mirror of https://github.com/google/oss-fuzz.git
132 lines
4.4 KiB
Java
132 lines
4.4 KiB
Java
// Copyright 2022 Google LLC
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
//
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
|
|
import com.code_intelligence.jazzer.api.FuzzerSecurityIssueHigh;
|
|
|
|
import java.io.File;
|
|
import java.io.BufferedReader;
|
|
import java.io.IOException;
|
|
import java.io.InputStream;
|
|
import java.io.InputStreamReader;
|
|
import java.io.OutputStream;
|
|
import java.io.OutputStreamWriter;
|
|
import java.io.PrintWriter;
|
|
import java.io.Reader;
|
|
import java.io.StringReader;
|
|
import java.io.Writer;
|
|
import java.io.UnsupportedEncodingException;
|
|
import java.net.InetSocketAddress;
|
|
import java.net.Socket;
|
|
import java.net.SocketAddress;
|
|
import java.nio.CharBuffer;
|
|
import java.nio.charset.StandardCharsets;
|
|
import java.util.ArrayList;
|
|
import java.util.HashMap;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
|
|
import org.apache.catalina.servlets.DefaultServlet;
|
|
import org.apache.catalina.Context;
|
|
import org.apache.catalina.Wrapper;
|
|
import org.apache.catalina.connector.Connector;
|
|
import org.apache.catalina.startup.Tomcat;
|
|
|
|
public class Http11ProcessorDefaultServletFuzzer {
|
|
static Tomcat tomcat = null;
|
|
static Connector connector1 = null;
|
|
static Context ctx = null;
|
|
static String contextPath = null;
|
|
static String baseDir = null;
|
|
|
|
public static void fuzzerTearDown() {
|
|
try {
|
|
tomcat.stop();
|
|
tomcat.destroy();
|
|
tomcat = null;
|
|
System.gc();
|
|
} catch (Exception e) {
|
|
throw new FuzzerSecurityIssueHigh("Teardown Error!");
|
|
}
|
|
}
|
|
|
|
public static void fuzzerInitialize() {
|
|
tomcat = new Tomcat();
|
|
|
|
baseDir = "temp";
|
|
|
|
tomcat.setBaseDir(baseDir);
|
|
|
|
connector1 = tomcat.getConnector();
|
|
connector1.setPort(0);
|
|
|
|
String docBase = new File(".").getAbsolutePath();
|
|
|
|
ctx = tomcat.addContext("", docBase);
|
|
|
|
Wrapper w = Tomcat.addServlet(ctx, "servlet", new DefaultServlet());
|
|
ctx.addServletMappingDecoded("/", "servlet");
|
|
|
|
try {
|
|
tomcat.start();
|
|
} catch (Exception e) {
|
|
throw new FuzzerSecurityIssueHigh("Tomcat Start error!");
|
|
}
|
|
|
|
}
|
|
|
|
public static void fuzzerTestOneInput(FuzzedDataProvider data) {
|
|
// java.util.logging.Logger.getLogger("org.apache").setLevel(java.util.logging.Level.OFF);
|
|
|
|
String str = data.consumeAsciiString(100);
|
|
String str1 = data.consumeAsciiString(100);
|
|
String str2 = data.consumeAsciiString(100);
|
|
String str3 = data.consumeAsciiString(100);
|
|
String str4 = data.consumeAsciiString(100);
|
|
String str5 = data.consumeRemainingAsAsciiString();
|
|
|
|
try {
|
|
SocketAddress addr = new InetSocketAddress("localhost", tomcat.getConnector().getLocalPort());
|
|
Socket socket = new Socket();
|
|
socket.connect(addr, 0);
|
|
OutputStream os = socket.getOutputStream();
|
|
Writer writer = new OutputStreamWriter(os, "US-ASCII");
|
|
InputStream is = socket.getInputStream();
|
|
Reader r = new InputStreamReader(is, "US-ASCII");
|
|
BufferedReader reader = new BufferedReader(r);
|
|
|
|
// Write the headers
|
|
writer.write("POST http://localhost:" + tomcat.getConnector().getLocalPort() +"/temp HTTP/1.1\r\n");
|
|
writer.write("Host: localhost:" + tomcat.getConnector().getLocalPort() + "\r\n");
|
|
writer.write("Transfer-Encoding: chunked\r\n");
|
|
writer.write(str + "\r\n");
|
|
writer.write(str1 + "\r\n");
|
|
writer.write(str2 + "\r\n");
|
|
writer.write("\r\n");
|
|
writer.flush();
|
|
|
|
// Write the request body
|
|
writer.write(str3 + "\r\n");
|
|
writer.write(str4 + "\r\n");
|
|
writer.write(str5 + "\r\n");
|
|
writer.write("\r\n");
|
|
writer.flush();
|
|
|
|
socket.close();
|
|
} catch (IOException e) {
|
|
}
|
|
}
|
|
} |