oss-fuzz

Commit Graph

Author	SHA1	Message	Date
Fabian Meumertzheim	e23e06fd12	[jazzer] Migrate projects to new void fuzzerTestOneInput (#5251 ) Jazzer has made fuzzerTestOneInput return void instead of boolean. This commit adapts the existing Jazzer fuzz targets to this change. Previously, returning true from a fuzz target would be recorded as a crash. However, since there is no stack trace in that case, such crashes cause issues with deduplication. Additionally, the behavior is easy to replicate with assert or a an if with a throw statement.	2021-02-24 08:33:58 -08:00
Fabian Meumertzheim	587a0bde3f	[jazzer][json-sanitizer] Add json-sanitizer as the first JVM project (#5186 ) json-sanitizer uses Maven and has no native dependencies. The build file is loosely divided into two parts. The first part is project-specific, the second one can serve as a template for JVM fuzz targets without native dependencies. The following three fuzz targets are added to OSS-Fuzz and can later be moved into the json-sanitizer tree: * DenylistFuzzer verifies that the output of json-sanitizer never contains certain substrings that can lead to HTML or XML injections. * IdempotenceFuzzer verifies that json-sanitizer is idempotent. * ValidJsonFuzzer verifies that the output of json-sanitizer is valid JSON by passing it into gson.	2021-02-16 10:13:29 -08:00

Author

SHA1

Message

Date

Fabian Meumertzheim

e23e06fd12

[jazzer] Migrate projects to new void fuzzerTestOneInput (#5251 )

Jazzer has made fuzzerTestOneInput return void instead of boolean.
This commit adapts the existing Jazzer fuzz targets to this change.

Previously, returning true from a fuzz target would be recorded as a
crash. However, since there is no stack trace in that case, such crashes
cause issues with deduplication. Additionally, the behavior is easy to
replicate with assert or a an if with a throw statement.

2021-02-24 08:33:58 -08:00

Fabian Meumertzheim

587a0bde3f

[jazzer][json-sanitizer] Add json-sanitizer as the first JVM project (#5186 )

json-sanitizer uses Maven and has no native dependencies.

The build file is loosely divided into two parts. The first part is
project-specific, the second one can serve as a template for JVM fuzz
targets without native dependencies.

The following three fuzz targets are added to OSS-Fuzz and can later be
moved into the json-sanitizer tree:

* DenylistFuzzer verifies that the output of json-sanitizer never
  contains certain substrings that can lead to HTML or XML injections.
* IdempotenceFuzzer verifies that json-sanitizer is idempotent.
* ValidJsonFuzzer verifies that the output of json-sanitizer is valid
  JSON by passing it into gson.

2021-02-16 10:13:29 -08:00

2 Commits