Fabian Meumertzheim | 78623a5 | 2021-07-28 15:05:26 +0200 | [diff] [blame] | 1 | load("@io_bazel_rules_kotlin//kotlin:jvm.bzl", "kt_jvm_library") |
Fabian Meumertzheim | 57bbcf4 | 2021-10-25 08:54:11 +0200 | [diff] [blame] | 2 | load("@fmeum_rules_jni//jni:defs.bzl", "java_jni_library") |
Fabian Meumertzheim | 30730a6 | 2021-10-15 13:16:41 +0200 | [diff] [blame] | 3 | load("//bazel:compat.bzl", "SKIP_ON_MACOS", "SKIP_ON_WINDOWS") |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 4 | load("//bazel:fuzz_target.bzl", "java_fuzz_target_test") |
| 5 | |
| 6 | java_fuzz_target_test( |
Fabian Meumertzheim | 8ffc98f | 2021-10-13 12:06:15 +0200 | [diff] [blame] | 7 | name = "Autofuzz", |
Fabian Meumertzheim | bd4e75f | 2022-03-07 18:43:57 +0100 | [diff] [blame^] | 8 | expected_findings = ["java.lang.ArrayIndexOutOfBoundsException"], |
Fabian Meumertzheim | 8ffc98f | 2021-10-13 12:06:15 +0200 | [diff] [blame] | 9 | fuzzer_args = [ |
| 10 | "--autofuzz=com.google.json.JsonSanitizer::sanitize", |
| 11 | # Exit after the first finding for testing purposes. |
| 12 | "--keep_going=1", |
| 13 | ], |
| 14 | runtime_deps = [ |
| 15 | "@maven//:com_mikesamuel_json_sanitizer", |
| 16 | ], |
| 17 | ) |
| 18 | |
| 19 | java_fuzz_target_test( |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 20 | name = "ExampleFuzzer", |
| 21 | srcs = [ |
| 22 | "src/main/java/com/example/ExampleFuzzer.java", |
| 23 | "src/main/java/com/example/ExampleFuzzerHooks.java", |
| 24 | ], |
| 25 | # Comment out the next line to keep the fuzzer running indefinitely. |
| 26 | hook_classes = ["com.example.ExampleFuzzerHooks"], |
| 27 | target_class = "com.example.ExampleFuzzer", |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 28 | ) |
| 29 | |
Fabian Meumertzheim | 57bbcf4 | 2021-10-25 08:54:11 +0200 | [diff] [blame] | 30 | java_jni_library( |
Fabian Meumertzheim | 27b15be | 2021-10-08 15:41:08 +0200 | [diff] [blame] | 31 | name = "example_fuzzer_with_native_lib", |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 32 | srcs = [ |
| 33 | "src/main/java/com/example/ExampleFuzzerWithNative.java", |
| 34 | ], |
Fabian Meumertzheim | 40c3bd4 | 2021-08-01 22:10:08 +0200 | [diff] [blame] | 35 | native_libs = [ |
Fabian Meumertzheim | 27b15be | 2021-10-08 15:41:08 +0200 | [diff] [blame] | 36 | "//examples/src/main/native/com/example:native_asan", |
| 37 | "//examples/src/main/native/com/example:native_ubsan", |
Fabian Meumertzheim | 40c3bd4 | 2021-08-01 22:10:08 +0200 | [diff] [blame] | 38 | ], |
Fabian Meumertzheim | 27b15be | 2021-10-08 15:41:08 +0200 | [diff] [blame] | 39 | visibility = ["//examples/src/main/native/com/example:__pkg__"], |
| 40 | deps = [ |
| 41 | "//agent:jazzer_api_compile_only", |
| 42 | ], |
| 43 | ) |
| 44 | |
| 45 | java_fuzz_target_test( |
| 46 | name = "ExampleFuzzerWithASan", |
| 47 | fuzzer_args = ["--jvm_args=-Djazzer.native_lib=native_asan"], |
Fabian Meumertzheim | 224e8d0 | 2021-06-09 10:03:53 +0200 | [diff] [blame] | 48 | sanitizer = "address", |
Fabian Meumertzheim | 10a743b | 2021-04-11 11:15:26 +0200 | [diff] [blame] | 49 | target_class = "com.example.ExampleFuzzerWithNative", |
Norbert Schneider | 0a80fb8 | 2022-01-12 08:48:37 +0100 | [diff] [blame] | 50 | verify_crash_reproducer = False, |
Fabian Meumertzheim | 27b15be | 2021-10-08 15:41:08 +0200 | [diff] [blame] | 51 | runtime_deps = [ |
| 52 | ":example_fuzzer_with_native_lib", |
| 53 | ], |
Fabian Meumertzheim | 224e8d0 | 2021-06-09 10:03:53 +0200 | [diff] [blame] | 54 | ) |
| 55 | |
| 56 | java_fuzz_target_test( |
| 57 | name = "ExampleFuzzerWithUBSan", |
Fabian Meumertzheim | 27b15be | 2021-10-08 15:41:08 +0200 | [diff] [blame] | 58 | fuzzer_args = ["--jvm_args=-Djazzer.native_lib=native_ubsan"], |
Fabian Meumertzheim | 224e8d0 | 2021-06-09 10:03:53 +0200 | [diff] [blame] | 59 | sanitizer = "undefined", |
Fabian Meumertzheim | 224e8d0 | 2021-06-09 10:03:53 +0200 | [diff] [blame] | 60 | target_class = "com.example.ExampleFuzzerWithNative", |
Fabian Meumertzheim | 30730a6 | 2021-10-15 13:16:41 +0200 | [diff] [blame] | 61 | # Crashes at runtime without an error message. |
| 62 | target_compatible_with = SKIP_ON_WINDOWS, |
Norbert Schneider | 0a80fb8 | 2022-01-12 08:48:37 +0100 | [diff] [blame] | 63 | verify_crash_reproducer = False, |
Fabian Meumertzheim | 27b15be | 2021-10-08 15:41:08 +0200 | [diff] [blame] | 64 | runtime_deps = [ |
| 65 | ":example_fuzzer_with_native_lib", |
| 66 | ], |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 67 | ) |
| 68 | |
| 69 | java_fuzz_target_test( |
Fabian Meumertzheim | 46c87ab | 2021-03-25 17:02:34 +0100 | [diff] [blame] | 70 | name = "ExamplePathTraversalFuzzer", |
| 71 | srcs = [ |
| 72 | "src/main/java/com/example/ExamplePathTraversalFuzzer.java", |
| 73 | "src/main/java/com/example/ExamplePathTraversalFuzzerHooks.java", |
| 74 | ], |
| 75 | hook_classes = ["com.example.ExamplePathTraversalFuzzerHooks"], |
| 76 | target_class = "com.example.ExamplePathTraversalFuzzer", |
| 77 | ) |
| 78 | |
| 79 | java_fuzz_target_test( |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 80 | name = "ExampleValueProfileFuzzer", |
| 81 | srcs = [ |
| 82 | "src/main/java/com/example/ExampleValueProfileFuzzer.java", |
| 83 | ], |
Fabian Meumertzheim | bd4e75f | 2022-03-07 18:43:57 +0100 | [diff] [blame^] | 84 | expected_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 85 | # Comment out the next line to keep the fuzzer running indefinitely. |
| 86 | fuzzer_args = ["-use_value_profile=1"], |
| 87 | target_class = "com.example.ExampleValueProfileFuzzer", |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 88 | ) |
| 89 | |
| 90 | java_fuzz_target_test( |
Fabian Meumertzheim | 197c593 | 2022-02-21 16:28:21 +0100 | [diff] [blame] | 91 | name = "MazeFuzzer", |
| 92 | srcs = [ |
| 93 | "src/main/java/com/example/MazeFuzzer.java", |
| 94 | ], |
Fabian Meumertzheim | bd4e75f | 2022-03-07 18:43:57 +0100 | [diff] [blame^] | 95 | expected_findings = ["com.example.MazeFuzzer$$TreasureFoundException"], |
Fabian Meumertzheim | 197c593 | 2022-02-21 16:28:21 +0100 | [diff] [blame] | 96 | fuzzer_args = ["-use_value_profile=1"], |
| 97 | target_class = "com.example.MazeFuzzer", |
| 98 | ) |
| 99 | |
| 100 | java_fuzz_target_test( |
Fabian Meumertzheim | ea12140 | 2021-03-12 11:25:14 +0100 | [diff] [blame] | 101 | name = "ExampleOutOfMemoryFuzzer", |
| 102 | srcs = [ |
| 103 | "src/main/java/com/example/ExampleOutOfMemoryFuzzer.java", |
| 104 | ], |
Fabian Meumertzheim | bd4e75f | 2022-03-07 18:43:57 +0100 | [diff] [blame^] | 105 | expected_findings = ["java.lang.OutOfMemoryError"], |
Fabian Meumertzheim | ea12140 | 2021-03-12 11:25:14 +0100 | [diff] [blame] | 106 | fuzzer_args = ["--jvm_args=-Xmx512m"], |
| 107 | target_class = "com.example.ExampleOutOfMemoryFuzzer", |
| 108 | ) |
| 109 | |
| 110 | java_fuzz_target_test( |
Fabian Meumertzheim | 6e2e580 | 2021-03-24 10:14:13 +0100 | [diff] [blame] | 111 | name = "ExampleStackOverflowFuzzer", |
| 112 | srcs = [ |
| 113 | "src/main/java/com/example/ExampleStackOverflowFuzzer.java", |
| 114 | ], |
Fabian Meumertzheim | bd4e75f | 2022-03-07 18:43:57 +0100 | [diff] [blame^] | 115 | expected_findings = ["java.lang.StackOverflowError"], |
Fabian Meumertzheim | 10a743b | 2021-04-11 11:15:26 +0200 | [diff] [blame] | 116 | target_class = "com.example.ExampleStackOverflowFuzzer", |
Fabian Meumertzheim | 4f92739 | 2021-10-15 13:13:16 +0200 | [diff] [blame] | 117 | # Crashes with a segfault before any stack trace printing is reached. |
| 118 | target_compatible_with = SKIP_ON_MACOS, |
Fabian Meumertzheim | 6e2e580 | 2021-03-24 10:14:13 +0100 | [diff] [blame] | 119 | ) |
| 120 | |
Fabian Meumertzheim | f4e3fc2 | 2021-12-13 13:58:00 +0100 | [diff] [blame] | 121 | # WARNING: This fuzz target uses a vulnerable version of log4j, which could result in the execution |
| 122 | # of arbitrary code during fuzzing if executed with an older JDK. Use at your own risk. |
Fabian Meumertzheim | 6e2e580 | 2021-03-24 10:14:13 +0100 | [diff] [blame] | 123 | java_fuzz_target_test( |
Fabian Meumertzheim | 6ae6784 | 2021-12-10 16:07:03 +0100 | [diff] [blame] | 124 | name = "Log4jFuzzer", |
| 125 | timeout = "long", |
| 126 | srcs = [ |
| 127 | "src/main/java/com/example/Log4jFuzzer.java", |
| 128 | ], |
| 129 | fuzzer_args = [ |
| 130 | "-fork=4", |
| 131 | "-use_value_profile=1", |
| 132 | ], |
| 133 | # Finding this bug takes ~5 minutes on a decent laptop, but the GitHub Actions machines are not |
| 134 | # powerful enough to run it as part of our test suite. |
| 135 | tags = ["manual"], |
| 136 | target_class = "com.example.Log4jFuzzer", |
| 137 | deps = [ |
| 138 | "@maven//:org_apache_logging_log4j_log4j_api", |
| 139 | "@maven//:org_apache_logging_log4j_log4j_core", |
| 140 | ], |
| 141 | ) |
| 142 | |
| 143 | java_fuzz_target_test( |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 144 | name = "JpegImageParserFuzzer", |
Fabian Meumertzheim | 0dbda45 | 2022-03-01 10:45:35 +0100 | [diff] [blame] | 145 | size = "enormous", |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 146 | srcs = [ |
| 147 | "src/main/java/com/example/JpegImageParserFuzzer.java", |
| 148 | ], |
Fabian Meumertzheim | bd4e75f | 2022-03-07 18:43:57 +0100 | [diff] [blame^] | 149 | expected_findings = ["java.lang.NegativeArraySizeException"], |
Fabian Meumertzheim | 7f9f12d | 2021-05-27 16:46:45 +0200 | [diff] [blame] | 150 | fuzzer_args = [ |
Norbert Schneider | 79b6e03 | 2022-02-28 09:54:59 +0100 | [diff] [blame] | 151 | "-fork=3", |
Fabian Meumertzheim | 0dbda45 | 2022-03-01 10:45:35 +0100 | [diff] [blame] | 152 | ], |
Fabian Meumertzheim | 10a743b | 2021-04-11 11:15:26 +0200 | [diff] [blame] | 153 | target_class = "com.example.JpegImageParserFuzzer", |
Fabian Meumertzheim | 4f92739 | 2021-10-15 13:13:16 +0200 | [diff] [blame] | 154 | # The exit codes of the forked libFuzzer processes are not picked up correctly. |
| 155 | target_compatible_with = SKIP_ON_MACOS, |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 156 | deps = [ |
| 157 | "@maven//:org_apache_commons_commons_imaging", |
| 158 | ], |
| 159 | ) |
| 160 | |
| 161 | java_fuzz_target_test( |
| 162 | name = "GifImageParserFuzzer", |
| 163 | srcs = [ |
| 164 | "src/main/java/com/example/GifImageParserFuzzer.java", |
| 165 | ], |
Fabian Meumertzheim | bd4e75f | 2022-03-07 18:43:57 +0100 | [diff] [blame^] | 166 | expected_findings = [ |
| 167 | "java.lang.ArrayIndexOutOfBoundsException", |
| 168 | "java.lang.IllegalArgumentException", |
| 169 | "java.lang.OutOfMemoryError", |
| 170 | ], |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 171 | target_class = "com.example.GifImageParserFuzzer", |
| 172 | deps = [ |
| 173 | "@maven//:org_apache_commons_commons_imaging", |
| 174 | ], |
| 175 | ) |
| 176 | |
| 177 | java_fuzz_target_test( |
| 178 | name = "TiffImageParserFuzzer", |
| 179 | srcs = [ |
| 180 | "src/main/java/com/example/TiffImageParserFuzzer.java", |
| 181 | ], |
| 182 | tags = ["manual"], |
| 183 | target_class = "com.example.TiffImageParserFuzzer", |
| 184 | deps = [ |
| 185 | "@maven//:org_apache_commons_commons_imaging", |
| 186 | ], |
| 187 | ) |
| 188 | |
| 189 | java_fuzz_target_test( |
Fabian Meumertzheim | 3ad06ca | 2021-03-01 18:04:53 +0100 | [diff] [blame] | 190 | name = "JsonSanitizerCrashFuzzer", |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 191 | srcs = [ |
Fabian Meumertzheim | 3ad06ca | 2021-03-01 18:04:53 +0100 | [diff] [blame] | 192 | "src/main/java/com/example/JsonSanitizerCrashFuzzer.java", |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 193 | ], |
Fabian Meumertzheim | bd4e75f | 2022-03-07 18:43:57 +0100 | [diff] [blame^] | 194 | expected_findings = ["java.lang.IndexOutOfBoundsException"], |
Fabian Meumertzheim | 3ad06ca | 2021-03-01 18:04:53 +0100 | [diff] [blame] | 195 | target_class = "com.example.JsonSanitizerCrashFuzzer", |
| 196 | deps = [ |
| 197 | "@maven//:com_mikesamuel_json_sanitizer", |
| 198 | ], |
| 199 | ) |
| 200 | |
| 201 | java_fuzz_target_test( |
| 202 | name = "JsonSanitizerDenylistFuzzer", |
| 203 | srcs = [ |
| 204 | "src/main/java/com/example/JsonSanitizerDenylistFuzzer.java", |
| 205 | ], |
Fabian Meumertzheim | bd4e75f | 2022-03-07 18:43:57 +0100 | [diff] [blame^] | 206 | expected_findings = ["java.lang.AssertionError"], |
Fabian Meumertzheim | 3ad06ca | 2021-03-01 18:04:53 +0100 | [diff] [blame] | 207 | target_class = "com.example.JsonSanitizerDenylistFuzzer", |
| 208 | deps = [ |
| 209 | "@maven//:com_mikesamuel_json_sanitizer", |
| 210 | ], |
| 211 | ) |
| 212 | |
Fabian Meumertzheim | 5521236 | 2021-08-02 13:40:51 +0200 | [diff] [blame] | 213 | java_binary( |
Fabian Meumertzheim | d474119 | 2021-10-19 13:43:45 +0200 | [diff] [blame] | 214 | name = "JsonSanitizerReplayerCrash", |
Fabian Meumertzheim | 5521236 | 2021-08-02 13:40:51 +0200 | [diff] [blame] | 215 | data = [ |
| 216 | ":json_sanitizer_denylist_crash", |
| 217 | ], |
| 218 | main_class = "com.code_intelligence.jazzer.replay.Replayer", |
| 219 | runtime_deps = [ |
| 220 | ":JsonSanitizerDenylistFuzzer_target_deploy.jar", |
| 221 | "//agent/src/main/java/com/code_intelligence/jazzer/replay:Replayer_deploy.jar", |
| 222 | ], |
| 223 | ) |
| 224 | |
| 225 | sh_test( |
Fabian Meumertzheim | d474119 | 2021-10-19 13:43:45 +0200 | [diff] [blame] | 226 | name = "JsonSanitizerReplayerCrashTest", |
Fabian Meumertzheim | 5521236 | 2021-08-02 13:40:51 +0200 | [diff] [blame] | 227 | srcs = ["check_for_finding.sh"], |
| 228 | args = [ |
Fabian Meumertzheim | d474119 | 2021-10-19 13:43:45 +0200 | [diff] [blame] | 229 | "jazzer/$(rootpath :JsonSanitizerReplayerCrash)", |
Fabian Meumertzheim | 5521236 | 2021-08-02 13:40:51 +0200 | [diff] [blame] | 230 | "com.example.JsonSanitizerDenylistFuzzer", |
Fabian Meumertzheim | d474119 | 2021-10-19 13:43:45 +0200 | [diff] [blame] | 231 | "jazzer/$(rootpath :json_sanitizer_denylist_crash)", |
Fabian Meumertzheim | 5521236 | 2021-08-02 13:40:51 +0200 | [diff] [blame] | 232 | ], |
| 233 | data = [ |
Fabian Meumertzheim | d474119 | 2021-10-19 13:43:45 +0200 | [diff] [blame] | 234 | ":JsonSanitizerReplayerCrash", |
Fabian Meumertzheim | 5521236 | 2021-08-02 13:40:51 +0200 | [diff] [blame] | 235 | ":json_sanitizer_denylist_crash", |
| 236 | ], |
Fabian Meumertzheim | d474119 | 2021-10-19 13:43:45 +0200 | [diff] [blame] | 237 | deps = [ |
| 238 | "@bazel_tools//tools/bash/runfiles", |
| 239 | ], |
Fabian Meumertzheim | 5521236 | 2021-08-02 13:40:51 +0200 | [diff] [blame] | 240 | ) |
| 241 | |
Fabian Meumertzheim | 3ad06ca | 2021-03-01 18:04:53 +0100 | [diff] [blame] | 242 | java_fuzz_target_test( |
| 243 | name = "JsonSanitizerIdempotenceFuzzer", |
| 244 | srcs = [ |
| 245 | "src/main/java/com/example/JsonSanitizerIdempotenceFuzzer.java", |
| 246 | ], |
Fabian Meumertzheim | bd4e75f | 2022-03-07 18:43:57 +0100 | [diff] [blame^] | 247 | expected_findings = ["java.lang.AssertionError"], |
Fabian Meumertzheim | 3ad06ca | 2021-03-01 18:04:53 +0100 | [diff] [blame] | 248 | target_class = "com.example.JsonSanitizerIdempotenceFuzzer", |
| 249 | deps = [ |
| 250 | "@maven//:com_mikesamuel_json_sanitizer", |
| 251 | ], |
| 252 | ) |
| 253 | |
| 254 | java_fuzz_target_test( |
| 255 | name = "JsonSanitizerValidJsonFuzzer", |
| 256 | srcs = [ |
| 257 | "src/main/java/com/example/JsonSanitizerValidJsonFuzzer.java", |
| 258 | ], |
Fabian Meumertzheim | bd4e75f | 2022-03-07 18:43:57 +0100 | [diff] [blame^] | 259 | expected_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], |
Fabian Meumertzheim | 3ad06ca | 2021-03-01 18:04:53 +0100 | [diff] [blame] | 260 | target_class = "com.example.JsonSanitizerValidJsonFuzzer", |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 261 | deps = [ |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 262 | "@maven//:com_google_code_gson_gson", |
| 263 | "@maven//:com_mikesamuel_json_sanitizer", |
| 264 | ], |
| 265 | ) |
| 266 | |
| 267 | java_fuzz_target_test( |
| 268 | name = "JacksonCborFuzzer", |
| 269 | srcs = [ |
| 270 | "src/main/java/com/example/JacksonCborFuzzer.java", |
| 271 | ], |
Fabian Meumertzheim | bd4e75f | 2022-03-07 18:43:57 +0100 | [diff] [blame^] | 272 | expected_findings = ["java.lang.NullPointerException"], |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 273 | target_class = "com.example.JacksonCborFuzzer", |
| 274 | deps = [ |
| 275 | "@maven//:com_fasterxml_jackson_core_jackson_core", |
| 276 | "@maven//:com_fasterxml_jackson_core_jackson_databind", |
| 277 | "@maven//:com_fasterxml_jackson_dataformat_jackson_dataformat_cbor", |
| 278 | ], |
| 279 | ) |
| 280 | |
| 281 | java_fuzz_target_test( |
| 282 | name = "FastJsonFuzzer", |
| 283 | srcs = [ |
| 284 | "src/main/java/com/example/FastJsonFuzzer.java", |
| 285 | ], |
Fabian Meumertzheim | bd4e75f | 2022-03-07 18:43:57 +0100 | [diff] [blame^] | 286 | expected_findings = ["java.lang.NumberFormatException"], |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 287 | target_class = "com.example.FastJsonFuzzer", |
| 288 | deps = [ |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 289 | "@maven//:com_alibaba_fastjson", |
| 290 | ], |
| 291 | ) |
| 292 | |
Fabian Meumertzheim | e51010f | 2021-03-08 16:01:14 +0100 | [diff] [blame] | 293 | kt_jvm_library( |
| 294 | name = "KlaxonFuzzTarget", |
| 295 | srcs = [ |
| 296 | "src/main/java/com/example/KlaxonFuzzer.kt", |
| 297 | ], |
| 298 | deps = [ |
Fabian Meumertzheim | 4179c2f | 2021-06-25 10:27:36 +0200 | [diff] [blame] | 299 | "//agent:jazzer_api_compile_only", |
Fabian Meumertzheim | e51010f | 2021-03-08 16:01:14 +0100 | [diff] [blame] | 300 | "@maven//:com_beust_klaxon", |
| 301 | ], |
| 302 | ) |
| 303 | |
| 304 | java_fuzz_target_test( |
| 305 | name = "KlaxonFuzzer", |
Fabian Meumertzheim | bd4e75f | 2022-03-07 18:43:57 +0100 | [diff] [blame^] | 306 | expected_findings = [ |
| 307 | "java.lang.ClassCastException", |
| 308 | "java.lang.IllegalStateException", |
| 309 | "java.lang.NumberFormatException", |
| 310 | ], |
Fabian Meumertzheim | e51010f | 2021-03-08 16:01:14 +0100 | [diff] [blame] | 311 | fuzzer_args = [ |
| 312 | "--keep_going=7", |
Fabian Meumertzheim | e51010f | 2021-03-08 16:01:14 +0100 | [diff] [blame] | 313 | ], |
| 314 | target_class = "com.example.KlaxonFuzzer", |
| 315 | runtime_deps = [":KlaxonFuzzTarget"], |
| 316 | ) |
| 317 | |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 318 | java_fuzz_target_test( |
| 319 | name = "TurboJpegFuzzer", |
| 320 | srcs = [ |
| 321 | "src/main/java/com/example/TurboJpegFuzzer.java", |
| 322 | ], |
Norbert Schneider | 0a80fb8 | 2022-01-12 08:48:37 +0100 | [diff] [blame] | 323 | data = [ |
| 324 | "@libjpeg_turbo//:turbojpeg_native", |
| 325 | ], |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 326 | fuzzer_args = [ |
| 327 | "-rss_limit_mb=8196", |
| 328 | ], |
Fabian Meumertzheim | 224e8d0 | 2021-06-09 10:03:53 +0200 | [diff] [blame] | 329 | sanitizer = "address", |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 330 | tags = ["manual"], |
| 331 | target_class = "com.example.TurboJpegFuzzer", |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 332 | deps = [ |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 333 | "@libjpeg_turbo//:turbojpeg_java", |
| 334 | ], |
| 335 | ) |
| 336 | |
| 337 | java_binary( |
| 338 | name = "examples", |
| 339 | create_executable = False, |
Fabian Meumertzheim | 54347de | 2021-09-11 16:07:34 +0200 | [diff] [blame] | 340 | visibility = ["//visibility:public"], |
| 341 | runtime_deps = [ |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 342 | ":ExampleFuzzer_target_deploy.jar", |
| 343 | ":ExampleValueProfileFuzzer_target_deploy.jar", |
| 344 | ":FastJsonFuzzer_target_deploy.jar", |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 345 | ":JacksonCborFuzzer_target_deploy.jar", |
| 346 | ":JpegImageParserFuzzer_target_deploy.jar", |
Fabian Meumertzheim | 3ad06ca | 2021-03-01 18:04:53 +0100 | [diff] [blame] | 347 | ":JsonSanitizerDenylistFuzzer_target_deploy.jar", |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 348 | ], |
Fabian Meumertzheim | 5246e52 | 2021-01-29 16:20:19 +0100 | [diff] [blame] | 349 | ) |