| load("@fmeum_rules_jni//jni:defs.bzl", "java_jni_library") |
| load("@io_bazel_rules_kotlin//kotlin:jvm.bzl", "kt_jvm_library") |
| load("//bazel:compat.bzl", "LINUX_ONLY", "SKIP_ON_MACOS", "SKIP_ON_WINDOWS") |
| load("//bazel:fuzz_target.bzl", "java_fuzz_target_test") |
| |
| java_fuzz_target_test( |
| name = "LongStringFuzzer", |
| srcs = [ |
| "src/test/java/com/example/LongStringFuzzer.java", |
| ], |
| allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], |
| data = ["src/test/java/com/example/LongStringFuzzerInput"], |
| # Additionally verify that Jazzer-Fuzz-Target-Class is picked up if --target_class isn't set. |
| deploy_manifest_lines = ["Jazzer-Fuzz-Target-Class: com.example.LongStringFuzzer"], |
| fuzzer_args = [ |
| "$(rlocationpath src/test/java/com/example/LongStringFuzzerInput)", |
| ], |
| launcher_variant = "native", |
| verify_crash_input = False, |
| ) |
| |
| java_fuzz_target_test( |
| name = "JpegImageParserAutofuzz", |
| allowed_findings = ["java.lang.NegativeArraySizeException"], |
| fuzzer_args = [ |
| "--autofuzz=org.apache.commons.imaging.formats.jpeg.JpegImageParser::getBufferedImage", |
| "--autofuzz_ignore=java.lang.NullPointerException", |
| ], |
| runtime_deps = [ |
| "@maven//:org_apache_commons_commons_imaging", |
| ], |
| ) |
| |
| java_binary( |
| name = "HookDependenciesFuzzerHooks", |
| srcs = ["src/test/java/com/example/HookDependenciesFuzzerHooks.java"], |
| create_executable = False, |
| deploy_manifest_lines = ["Jazzer-Hook-Classes: com.example.HookDependenciesFuzzerHooks"], |
| deps = ["//src/main/java/com/code_intelligence/jazzer/api:hooks"], |
| ) |
| |
| java_fuzz_target_test( |
| name = "HookDependenciesFuzzer", |
| srcs = ["src/test/java/com/example/HookDependenciesFuzzer.java"], |
| allowed_findings = [ |
| "com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow", |
| ], |
| env = {"JAVA_OPTS": "-Xverify:all"}, |
| hook_jar = "HookDependenciesFuzzerHooks_deploy.jar", |
| target_class = "com.example.HookDependenciesFuzzer", |
| verify_crash_reproducer = False, |
| ) |
| |
| java_fuzz_target_test( |
| name = "AutofuzzWithoutCoverage", |
| allowed_findings = ["java.lang.NullPointerException"], |
| fuzzer_args = [ |
| # Autofuzz a method that triggers no coverage instrumentation (the Java standard library is |
| # excluded by default). |
| "--autofuzz=java.util.regex.Pattern::compile", |
| ], |
| ) |
| |
| java_fuzz_target_test( |
| name = "ForkModeFuzzer", |
| size = "enormous", |
| srcs = [ |
| "src/test/java/com/example/ForkModeFuzzer.java", |
| ], |
| allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], |
| env = { |
| "JAVA_OPTS": "-Dfoo=not_foo -Djava_opts=1", |
| }, |
| fuzzer_args = [ |
| "-fork=2", |
| "--additional_jvm_args=-Dbaz=baz", |
| ] + select({ |
| # \\\\ becomes \\ when evaluated as a Starlark string literal, then \ in |
| # java_fuzz_target_test. |
| "@platforms//os:windows": ["--jvm_args=-Dfoo=foo;-Dbar=b\\\\;ar"], |
| "//conditions:default": ["--jvm_args=-Dfoo=foo:-Dbar=b\\\\:ar"], |
| }), |
| launcher_variant = "native", |
| # Consumes more resources than can be expressed via the size attribute. |
| tags = ["exclusive-if-local"], |
| target_class = "com.example.ForkModeFuzzer", |
| # The exit codes of the forked libFuzzer processes are not picked up correctly. |
| target_compatible_with = SKIP_ON_MACOS, |
| ) |
| |
| java_fuzz_target_test( |
| name = "CoverageFuzzer", |
| srcs = [ |
| "src/test/java/com/example/CoverageFuzzer.java", |
| ], |
| allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], |
| env = { |
| "COVERAGE_REPORT_FILE": "coverage.txt", |
| "COVERAGE_DUMP_FILE": "coverage.exec", |
| }, |
| fuzzer_args = [ |
| "-use_value_profile=1", |
| "--coverage_report=coverage.txt", |
| "--coverage_dump=coverage.exec", |
| "--instrumentation_includes=com.example.**", |
| ], |
| target_class = "com.example.CoverageFuzzer", |
| verify_crash_input = False, |
| verify_crash_reproducer = False, |
| deps = [ |
| "@maven//:org_jacoco_org_jacoco_core", |
| ], |
| ) |
| |
| java_library( |
| name = "autofuzz_inner_class_target", |
| srcs = ["src/test/java/com/example/AutofuzzInnerClassTarget.java"], |
| deps = [ |
| "//deploy:jazzer-api", |
| ], |
| ) |
| |
| java_fuzz_target_test( |
| name = "AutofuzzInnerClassFuzzer", |
| allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], |
| fuzzer_args = [ |
| "--autofuzz=com.example.AutofuzzInnerClassTarget.Middle.Inner::test", |
| ], |
| runtime_deps = [ |
| ":autofuzz_inner_class_target", |
| ], |
| ) |
| |
| # Regression test for https://github.com/CodeIntelligenceTesting/jazzer/issues/405. |
| java_fuzz_target_test( |
| name = "MemoryLeakFuzzer", |
| timeout = "moderate", |
| srcs = ["src/test/java/com/example/MemoryLeakFuzzer.java"], |
| allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], |
| env = { |
| "JAVA_OPTS": "-Xmx800m", |
| }, |
| # --keep_going ignores the only finding. |
| expect_crash = False, |
| fuzzer_args = [ |
| # Before the bug was fixed, either the GC overhead limit or the overall heap limit was |
| # reached by this target in this number of runs. |
| "-runs=1000000", |
| # Skip over the first and only exception to keep the fuzzer running until it hits the runs |
| # limit. |
| "--keep_going=2", |
| ], |
| target_class = "com.example.MemoryLeakFuzzer", |
| ) |
| |
| JAZZER_API_TEST_CASES = { |
| "default": [], |
| "nohooks": ["--nohooks"], |
| } |
| |
| [ |
| java_fuzz_target_test( |
| name = "JazzerApiFuzzer_" + case, |
| srcs = ["src/test/java/com/example/JazzerApiFuzzer.java"], |
| allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], |
| fuzzer_args = args, |
| target_class = "com.example.JazzerApiFuzzer", |
| ) |
| for case, args in JAZZER_API_TEST_CASES.items() |
| ] |
| |
| java_fuzz_target_test( |
| name = "DisabledHooksFuzzer", |
| timeout = "short", |
| srcs = ["src/test/java/com/example/DisabledHooksFuzzer.java"], |
| fuzzer_args = [ |
| "-runs=0", |
| "--custom_hooks=com.example.DisabledHook", |
| ] + select({ |
| "@platforms//os:windows": ["--disabled_hooks=com.example.DisabledHook;com.code_intelligence.jazzer.sanitizers.RegexInjection"], |
| "//conditions:default": ["--disabled_hooks=com.example.DisabledHook:com.code_intelligence.jazzer.sanitizers.RegexInjection"], |
| }), |
| target_class = "com.example.DisabledHooksFuzzer", |
| ) |
| |
| java_fuzz_target_test( |
| name = "BytesMemoryLeakFuzzer", |
| timeout = "moderate", |
| srcs = ["src/test/java/com/example/BytesMemoryLeakFuzzer.java"], |
| env = { |
| "JAVA_OPTS": "-Xmx200m", |
| }, |
| fuzzer_args = [ |
| # Before the bug was fixed, either the GC overhead limit or the overall heap limit was |
| # reached by this target in this number of runs. |
| "-runs=10000000", |
| ], |
| target_class = "com.example.BytesMemoryLeakFuzzer", |
| ) |
| |
| # Verifies that Jazzer continues fuzzing when the first two executions did not result in any |
| # coverage feedback. |
| java_fuzz_target_test( |
| name = "NoCoverageFuzzer", |
| timeout = "short", |
| srcs = ["src/test/java/com/example/NoCoverageFuzzer.java"], |
| fuzzer_args = [ |
| "-runs=10", |
| "--instrumentation_excludes=**", |
| ], |
| target_class = "com.example.NoCoverageFuzzer", |
| ) |
| |
| java_fuzz_target_test( |
| name = "SeedFuzzer", |
| timeout = "short", |
| srcs = ["src/test/java/com/example/SeedFuzzer.java"], |
| fuzzer_args = [ |
| "-runs=0", |
| "-seed=1234567", |
| ], |
| target_class = "com.example.SeedFuzzer", |
| ) |
| |
| java_fuzz_target_test( |
| name = "NoSeedFuzzer", |
| timeout = "short", |
| srcs = ["src/test/java/com/example/NoSeedFuzzer.java"], |
| env = { |
| "JAZZER_NO_EXPLICIT_SEED": "1", |
| }, |
| fuzzer_args = [ |
| "-runs=0", |
| ], |
| target_class = "com.example.NoSeedFuzzer", |
| ) |
| |
| java_jni_library( |
| name = "native_value_profile_fuzzer", |
| srcs = ["src/test/java/com/example/NativeValueProfileFuzzer.java"], |
| native_libs = ["//tests/src/test/native/com/example:native_value_profile_fuzzer"], |
| visibility = ["//tests/src/test/native/com/example:__pkg__"], |
| deps = ["//deploy:jazzer-api"], |
| ) |
| |
| java_fuzz_target_test( |
| name = "NativeValueProfileFuzzer", |
| allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], |
| fuzzer_args = [ |
| "-use_value_profile=1", |
| "--native", |
| ], |
| target_class = "com.example.NativeValueProfileFuzzer", |
| target_compatible_with = SKIP_ON_WINDOWS, |
| verify_crash_reproducer = False, |
| runtime_deps = [":native_value_profile_fuzzer"], |
| ) |
| |
| java_fuzz_target_test( |
| name = "JUnitAssertFuzzer", |
| timeout = "short", |
| srcs = ["src/test/java/com/example/JUnitAssertFuzzer.java"], |
| allowed_findings = ["org.opentest4j.AssertionFailedError"], |
| target_class = "com.example.JUnitAssertFuzzer", |
| deps = ["@maven//:org_junit_jupiter_junit_jupiter_api"], |
| ) |
| |
| java_library( |
| name = "autofuzz_ignore_target", |
| srcs = ["src/test/java/com/example/AutofuzzIgnoreTarget.java"], |
| ) |
| |
| java_fuzz_target_test( |
| name = "AutofuzzIgnoreFuzzer", |
| allowed_findings = ["java.lang.RuntimeException"], |
| fuzzer_args = [ |
| "--autofuzz=com.example.AutofuzzIgnoreTarget::doStuff", |
| "--autofuzz_ignore=java.lang.NullPointerException", |
| "--ignore=bdde2af8735993f3,0123456789ABCDEF", |
| ], |
| runtime_deps = [ |
| ":autofuzz_ignore_target", |
| ], |
| ) |
| |
| java_binary( |
| name = "CrashResistantCoverageTarget", |
| srcs = ["src/test/java/com/example/CrashResistantCoverageTarget.java"], |
| ) |
| |
| sh_test( |
| name = "crash_resistant_coverage_test", |
| srcs = ["src/test/shell/crash_resistant_coverage_test.sh"], |
| data = [ |
| "src/test/data/crash_resistant_coverage_test/crashing_seeds", |
| "src/test/data/crash_resistant_coverage_test/new_coverage_seeds/new_coverage", |
| ":CrashResistantCoverageTarget_deploy.jar", |
| "//launcher:jazzer", |
| "@bazel_tools//tools/bash/runfiles", |
| "@jacocoagent//file:jacocoagent.jar", |
| "@jacococli//file:jacococli.jar", |
| ], |
| target_compatible_with = LINUX_ONLY, |
| ) |
| |
| java_fuzz_target_test( |
| name = "JavaDriver", |
| allowed_findings = ["java.lang.NullPointerException"], |
| fuzzer_args = [ |
| "--autofuzz=java.util.regex.Pattern::compile", |
| ], |
| ) |
| |
| java_fuzz_target_test( |
| name = "JavaDriverWithFork", |
| allowed_findings = ["java.lang.NullPointerException"], |
| fuzzer_args = [ |
| "--autofuzz=java.util.regex.Pattern::compile", |
| "-fork=2", |
| ], |
| # -fork is broken on macOS for unknown reasons. |
| target_compatible_with = SKIP_ON_MACOS, |
| ) |
| |
| kt_jvm_library( |
| name = "kotlin_vararg", |
| srcs = ["src/test/java/com/example/KotlinVararg.kt"], |
| ) |
| |
| java_fuzz_target_test( |
| name = "KotlinVarargFuzzer", |
| srcs = ["src/test/java/com/example/KotlinVarargFuzzer.java"], |
| allowed_findings = ["java.io.IOException"], |
| target_class = "com.example.KotlinVarargFuzzer", |
| deps = [":kotlin_vararg"], |
| ) |
| |
| java_fuzz_target_test( |
| name = "TimeoutFuzzer", |
| timeout = "short", |
| srcs = ["src/test/java/com/example/TimeoutFuzzer.java"], |
| allowed_findings = ["timeout"], |
| fuzzer_args = [ |
| "-timeout=1", |
| ], |
| target_class = "com.example.TimeoutFuzzer", |
| verify_crash_reproducer = False, |
| ) |
| |
| java_library( |
| name = "autofuzz_crashing_setter_target", |
| srcs = ["src/test/java/com/example/AutofuzzCrashingSetterTarget.java"], |
| ) |
| |
| # Regression test for https://github.com/CodeIntelligenceTesting/jazzer/issues/586. |
| java_fuzz_target_test( |
| name = "AutofuzzCrashingSetterFuzzer", |
| fuzzer_args = [ |
| "--autofuzz=com.example.AutofuzzCrashingSetterTarget::start", |
| "--autofuzz_ignore=java.lang.NullPointerException", |
| "-runs=100000", |
| ], |
| runtime_deps = [ |
| ":autofuzz_crashing_setter_target", |
| ], |
| ) |
| |
| java_library( |
| name = "autofuzz_assertion_error_target", |
| srcs = ["src/test/java/com/example/AutofuzzAssertionErrorTarget.java"], |
| ) |
| |
| # Regression test for https://github.com/CodeIntelligenceTesting/jazzer/issues/589. |
| java_fuzz_target_test( |
| name = "AutofuzzAssertionError", |
| allowed_findings = ["java.lang.AssertionError"], |
| fuzzer_args = [ |
| "--autofuzz=com.example.AutofuzzAssertionErrorTarget::autofuzz", |
| ], |
| runtime_deps = [ |
| ":autofuzz_assertion_error_target", |
| ], |
| ) |
| |
| java_fuzz_target_test( |
| name = "SilencedFuzzer", |
| timeout = "short", |
| srcs = ["src/test/java/com/example/SilencedFuzzer.java"], |
| allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueHigh"], |
| target_class = "com.example.SilencedFuzzer", |
| ) |
| |
| java_binary( |
| name = "jacococli", |
| main_class = "org.jacoco.cli.internal.Main", |
| runtime_deps = ["@jacococli//file:jacococli.jar"], |
| ) |
| |
| java_library( |
| name = "OfflineInstrumentedTarget", |
| srcs = ["src/test/java/com/example/OfflineInstrumentedTarget.java"], |
| ) |
| |
| genrule( |
| name = "OfflineInstrumentedTargetInstrumented", |
| srcs = [":OfflineInstrumentedTarget"], |
| outs = ["OfflineInstrumentedTargetInstrumented.jar"], |
| cmd = """ |
| $(location :jacococli) instrument $< --dest jacoco-instrumented --quiet |
| cp jacoco-instrumented/*.jar $@ |
| """, |
| tags = ["manual"], |
| tools = [":jacococli"], |
| ) |
| |
| java_fuzz_target_test( |
| name = "OfflineInstrumentedFuzzer", |
| timeout = "short", |
| srcs = ["src/test/java/com/example/OfflineInstrumentedFuzzer.java"], |
| allowed_findings = ["java.lang.IllegalStateException"], |
| target_class = "com.example.OfflineInstrumentedFuzzer", |
| deps = [ |
| ":OfflineInstrumentedTargetInstrumented", |
| "@jacocoagent//file:jacocoagent.jar", # Offline instrumented classes depend on the jacoco agent |
| ], |
| ) |
| |
| # TODO: Move to //examples eventually. |
| java_fuzz_target_test( |
| name = "ExperimentalMutatorFuzzer", |
| srcs = ["src/test/java/com/example/ExperimentalMutatorFuzzer.java"], |
| allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium"], |
| fuzzer_args = [ |
| "--experimental_mutator", |
| "--instrumentation_includes=com.example.**", |
| "--custom_hook_includes=com.example.**", |
| # TODO: Investigate whether we can automatically exclude protos. |
| "--instrumentation_excludes=com.example.SimpleProto*", |
| "--custom_hook_excludes=com.example.SimpleProto*", |
| # Limit runs to catch regressions in mutator efficiency and speed up test runs. |
| "-runs=40000", |
| ], |
| target_class = "com.example.ExperimentalMutatorFuzzer", |
| verify_crash_reproducer = False, |
| deps = [ |
| "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", |
| "//tests/src/test/proto:simple_java_proto", |
| ], |
| ) |
| |
| java_fuzz_target_test( |
| name = "ExperimentalMutatorComplexProtoFuzzer", |
| srcs = ["src/test/java/com/example/ExperimentalMutatorComplexProtoFuzzer.java"], |
| allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium"], |
| fuzzer_args = [ |
| "--experimental_mutator", |
| "--instrumentation_includes=com.example.**", |
| "--custom_hook_includes=com.example.**", |
| ] + select({ |
| # Limit runs to catch regressions in mutator efficiency and speed up test runs. |
| "@platforms//os:linux": ["-runs=40000"], |
| # TODO: Investigate why this test takes far more runs on macOS, with Windows also being |
| # significantly worse than Linux. |
| "//conditions:default": ["-runs=1200000"], |
| }), |
| target_class = "com.example.ExperimentalMutatorComplexProtoFuzzer", |
| verify_crash_reproducer = False, |
| deps = [ |
| "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", |
| "//src/test/java/com/code_intelligence/jazzer/mutation/mutator/proto:proto2_java_proto", |
| ], |
| ) |
| |
| sh_test( |
| name = "jazzer_from_path_test", |
| srcs = ["src/test/shell/jazzer_from_path_test.sh"], |
| args = ["$(rlocationpath //:jazzer_release)"], |
| data = [ |
| "//:jazzer_release", |
| "@bazel_tools//tools/bash/runfiles", |
| ], |
| ) |