Gitiles
Code Review Sign In
android-review.linaro.org / platform / external / jazzer-api / bd4e75f7892478affad0c298dd20731b4483b855 / . / examples / BUILD.bazel
blob: a9cd04e4f10a9348cdbecf7ca7fa7a0c03b02d3b [file] [log] [blame]
Fabian Meumertzheim78623a52021-07-28 15:05:26 +0200[diff] [blame]1load("@io_bazel_rules_kotlin//kotlin:jvm.bzl", "kt_jvm_library")
Fabian Meumertzheim57bbcf42021-10-25 08:54:11 +0200[diff] [blame]2load("@fmeum_rules_jni//jni:defs.bzl", "java_jni_library")
Fabian Meumertzheim30730a62021-10-15 13:16:41 +0200[diff] [blame]3load("//bazel:compat.bzl", "SKIP_ON_MACOS", "SKIP_ON_WINDOWS")
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]4load("//bazel:fuzz_target.bzl", "java_fuzz_target_test")
5
6java_fuzz_target_test(
Fabian Meumertzheim8ffc98f2021-10-13 12:06:15 +0200[diff] [blame]7 name = "Autofuzz",
Fabian Meumertzheimbd4e75f2022-03-07 18:43:57 +0100[diff] [blame^]8 expected_findings = ["java.lang.ArrayIndexOutOfBoundsException"],
Fabian Meumertzheim8ffc98f2021-10-13 12:06:15 +0200[diff] [blame]9 fuzzer_args = [
10 "--autofuzz=com.google.json.JsonSanitizer::sanitize",
11 # Exit after the first finding for testing purposes.
12 "--keep_going=1",
13 ],
14 runtime_deps = [
15 "@maven//:com_mikesamuel_json_sanitizer",
16 ],
17)
18
19java_fuzz_target_test(
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]20 name = "ExampleFuzzer",
21 srcs = [
22 "src/main/java/com/example/ExampleFuzzer.java",
23 "src/main/java/com/example/ExampleFuzzerHooks.java",
24 ],
25 # Comment out the next line to keep the fuzzer running indefinitely.
26 hook_classes = ["com.example.ExampleFuzzerHooks"],
27 target_class = "com.example.ExampleFuzzer",
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]28)
29
Fabian Meumertzheim57bbcf42021-10-25 08:54:11 +0200[diff] [blame]30java_jni_library(
Fabian Meumertzheim27b15be2021-10-08 15:41:08 +0200[diff] [blame]31 name = "example_fuzzer_with_native_lib",
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]32 srcs = [
33 "src/main/java/com/example/ExampleFuzzerWithNative.java",
34 ],
Fabian Meumertzheim40c3bd42021-08-01 22:10:08 +0200[diff] [blame]35 native_libs = [
Fabian Meumertzheim27b15be2021-10-08 15:41:08 +0200[diff] [blame]36 "//examples/src/main/native/com/example:native_asan",
37 "//examples/src/main/native/com/example:native_ubsan",
Fabian Meumertzheim40c3bd42021-08-01 22:10:08 +0200[diff] [blame]38 ],
Fabian Meumertzheim27b15be2021-10-08 15:41:08 +0200[diff] [blame]39 visibility = ["//examples/src/main/native/com/example:__pkg__"],
40 deps = [
41 "//agent:jazzer_api_compile_only",
42 ],
43)
44
45java_fuzz_target_test(
46 name = "ExampleFuzzerWithASan",
47 fuzzer_args = ["--jvm_args=-Djazzer.native_lib=native_asan"],
Fabian Meumertzheim224e8d02021-06-09 10:03:53 +0200[diff] [blame]48 sanitizer = "address",
Fabian Meumertzheim10a743b2021-04-11 11:15:26 +0200[diff] [blame]49 target_class = "com.example.ExampleFuzzerWithNative",
Norbert Schneider0a80fb82022-01-12 08:48:37 +0100[diff] [blame]50 verify_crash_reproducer = False,
Fabian Meumertzheim27b15be2021-10-08 15:41:08 +0200[diff] [blame]51 runtime_deps = [
52 ":example_fuzzer_with_native_lib",
53 ],
Fabian Meumertzheim224e8d02021-06-09 10:03:53 +0200[diff] [blame]54)
55
56java_fuzz_target_test(
57 name = "ExampleFuzzerWithUBSan",
Fabian Meumertzheim27b15be2021-10-08 15:41:08 +0200[diff] [blame]58 fuzzer_args = ["--jvm_args=-Djazzer.native_lib=native_ubsan"],
Fabian Meumertzheim224e8d02021-06-09 10:03:53 +0200[diff] [blame]59 sanitizer = "undefined",
Fabian Meumertzheim224e8d02021-06-09 10:03:53 +0200[diff] [blame]60 target_class = "com.example.ExampleFuzzerWithNative",
Fabian Meumertzheim30730a62021-10-15 13:16:41 +0200[diff] [blame]61 # Crashes at runtime without an error message.
62 target_compatible_with = SKIP_ON_WINDOWS,
Norbert Schneider0a80fb82022-01-12 08:48:37 +0100[diff] [blame]63 verify_crash_reproducer = False,
Fabian Meumertzheim27b15be2021-10-08 15:41:08 +0200[diff] [blame]64 runtime_deps = [
65 ":example_fuzzer_with_native_lib",
66 ],
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]67)
68
69java_fuzz_target_test(
Fabian Meumertzheim46c87ab2021-03-25 17:02:34 +0100[diff] [blame]70 name = "ExamplePathTraversalFuzzer",
71 srcs = [
72 "src/main/java/com/example/ExamplePathTraversalFuzzer.java",
73 "src/main/java/com/example/ExamplePathTraversalFuzzerHooks.java",
74 ],
75 hook_classes = ["com.example.ExamplePathTraversalFuzzerHooks"],
76 target_class = "com.example.ExamplePathTraversalFuzzer",
77)
78
79java_fuzz_target_test(
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]80 name = "ExampleValueProfileFuzzer",
81 srcs = [
82 "src/main/java/com/example/ExampleValueProfileFuzzer.java",
83 ],
Fabian Meumertzheimbd4e75f2022-03-07 18:43:57 +0100[diff] [blame^]84 expected_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"],
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]85 # Comment out the next line to keep the fuzzer running indefinitely.
86 fuzzer_args = ["-use_value_profile=1"],
87 target_class = "com.example.ExampleValueProfileFuzzer",
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]88)
89
90java_fuzz_target_test(
Fabian Meumertzheim197c5932022-02-21 16:28:21 +0100[diff] [blame]91 name = "MazeFuzzer",
92 srcs = [
93 "src/main/java/com/example/MazeFuzzer.java",
94 ],
Fabian Meumertzheimbd4e75f2022-03-07 18:43:57 +0100[diff] [blame^]95 expected_findings = ["com.example.MazeFuzzer$$TreasureFoundException"],
Fabian Meumertzheim197c5932022-02-21 16:28:21 +0100[diff] [blame]96 fuzzer_args = ["-use_value_profile=1"],
97 target_class = "com.example.MazeFuzzer",
98)
99
100java_fuzz_target_test(
Fabian Meumertzheimea121402021-03-12 11:25:14 +0100[diff] [blame]101 name = "ExampleOutOfMemoryFuzzer",
102 srcs = [
103 "src/main/java/com/example/ExampleOutOfMemoryFuzzer.java",
104 ],
Fabian Meumertzheimbd4e75f2022-03-07 18:43:57 +0100[diff] [blame^]105 expected_findings = ["java.lang.OutOfMemoryError"],
Fabian Meumertzheimea121402021-03-12 11:25:14 +0100[diff] [blame]106 fuzzer_args = ["--jvm_args=-Xmx512m"],
107 target_class = "com.example.ExampleOutOfMemoryFuzzer",
108)
109
110java_fuzz_target_test(
Fabian Meumertzheim6e2e5802021-03-24 10:14:13 +0100[diff] [blame]111 name = "ExampleStackOverflowFuzzer",
112 srcs = [
113 "src/main/java/com/example/ExampleStackOverflowFuzzer.java",
114 ],
Fabian Meumertzheimbd4e75f2022-03-07 18:43:57 +0100[diff] [blame^]115 expected_findings = ["java.lang.StackOverflowError"],
Fabian Meumertzheim10a743b2021-04-11 11:15:26 +0200[diff] [blame]116 target_class = "com.example.ExampleStackOverflowFuzzer",
Fabian Meumertzheim4f927392021-10-15 13:13:16 +0200[diff] [blame]117 # Crashes with a segfault before any stack trace printing is reached.
118 target_compatible_with = SKIP_ON_MACOS,
Fabian Meumertzheim6e2e5802021-03-24 10:14:13 +0100[diff] [blame]119)
120
Fabian Meumertzheimf4e3fc22021-12-13 13:58:00 +0100[diff] [blame]121# WARNING: This fuzz target uses a vulnerable version of log4j, which could result in the execution
122# of arbitrary code during fuzzing if executed with an older JDK. Use at your own risk.
Fabian Meumertzheim6e2e5802021-03-24 10:14:13 +0100[diff] [blame]123java_fuzz_target_test(
Fabian Meumertzheim6ae67842021-12-10 16:07:03 +0100[diff] [blame]124 name = "Log4jFuzzer",
125 timeout = "long",
126 srcs = [
127 "src/main/java/com/example/Log4jFuzzer.java",
128 ],
129 fuzzer_args = [
130 "-fork=4",
131 "-use_value_profile=1",
132 ],
133 # Finding this bug takes ~5 minutes on a decent laptop, but the GitHub Actions machines are not
134 # powerful enough to run it as part of our test suite.
135 tags = ["manual"],
136 target_class = "com.example.Log4jFuzzer",
137 deps = [
138 "@maven//:org_apache_logging_log4j_log4j_api",
139 "@maven//:org_apache_logging_log4j_log4j_core",
140 ],
141)
142
143java_fuzz_target_test(
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]144 name = "JpegImageParserFuzzer",
Fabian Meumertzheim0dbda452022-03-01 10:45:35 +0100[diff] [blame]145 size = "enormous",
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]146 srcs = [
147 "src/main/java/com/example/JpegImageParserFuzzer.java",
148 ],
Fabian Meumertzheimbd4e75f2022-03-07 18:43:57 +0100[diff] [blame^]149 expected_findings = ["java.lang.NegativeArraySizeException"],
Fabian Meumertzheim7f9f12d2021-05-27 16:46:45 +0200[diff] [blame]150 fuzzer_args = [
Norbert Schneider79b6e032022-02-28 09:54:59 +0100[diff] [blame]151 "-fork=3",
Fabian Meumertzheim0dbda452022-03-01 10:45:35 +0100[diff] [blame]152 ],
Fabian Meumertzheim10a743b2021-04-11 11:15:26 +0200[diff] [blame]153 target_class = "com.example.JpegImageParserFuzzer",
Fabian Meumertzheim4f927392021-10-15 13:13:16 +0200[diff] [blame]154 # The exit codes of the forked libFuzzer processes are not picked up correctly.
155 target_compatible_with = SKIP_ON_MACOS,
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]156 deps = [
157 "@maven//:org_apache_commons_commons_imaging",
158 ],
159)
160
161java_fuzz_target_test(
162 name = "GifImageParserFuzzer",
163 srcs = [
164 "src/main/java/com/example/GifImageParserFuzzer.java",
165 ],
Fabian Meumertzheimbd4e75f2022-03-07 18:43:57 +0100[diff] [blame^]166 expected_findings = [
167 "java.lang.ArrayIndexOutOfBoundsException",
168 "java.lang.IllegalArgumentException",
169 "java.lang.OutOfMemoryError",
170 ],
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]171 target_class = "com.example.GifImageParserFuzzer",
172 deps = [
173 "@maven//:org_apache_commons_commons_imaging",
174 ],
175)
176
177java_fuzz_target_test(
178 name = "TiffImageParserFuzzer",
179 srcs = [
180 "src/main/java/com/example/TiffImageParserFuzzer.java",
181 ],
182 tags = ["manual"],
183 target_class = "com.example.TiffImageParserFuzzer",
184 deps = [
185 "@maven//:org_apache_commons_commons_imaging",
186 ],
187)
188
189java_fuzz_target_test(
Fabian Meumertzheim3ad06ca2021-03-01 18:04:53 +0100[diff] [blame]190 name = "JsonSanitizerCrashFuzzer",
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]191 srcs = [
Fabian Meumertzheim3ad06ca2021-03-01 18:04:53 +0100[diff] [blame]192 "src/main/java/com/example/JsonSanitizerCrashFuzzer.java",
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]193 ],
Fabian Meumertzheimbd4e75f2022-03-07 18:43:57 +0100[diff] [blame^]194 expected_findings = ["java.lang.IndexOutOfBoundsException"],
Fabian Meumertzheim3ad06ca2021-03-01 18:04:53 +0100[diff] [blame]195 target_class = "com.example.JsonSanitizerCrashFuzzer",
196 deps = [
197 "@maven//:com_mikesamuel_json_sanitizer",
198 ],
199)
200
201java_fuzz_target_test(
202 name = "JsonSanitizerDenylistFuzzer",
203 srcs = [
204 "src/main/java/com/example/JsonSanitizerDenylistFuzzer.java",
205 ],
Fabian Meumertzheimbd4e75f2022-03-07 18:43:57 +0100[diff] [blame^]206 expected_findings = ["java.lang.AssertionError"],
Fabian Meumertzheim3ad06ca2021-03-01 18:04:53 +0100[diff] [blame]207 target_class = "com.example.JsonSanitizerDenylistFuzzer",
208 deps = [
209 "@maven//:com_mikesamuel_json_sanitizer",
210 ],
211)
212
Fabian Meumertzheim55212362021-08-02 13:40:51 +0200[diff] [blame]213java_binary(
Fabian Meumertzheimd4741192021-10-19 13:43:45 +0200[diff] [blame]214 name = "JsonSanitizerReplayerCrash",
Fabian Meumertzheim55212362021-08-02 13:40:51 +0200[diff] [blame]215 data = [
216 ":json_sanitizer_denylist_crash",
217 ],
218 main_class = "com.code_intelligence.jazzer.replay.Replayer",
219 runtime_deps = [
220 ":JsonSanitizerDenylistFuzzer_target_deploy.jar",
221 "//agent/src/main/java/com/code_intelligence/jazzer/replay:Replayer_deploy.jar",
222 ],
223)
224
225sh_test(
Fabian Meumertzheimd4741192021-10-19 13:43:45 +0200[diff] [blame]226 name = "JsonSanitizerReplayerCrashTest",
Fabian Meumertzheim55212362021-08-02 13:40:51 +0200[diff] [blame]227 srcs = ["check_for_finding.sh"],
228 args = [
Fabian Meumertzheimd4741192021-10-19 13:43:45 +0200[diff] [blame]229 "jazzer/$(rootpath :JsonSanitizerReplayerCrash)",
Fabian Meumertzheim55212362021-08-02 13:40:51 +0200[diff] [blame]230 "com.example.JsonSanitizerDenylistFuzzer",
Fabian Meumertzheimd4741192021-10-19 13:43:45 +0200[diff] [blame]231 "jazzer/$(rootpath :json_sanitizer_denylist_crash)",
Fabian Meumertzheim55212362021-08-02 13:40:51 +0200[diff] [blame]232 ],
233 data = [
Fabian Meumertzheimd4741192021-10-19 13:43:45 +0200[diff] [blame]234 ":JsonSanitizerReplayerCrash",
Fabian Meumertzheim55212362021-08-02 13:40:51 +0200[diff] [blame]235 ":json_sanitizer_denylist_crash",
236 ],
Fabian Meumertzheimd4741192021-10-19 13:43:45 +0200[diff] [blame]237 deps = [
238 "@bazel_tools//tools/bash/runfiles",
239 ],
Fabian Meumertzheim55212362021-08-02 13:40:51 +0200[diff] [blame]240)
241
Fabian Meumertzheim3ad06ca2021-03-01 18:04:53 +0100[diff] [blame]242java_fuzz_target_test(
243 name = "JsonSanitizerIdempotenceFuzzer",
244 srcs = [
245 "src/main/java/com/example/JsonSanitizerIdempotenceFuzzer.java",
246 ],
Fabian Meumertzheimbd4e75f2022-03-07 18:43:57 +0100[diff] [blame^]247 expected_findings = ["java.lang.AssertionError"],
Fabian Meumertzheim3ad06ca2021-03-01 18:04:53 +0100[diff] [blame]248 target_class = "com.example.JsonSanitizerIdempotenceFuzzer",
249 deps = [
250 "@maven//:com_mikesamuel_json_sanitizer",
251 ],
252)
253
254java_fuzz_target_test(
255 name = "JsonSanitizerValidJsonFuzzer",
256 srcs = [
257 "src/main/java/com/example/JsonSanitizerValidJsonFuzzer.java",
258 ],
Fabian Meumertzheimbd4e75f2022-03-07 18:43:57 +0100[diff] [blame^]259 expected_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"],
Fabian Meumertzheim3ad06ca2021-03-01 18:04:53 +0100[diff] [blame]260 target_class = "com.example.JsonSanitizerValidJsonFuzzer",
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]261 deps = [
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]262 "@maven//:com_google_code_gson_gson",
263 "@maven//:com_mikesamuel_json_sanitizer",
264 ],
265)
266
267java_fuzz_target_test(
268 name = "JacksonCborFuzzer",
269 srcs = [
270 "src/main/java/com/example/JacksonCborFuzzer.java",
271 ],
Fabian Meumertzheimbd4e75f2022-03-07 18:43:57 +0100[diff] [blame^]272 expected_findings = ["java.lang.NullPointerException"],
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]273 target_class = "com.example.JacksonCborFuzzer",
274 deps = [
275 "@maven//:com_fasterxml_jackson_core_jackson_core",
276 "@maven//:com_fasterxml_jackson_core_jackson_databind",
277 "@maven//:com_fasterxml_jackson_dataformat_jackson_dataformat_cbor",
278 ],
279)
280
281java_fuzz_target_test(
282 name = "FastJsonFuzzer",
283 srcs = [
284 "src/main/java/com/example/FastJsonFuzzer.java",
285 ],
Fabian Meumertzheimbd4e75f2022-03-07 18:43:57 +0100[diff] [blame^]286 expected_findings = ["java.lang.NumberFormatException"],
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]287 target_class = "com.example.FastJsonFuzzer",
288 deps = [
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]289 "@maven//:com_alibaba_fastjson",
290 ],
291)
292
Fabian Meumertzheime51010f2021-03-08 16:01:14 +0100[diff] [blame]293kt_jvm_library(
294 name = "KlaxonFuzzTarget",
295 srcs = [
296 "src/main/java/com/example/KlaxonFuzzer.kt",
297 ],
298 deps = [
Fabian Meumertzheim4179c2f2021-06-25 10:27:36 +0200[diff] [blame]299 "//agent:jazzer_api_compile_only",
Fabian Meumertzheime51010f2021-03-08 16:01:14 +0100[diff] [blame]300 "@maven//:com_beust_klaxon",
301 ],
302)
303
304java_fuzz_target_test(
305 name = "KlaxonFuzzer",
Fabian Meumertzheimbd4e75f2022-03-07 18:43:57 +0100[diff] [blame^]306 expected_findings = [
307 "java.lang.ClassCastException",
308 "java.lang.IllegalStateException",
309 "java.lang.NumberFormatException",
310 ],
Fabian Meumertzheime51010f2021-03-08 16:01:14 +0100[diff] [blame]311 fuzzer_args = [
312 "--keep_going=7",
Fabian Meumertzheime51010f2021-03-08 16:01:14 +0100[diff] [blame]313 ],
314 target_class = "com.example.KlaxonFuzzer",
315 runtime_deps = [":KlaxonFuzzTarget"],
316)
317
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]318java_fuzz_target_test(
319 name = "TurboJpegFuzzer",
320 srcs = [
321 "src/main/java/com/example/TurboJpegFuzzer.java",
322 ],
Norbert Schneider0a80fb82022-01-12 08:48:37 +0100[diff] [blame]323 data = [
324 "@libjpeg_turbo//:turbojpeg_native",
325 ],
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]326 fuzzer_args = [
327 "-rss_limit_mb=8196",
328 ],
Fabian Meumertzheim224e8d02021-06-09 10:03:53 +0200[diff] [blame]329 sanitizer = "address",
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]330 tags = ["manual"],
331 target_class = "com.example.TurboJpegFuzzer",
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]332 deps = [
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]333 "@libjpeg_turbo//:turbojpeg_java",
334 ],
335)
336
337java_binary(
338 name = "examples",
339 create_executable = False,
Fabian Meumertzheim54347de2021-09-11 16:07:34 +0200[diff] [blame]340 visibility = ["//visibility:public"],
341 runtime_deps = [
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]342 ":ExampleFuzzer_target_deploy.jar",
343 ":ExampleValueProfileFuzzer_target_deploy.jar",
344 ":FastJsonFuzzer_target_deploy.jar",
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]345 ":JacksonCborFuzzer_target_deploy.jar",
346 ":JpegImageParserFuzzer_target_deploy.jar",
Fabian Meumertzheim3ad06ca2021-03-01 18:04:53 +0100[diff] [blame]347 ":JsonSanitizerDenylistFuzzer_target_deploy.jar",
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]348 ],
Fabian Meumertzheim5246e522021-01-29 16:20:19 +0100[diff] [blame]349)