+#!/bin/bash -eu
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Install dependencies.
+npm install
+npm install --save-dev @jazzer.js/core
+
+# Build Fuzzers.
+compile_javascript_fuzzer js-yaml fuzz.js --sync

projects/js-yaml/fuzz.js

@@ -0,0 +1,29 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+const { FuzzedDataProvider } = require('@jazzer.js/core');
+const yaml = require('js-yaml');
+
+module.exports.fuzz = function (data) {
+  const provider = new FuzzedDataProvider(data);
+  const yamlString = provider.consumeRemainingAsString();
+
+  try {
+    const parsedYaml = yaml.load(yamlString);
+    const serializedYaml = yaml.dump(parsedYaml);
+  } catch (YAMLException) {
+  }
+};

projects/js-yaml/project.yaml

@@ -0,0 +1,15 @@
+homepage: https://github.com/nodeca/js-yaml
+language: javascript
+main_repo: https://github.com/nodeca/js-yaml
+fuzzing_engines:
+- libfuzzer
+sanitizers:
+- none
+vendor_ccs:
+  - "wagner@code-intelligence.com"
+  - "yakdan@code-intelligence.com"
+  - "glendowne@code-intelligence.com"
+  - "patrice.salathe@code-intelligence.com"
+  - "hlin@code-intelligence.com"
+  - "christopher.krah@code-intelligence.com"
+  - "bug-disclosure@code-intelligence.com"