Change the fuzz target to XmlPullParserFactory & fix javadoc (#7638)

2022-04-28 15:55:26 +02:00 · 2022-04-28 15:55:26 +02:00 · efa4e9cd5a
parent c351603b3d
commit efa4e9cd5a
4 changed files with 37 additions and 72 deletions
--- a/projects/xmlpull/Dockerfile
+++ b/projects/xmlpull/Dockerfile
@ -20,18 +20,10 @@ RUN curl -L https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-mav
 unzip maven.zip -d $SRC/maven && \
 rm -rf maven.zip

-RUN git clone --depth 1 https://github.com/google/fuzzing && \
-    mv fuzzing/dictionaries/xml.dict $SRC/JoranFuzzer.dict && \
-    rm -rf fuzzing
-
-RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus && \
-    zip -q $SRC/JoranFuzzer_seed_corpus.zip go-fuzz-corpus/xml/corpus/* && \
-    rm -rf go-fuzz-corpus
-
 ENV MVN $SRC/maven/apache-maven-3.6.3/bin/mvn

 RUN git clone --depth 1 https://github.com/xmlpull-org/xmlpull-api-v1 xmlpull

 COPY build.sh $SRC/
-COPY XmlFuzzer.java $SRC/
+COPY *.java $SRC/
 WORKDIR $SRC/xmlpull
--- a/projects/xmlpull/PullParserFactoryFuzzer.java
+++ b/projects/xmlpull/PullParserFactoryFuzzer.java
@ -0,0 +1,24 @@
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+
+import org.xmlpull.v1.XmlPullParserFactory;
+import org.xmlpull.v1.XmlPullParser;
+import org.xmlpull.v1.XmlPullParserException;
+import org.xmlpull.v1.XmlSerializer;
+
+import java.io.IOException;
+import java.io.StringReader;
+
+public class PullParserFactoryFuzzer {
+    public static void fuzzerTestOneInput(FuzzedDataProvider data) {
+        try {
+            XmlPullParserFactory factory = XmlPullParserFactory.newInstance(
+                data.consumeString(100),
+                null
+            );
+            factory.setFeature(data.consumeString(30), data.consumeBoolean());
+            factory.getFeature(data.consumeString(30));
+            factory.setNamespaceAware(data.consumeBoolean());
+            XmlPullParser xpp = factory.newPullParser();
+        } catch (XmlPullParserException e) { }
+	}
+}
--- a/projects/xmlpull/XmlFuzzer.java
+++ b/projects/xmlpull/XmlFuzzer.java
@ -1,36 +0,0 @@
-import com.code_intelligence.jazzer.api.FuzzedDataProvider;
-
-import org.xmlpull.v1.XmlPullParserFactory;
-import org.xmlpull.v1.XmlPullParser;
-import org.xmlpull.v1.XmlPullParserException;
-import org.xmlpull.v1.XmlSerializer;
-
-import java.io.IOException;
-import java.io.StringReader;
-
-public class XmlFuzzer {
-    public static XmlPullParserFactory factoryNewInstance() throws XmlPullParserException {
-        String property = System.getProperty(XmlPullParserFactory.PROPERTY_NAME);
-        return XmlPullParserFactory.newInstance(
-            property,
-            null
-        );
-    }
-
-    public static void processDocument(XmlPullParser xpp) throws XmlPullParserException, IOException {
-        int eventType = xpp.getEventType();
-        do {
-            eventType = xpp.next();
-        } while (eventType != xpp.END_DOCUMENT);
-    }
-
-    public static void fuzzerTestOneInput(FuzzedDataProvider data) {
-        try {
-            XmlPullParserFactory factory = factoryNewInstance();
-            factory.setNamespaceAware(true);
-            XmlPullParser xpp = factory.newPullParser();
-            xpp.setInput(new StringReader(data.consumeRemainingAsString()));
-            processDocument(xpp);
-        } catch (XmlPullParserException | IOException e) { }
-	}
-}
--- a/projects/xmlpull/build.sh
+++ b/projects/xmlpull/build.sh
@ -15,13 +15,9 @@
 #
 ################################################################################

-mv $SRC/{*.zip,*.dict} $OUT
-
 cat > patch.diff <<- EOM
-diff --git a/pom.xml b/pom.xml
-index 3e29db9..c79e086 100644
--- a/pom.xml	2022-04-14 17:14:14.830692400 +0200
-+++ b/pom.xml	2022-04-14 17:33:25.535451222 +0200
+--- pom2.xml	2022-04-26 14:46:24.060195186 +0200
+++ pom.xml	2022-04-26 14:47:28.479389378 +0200
@@ -30,6 +30,8 @@
 
  <properties>
@ -31,29 +27,18 @@ index 3e29db9..c79e086 100644
  </properties>
 
  <dependencies>
-@@ -56,19 +58,6 @@
-       </goals>
-      </execution>
-     </executions>
-   </plugin>
-   <plugin>
-    <groupId>org.apache.maven.plugins</groupId>
-    <artifactId>maven-javadoc-plugin</artifactId>
-    <version>2.9.1</version>
-    <executions>
-     <execution>
-      <id>attach-javadocs</id>
-      <goals>
-       <goal>jar</goal>
-      </goals>
-     </execution>
-    </executions>
-    </plugin>
-   </plugins>
-  </build>
+@@ -61,6 +63,9 @@
+     <groupId>org.apache.maven.plugins</groupId>
+     <artifactId>maven-javadoc-plugin</artifactId>
+     <version>2.9.1</version>
+    <configuration>
+     <sourcepath>src/main/java/api/org/xmlpull/v1/*</sourcepath>
+    </configuration>
+     <executions>
+      <execution>
+       <id>attach-javadocs</id>

 EOM
-
 git apply patch.diff