├── .bazelignore ├── .bazelrc ├── .bazelversion ├── .clang-format ├── .gitattributes ├── .github ├── BUILD.bazel ├── scripts │ └── echoBuildBuddyConfig.sh └── workflows │ ├── check-formatting.yml │ ├── datadog.yaml │ ├── prerelease.yaml │ ├── release.yml │ ├── run-all-tests-main.yml │ └── run-all-tests-pr.yml ├── .gitignore ├── BUILD.bazel ├── CONTRIBUTING.md ├── LICENSE ├── MODULE.bazel ├── README.md ├── REPO.bazel ├── WORKSPACE.bazel ├── WORKSPACE.bzlmod ├── bazel ├── BUILD.bazel ├── compat.bzl ├── coverage │ ├── BUILD.bazel │ └── coverage.sh ├── fuzz_target.bzl ├── jar.bzl ├── kotlin.bzl ├── platforms │ └── BUILD.bazel ├── toolchains │ ├── BUILD.bazel │ └── editorconfig.ktlint └── tools │ ├── BUILD.bazel │ ├── compute_benchmark_stats.sh │ └── java │ ├── BUILD.bazel │ └── com │ └── code_intelligence │ └── jazzer │ └── tools │ ├── FuzzTargetTestWrapper.java │ └── JarStripper.java ├── deploy ├── BUILD.bazel ├── deploy.sh ├── deploy_local.sh ├── jazzer-api.pom ├── jazzer-api_artifact_test.sh ├── jazzer-junit.pom ├── jazzer-junit_artifact_test.sh ├── jazzer.pom ├── jazzer_artifact_test.sh ├── jazzer_version_test.sh └── maven.pub ├── docs ├── advanced.md ├── common.md ├── findings.md ├── images │ ├── fuzzing-flow.svg │ ├── regression-flow.svg │ └── remote-debug.jpeg └── junit-integration.md ├── examples ├── BUILD.bazel ├── check_for_finding.sh ├── json_sanitizer_denylist_crash ├── junit-spring-web │ ├── .gitignore │ ├── .mvn │ │ └── wrapper │ │ │ ├── maven-wrapper.jar │ │ │ └── maven-wrapper.properties │ ├── build-and-run-tests.sh │ ├── mvnw │ ├── mvnw.cmd │ ├── pom.xml │ └── src │ │ ├── main │ │ ├── java │ │ │ └── com │ │ │ │ └── example │ │ │ │ └── JunitSpringWebApplication.java │ │ └── resources │ │ │ └── application.properties │ │ └── test │ │ ├── java │ │ └── com │ │ │ └── example │ │ │ └── JunitSpringWebApplicationTests.java │ │ └── resources │ │ ├── application.properties │ │ ├── com │ │ └── example │ │ │ └── JunitSpringWebApplicationTestsInputs │ │ │ ├── Test-001 │ │ │ ├── crash-11f9578d05e6f7bb58a3cdd00107e9f4e3882671 │ │ │ ├── crash-4acd17b34d3dafa673ab1f7ade3a8a29582a5730 │ │ │ └── fuzzTestWithDtoShouldFail │ │ │ ├── Test-001 │ │ │ ├── crash-11f9578d05e6f7bb58a3cdd00107e9f4e3882671 │ │ │ └── crash-4acd17b34d3dafa673ab1f7ade3a8a29582a5730 │ │ └── junit-platform.properties ├── junit │ ├── .gitignore │ ├── pom.xml │ └── src │ │ ├── main │ │ └── java │ │ │ └── com │ │ │ └── example │ │ │ ├── BUILD.bazel │ │ │ └── Parser.java │ │ └── test │ │ ├── java │ │ └── com │ │ │ └── example │ │ │ ├── BUILD.bazel │ │ │ ├── ByteFuzzTest.java │ │ │ ├── CommandLineFuzzTest.java │ │ │ ├── CorpusDirectoryFuzzTest.java │ │ │ ├── CoverageFuzzTest.java │ │ │ ├── DictionaryFuzzTests.java │ │ │ ├── DirectoryInputsFuzzTest.java │ │ │ ├── HermeticInstrumentationFuzzTest.java │ │ │ ├── InvalidFuzzTests.java │ │ │ ├── JavaBinarySeedFuzzTest.java │ │ │ ├── JavaSeedFuzzTest.java │ │ │ ├── KeepGoingFuzzTest.java │ │ │ ├── LifecycleRecordingTestBase.java │ │ │ ├── MockitoFuzzTest.java │ │ │ ├── MutatorFuzzTest.java │ │ │ ├── PerExecutionLifecycleFuzzTest.java │ │ │ ├── PerExecutionLifecycleWithFindingFuzzTest.java │ │ │ ├── PerTestLifecycleFuzzTest.java │ │ │ ├── TestSuccessfulException.java │ │ │ ├── ThrowingFuzzTest.java │ │ │ ├── ValidFuzzTests.java │ │ │ └── ValueProfileFuzzTest.java │ │ └── resources │ │ ├── BUILD.bazel │ │ ├── additional │ │ ├── dir1 │ │ │ └── seed4 │ │ └── dir2 │ │ │ └── seed5 │ │ ├── com │ │ └── example │ │ │ ├── ByteFuzzTestInputs │ │ │ └── byteFuzz │ │ │ │ ├── fails │ │ │ │ └── succeeds │ │ │ ├── MutatorFuzzTestInputs │ │ │ └── mutatorFuzz │ │ │ │ └── invalid │ │ │ ├── ValidFuzzTestsInputs │ │ │ ├── byteFuzz │ │ │ │ ├── assert │ │ │ │ ├── honeypot │ │ │ │ ├── sanitizer_internal_class │ │ │ │ └── sanitizer_user_class │ │ │ ├── dataFuzz │ │ │ │ ├── assert │ │ │ │ ├── honeypot │ │ │ │ ├── sanitizer_internal_class │ │ │ │ └── sanitizer_user_class │ │ │ ├── noCrashFuzz │ │ │ │ ├── assert │ │ │ │ ├── honeypot │ │ │ │ ├── sanitizer_internal_class │ │ │ │ └── sanitizer_user_class │ │ │ └── no_crash │ │ │ ├── ValueProfileFuzzTestInputs │ │ │ └── valueProfileFuzz │ │ │ │ └── empty_seed │ │ │ ├── test.dict │ │ │ ├── test2.dict │ │ │ └── test3.dict │ │ └── junit-platform.properties ├── labels.bzl └── src │ └── main │ ├── java │ └── com │ │ └── example │ │ ├── BatikTranscoderFuzzer.java │ │ ├── CommonsTextFuzzer.java │ │ ├── ExampleFuzzer.java │ │ ├── ExampleFuzzerHooks.java │ │ ├── ExampleFuzzerWithNative.java │ │ ├── ExampleKotlinFuzzer.kt │ │ ├── ExampleKotlinValueProfileFuzzer.kt │ │ ├── ExampleOutOfMemoryFuzzer.java │ │ ├── ExamplePathTraversalFuzzer.java │ │ ├── ExamplePathTraversalFuzzerHooks.java │ │ ├── ExampleStackOverflowFuzzer.java │ │ ├── ExampleValueProfileFuzzer.java │ │ ├── FastJsonFuzzer.java │ │ ├── GifImageParserFuzzer.java │ │ ├── JacksonCborFuzzer.java │ │ ├── JpegImageParserFuzzer.java │ │ ├── JsonSanitizerCrashFuzzer.java │ │ ├── JsonSanitizerDenylistFuzzer.java │ │ ├── JsonSanitizerIdempotenceFuzzer.java │ │ ├── JsonSanitizerValidJsonFuzzer.java │ │ ├── KlaxonFuzzer.kt │ │ ├── Log4jFuzzer.java │ │ ├── MazeFuzzer.java │ │ ├── TiffImageParserFuzzer.java │ │ └── TurboJpegFuzzer.java │ └── native │ └── com │ └── example │ ├── BUILD.bazel │ └── com_example_ExampleFuzzerWithNative.cpp ├── format.sh ├── launcher ├── BUILD.bazel ├── android │ ├── AndroidManifest.xml │ └── BUILD.bazel ├── fuzzed_data_provider_test.cpp ├── jazzer_main.cpp ├── jvm_tooling.cpp ├── jvm_tooling.h ├── jvm_tooling_test.cpp ├── test_main.cpp └── testdata │ ├── BUILD.bazel │ └── test │ ├── ModifiedUtf8Encoder.java │ └── PropertyPrinter.java ├── maven_install.json ├── platform_mappings ├── renovate.json5 ├── sanitizers ├── BUILD.bazel ├── sanitizers.bzl └── src │ ├── main │ └── java │ │ └── com │ │ └── code_intelligence │ │ └── jazzer │ │ └── sanitizers │ │ ├── BUILD.bazel │ │ ├── ClojureLangHooks.java │ │ ├── Deserialization.kt │ │ ├── ExpressionLanguageInjection.kt │ │ ├── FilePathTraversal.java │ │ ├── LdapInjection.kt │ │ ├── NamingContextLookup.kt │ │ ├── OsCommandInjection.kt │ │ ├── ReflectiveCall.kt │ │ ├── RegexInjection.kt │ │ ├── RegexRoadblocks.java │ │ ├── ScriptEngineInjection.java │ │ ├── ServerSideRequestForgery.java │ │ ├── SqlInjection.java │ │ ├── Utils.kt │ │ ├── XPathInjection.kt │ │ └── utils │ │ ├── BUILD.bazel │ │ └── ReflectionUtils.java │ └── test │ └── java │ └── com │ └── example │ ├── AbsoluteFilePathTraversal.java │ ├── BUILD.bazel │ ├── ClassLoaderLoadClass.java │ ├── ClojureTests.java │ ├── DisabledHooksTest.java │ ├── ExpressionLanguageInjection.java │ ├── FilePathTraversal.java │ ├── LdapDnInjection.java │ ├── LdapSearchInjection.java │ ├── LibraryLoad.java │ ├── ObjectInputStreamDeserialization.java │ ├── OsCommandInjectionProcessBuilder.java │ ├── OsCommandInjectionRuntimeExec.java │ ├── ReflectiveCall.java │ ├── RegexCanonEqInjection.java │ ├── RegexInsecureQuoteInjection.java │ ├── RegexRoadblocks.java │ ├── ScriptEngineInjection.java │ ├── SqlInjection.java │ ├── SsrfHttpClient.java │ ├── SsrfSocketConnect.java │ ├── SsrfSocketConnectToHost.java │ ├── SsrfUrlConnection.java │ ├── StackOverflowRegexInjection.java │ ├── XPathInjection.java │ ├── el │ ├── BUILD.bazel │ ├── InsecureEmailValidator.java │ └── UserData.java │ └── ldap │ └── MockLdapContext.java ├── selffuzz ├── .gitignore ├── BUILD.bazel ├── README.md ├── ci-settings.xml ├── cifuzz.yaml ├── pom.xml ├── selffuzz_shade_rules.jarjar └── src │ ├── main │ └── java │ │ └── .gitignore │ └── test │ └── java │ └── com │ └── code_intelligence │ └── selffuzz │ ├── BUILD.bazel │ ├── Helpers.java │ ├── driver │ ├── BUILD.bazel │ └── FuzzedDataProviderImplFuzzTest.java │ └── mutation │ └── mutator │ ├── lang │ ├── BUILD.bazel │ ├── FloatingPointMutatorFuzzTests.java │ └── StringMutatorFuzzTest.java │ └── proto │ ├── BUILD.bazel │ └── ProtobufMutatorFuzzTest.java ├── src ├── jmh │ ├── java │ │ └── com │ │ │ └── code_intelligence │ │ │ └── jazzer │ │ │ ├── BUILD.bazel │ │ │ ├── instrumentor │ │ │ ├── BUILD.bazel │ │ │ ├── CoverageInstrumentationBenchmark.java │ │ │ ├── DirectByteBuffer2CoverageMap.java │ │ │ ├── DirectByteBufferCoverageMap.java │ │ │ ├── DirectByteBufferStrategy.kt │ │ │ ├── EdgeCoverageInstrumentation.java │ │ │ ├── EdgeCoverageTarget.java │ │ │ ├── Unsafe2CoverageMap.java │ │ │ ├── UnsafeBranchfreeCoverageMap.java │ │ │ ├── UnsafeCoverageMap.java │ │ │ └── UnsafeSimpleIncrementCoverageMap.java │ │ │ ├── jmh.bzl │ │ │ ├── mutation │ │ │ ├── BUILD.bazel │ │ │ └── MutatorBenchmark.java │ │ │ └── runtime │ │ │ ├── BUILD.bazel │ │ │ ├── FuzzerCallbacks.java │ │ │ ├── FuzzerCallbacksBenchmark.java │ │ │ ├── FuzzerCallbacksOptimizedCritical.java │ │ │ ├── FuzzerCallbacksOptimizedNonCritical.java │ │ │ ├── FuzzerCallbacksPanama.java │ │ │ └── FuzzerCallbacksWithPc.java │ └── native │ │ └── com │ │ └── code_intelligence │ │ └── jazzer │ │ └── runtime │ │ ├── BUILD.bazel │ │ └── fuzzer_callbacks.cpp ├── main │ ├── java │ │ ├── com │ │ │ └── code_intelligence │ │ │ │ └── jazzer │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── Jazzer.java │ │ │ │ ├── agent │ │ │ │ ├── Agent.kt │ │ │ │ ├── AgentInstaller.java │ │ │ │ ├── AgentUtils.java │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── CoverageIdStrategy.kt │ │ │ │ └── RuntimeInstrumentor.kt │ │ │ │ ├── android │ │ │ │ ├── AndroidRuntime.java │ │ │ │ ├── BUILD.bazel │ │ │ │ └── DexFileManager.java │ │ │ │ ├── api │ │ │ │ ├── Autofuzz.java │ │ │ │ ├── AutofuzzConstructionException.java │ │ │ │ ├── AutofuzzInvocationException.java │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── BugDetectors.java │ │ │ │ ├── CannedFuzzedDataProvider.java │ │ │ │ ├── Consumer1.java │ │ │ │ ├── Consumer2.java │ │ │ │ ├── Consumer3.java │ │ │ │ ├── Consumer4.java │ │ │ │ ├── Consumer5.java │ │ │ │ ├── Function1.java │ │ │ │ ├── Function2.java │ │ │ │ ├── Function3.java │ │ │ │ ├── Function4.java │ │ │ │ ├── Function5.java │ │ │ │ ├── FuzzedDataProvider.java │ │ │ │ ├── FuzzerSecurityIssueCritical.java │ │ │ │ ├── FuzzerSecurityIssueHigh.java │ │ │ │ ├── FuzzerSecurityIssueLow.java │ │ │ │ ├── FuzzerSecurityIssueMedium.java │ │ │ │ ├── HookType.java │ │ │ │ ├── Jazzer.java │ │ │ │ ├── MethodHook.java │ │ │ │ ├── MethodHooks.java │ │ │ │ └── SilentCloseable.java │ │ │ │ ├── autofuzz │ │ │ │ ├── AccessibleObjectLookup.java │ │ │ │ ├── AutofuzzCodegenVisitor.java │ │ │ │ ├── AutofuzzError.java │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── FuzzTarget.java │ │ │ │ ├── Meta.java │ │ │ │ └── YourAverageJavaClass.java │ │ │ │ ├── driver │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── Constants.java │ │ │ │ ├── Driver.java │ │ │ │ ├── ExceptionUtils.kt │ │ │ │ ├── FuzzTargetFinder.java │ │ │ │ ├── FuzzTargetHolder.java │ │ │ │ ├── FuzzTargetRunner.java │ │ │ │ ├── FuzzedDataProviderImpl.java │ │ │ │ ├── LibFuzzerLifecycleMethodsInvoker.java │ │ │ │ ├── LifecycleMethodsInvoker.java │ │ │ │ ├── OfflineInstrumentor.java │ │ │ │ ├── Opt.java │ │ │ │ ├── OptItem.java │ │ │ │ ├── OptParser.java │ │ │ │ ├── RecordingFuzzedDataProvider.java │ │ │ │ ├── ReflectionUtils.java │ │ │ │ ├── Reproducer.java.tmpl │ │ │ │ ├── ReproducerTemplate.java │ │ │ │ ├── SignalHandler.java │ │ │ │ └── junit │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ ├── FuzzTestLister.java │ │ │ │ │ └── JUnitRunner.java │ │ │ │ ├── instrumentor │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── ClassInstrumentor.kt │ │ │ │ ├── CoverageRecorder.kt │ │ │ │ ├── DescriptorUtils.kt │ │ │ │ ├── DeterministicRandom.kt │ │ │ │ ├── EdgeCoverageInstrumentor.kt │ │ │ │ ├── Hook.kt │ │ │ │ ├── HookInstrumentor.kt │ │ │ │ ├── HookMethodVisitor.kt │ │ │ │ ├── Hooks.kt │ │ │ │ ├── Instrumentor.kt │ │ │ │ ├── StaticMethodStrategy.java │ │ │ │ └── TraceDataFlowInstrumentor.kt │ │ │ │ ├── jazzer_shade_rules.jarjar │ │ │ │ ├── junit │ │ │ │ ├── AgentConfigurator.java │ │ │ │ ├── AgentConfiguringArgumentsProvider.java │ │ │ │ ├── ApiStats.java │ │ │ │ ├── ApiStatsHolder.java │ │ │ │ ├── ApiStatsInterval.java │ │ │ │ ├── ApiStatsNoop.java │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── DictionaryEntries.java │ │ │ │ ├── DictionaryEntriesList.java │ │ │ │ ├── DictionaryFile.java │ │ │ │ ├── DictionaryFiles.java │ │ │ │ ├── ExitCodeException.java │ │ │ │ ├── FuzzTest.java │ │ │ │ ├── FuzzTestConfigurationError.java │ │ │ │ ├── FuzzTestExecutor.java │ │ │ │ ├── FuzzTestExtensions.java │ │ │ │ ├── FuzzTestFindingException.java │ │ │ │ ├── FuzzerDictionary.java │ │ │ │ ├── FuzzingArgumentsProvider.java │ │ │ │ ├── JUnitLifecycleMethodsInvoker.java │ │ │ │ ├── Lifecycle.java │ │ │ │ ├── SeedArgumentsProvider.java │ │ │ │ ├── SeedSerializer.java │ │ │ │ ├── SpringFuzzTestHelper.java │ │ │ │ └── Utils.java │ │ │ │ ├── mutation │ │ │ │ ├── ArgumentsMutator.java │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── annotation │ │ │ │ │ ├── Ascii.java │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ ├── DoubleInRange.java │ │ │ │ │ ├── FloatInRange.java │ │ │ │ │ ├── InRange.java │ │ │ │ │ ├── NotNull.java │ │ │ │ │ ├── UrlSegment.java │ │ │ │ │ ├── WithLength.java │ │ │ │ │ ├── WithSize.java │ │ │ │ │ ├── WithUtf8Length.java │ │ │ │ │ └── proto │ │ │ │ │ │ ├── AnySource.java │ │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ │ └── WithDefaultInstance.java │ │ │ │ ├── api │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ ├── Cache.java │ │ │ │ │ ├── Debuggable.java │ │ │ │ │ ├── Detacher.java │ │ │ │ │ ├── ExtendedMutatorFactory.java │ │ │ │ │ ├── InPlaceMutator.java │ │ │ │ │ ├── MutatorBase.java │ │ │ │ │ ├── MutatorFactory.java │ │ │ │ │ ├── PseudoRandom.java │ │ │ │ │ ├── Serializer.java │ │ │ │ │ ├── SerializingInPlaceMutator.java │ │ │ │ │ ├── SerializingMutator.java │ │ │ │ │ └── ValueMutator.java │ │ │ │ ├── combinator │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ ├── InPlaceProductMutator.java │ │ │ │ │ ├── MutatorCombinators.java │ │ │ │ │ ├── PostComposedMutator.java │ │ │ │ │ └── ProductMutator.java │ │ │ │ ├── engine │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ ├── ChainedMutatorFactory.java │ │ │ │ │ ├── IdentityCache.java │ │ │ │ │ └── SeededPseudoRandom.java │ │ │ │ ├── mutator │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ ├── Mutators.java │ │ │ │ │ ├── aggregate │ │ │ │ │ │ ├── AggregateMutators.java │ │ │ │ │ │ ├── AggregatesHelper.java │ │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ │ ├── BeanSupport.java │ │ │ │ │ │ ├── CachedConstructorMutatorFactory.java │ │ │ │ │ │ ├── ConstructorBasedBeanMutatorFactory.java │ │ │ │ │ │ ├── RecordMutatorFactory.java │ │ │ │ │ │ ├── SealedClassMutatorFactory.java │ │ │ │ │ │ ├── SetterBasedBeanMutatorFactory.java │ │ │ │ │ │ └── SuperBuilderMutatorFactory.java │ │ │ │ │ ├── collection │ │ │ │ │ │ ├── ArrayMutatorFactory.java │ │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ │ ├── ChunkCrossOvers.java │ │ │ │ │ │ ├── ChunkMutations.java │ │ │ │ │ │ ├── CollectionMutators.java │ │ │ │ │ │ ├── ListMutatorFactory.java │ │ │ │ │ │ └── MapMutatorFactory.java │ │ │ │ │ ├── lang │ │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ │ ├── BooleanMutatorFactory.java │ │ │ │ │ │ ├── EnumMutatorFactory.java │ │ │ │ │ │ ├── FloatingPointMutatorFactory.java │ │ │ │ │ │ ├── InputStreamMutatorFactory.java │ │ │ │ │ │ ├── IntegralMutatorFactory.java │ │ │ │ │ │ ├── LangMutators.java │ │ │ │ │ │ ├── NullableMutatorFactory.java │ │ │ │ │ │ ├── PrimitiveArrayMutatorFactory.java │ │ │ │ │ │ └── StringMutatorFactory.java │ │ │ │ │ ├── libfuzzer │ │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ │ ├── FuzzedDataProviderMutatorFactory.java │ │ │ │ │ │ ├── LibFuzzerMutate.java │ │ │ │ │ │ ├── LibFuzzerMutatorFactory.java │ │ │ │ │ │ └── LibFuzzerMutators.java │ │ │ │ │ ├── proto │ │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ │ ├── BuilderAdapters.java │ │ │ │ │ │ ├── BuilderMutatorFactory.java │ │ │ │ │ │ ├── ByteStringMutatorFactory.java │ │ │ │ │ │ ├── MessageMutatorFactory.java │ │ │ │ │ │ ├── ProtoMutators.java │ │ │ │ │ │ └── TypeLibrary.java │ │ │ │ │ └── time │ │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ │ ├── LocalDateMutatorFactory.java │ │ │ │ │ │ ├── LocalDateTimeMutatorFactory.java │ │ │ │ │ │ ├── LocalTimeMutatorFactory.java │ │ │ │ │ │ ├── TimeMutators.java │ │ │ │ │ │ └── ZonedDateTimeMutatorFactory.java │ │ │ │ ├── support │ │ │ │ │ ├── AnnotationSupport.java │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ ├── ExceptionSupport.java │ │ │ │ │ ├── InputStreamSupport.java │ │ │ │ │ ├── Preconditions.java │ │ │ │ │ ├── PropertyConstraintSupport.java │ │ │ │ │ ├── RandomSupport.java │ │ │ │ │ ├── ReflectionSupport.java │ │ │ │ │ ├── StreamSupport.java │ │ │ │ │ ├── TypeHolder.java │ │ │ │ │ ├── TypeSupport.java │ │ │ │ │ └── WeakIdentityHashMap.java │ │ │ │ └── utils │ │ │ │ │ ├── AppliesTo.java │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ ├── PropertyConstraint.java │ │ │ │ │ ├── ValidateContainerDimensions.java │ │ │ │ │ └── ValidateMinMax.java │ │ │ │ ├── replay │ │ │ │ ├── BUILD.bazel │ │ │ │ └── Replayer.java │ │ │ │ ├── runtime │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── Constants.java │ │ │ │ ├── CoverageMap.java │ │ │ │ ├── FuzzTargetRunnerNatives.java │ │ │ │ ├── HardToCatchError.java │ │ │ │ ├── JazzerInternal.java │ │ │ │ ├── Mutator.java │ │ │ │ ├── NativeLibHooks.java │ │ │ │ ├── TraceCmpHooks.java │ │ │ │ ├── TraceDataFlowNativeCallbacks.java │ │ │ │ ├── TraceDivHooks.java │ │ │ │ ├── TraceIndirHooks.java │ │ │ │ ├── bootstrap_shade_rules │ │ │ │ └── verify_shading.sh │ │ │ │ └── utils │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── ClassNameGlobber.kt │ │ │ │ ├── Log.java │ │ │ │ ├── ManifestUtils.kt │ │ │ │ ├── SimpleGlobMatcher.kt │ │ │ │ ├── UnsafeProvider.java │ │ │ │ ├── UnsafeUtils.java │ │ │ │ ├── Utils.kt │ │ │ │ └── ZipUtils.java │ │ └── jaz │ │ │ ├── BUILD.bazel │ │ │ ├── Ter.java │ │ │ └── Zer.java │ ├── native │ │ └── com │ │ │ └── code_intelligence │ │ │ └── jazzer │ │ │ ├── BUILD.bazel │ │ │ ├── android │ │ │ ├── BUILD.bazel │ │ │ ├── dex_file_manager.cpp │ │ │ ├── dex_file_manager.h │ │ │ ├── jazzer_jvmti_allocator.h │ │ │ └── native_agent.cpp │ │ │ ├── driver │ │ │ ├── BUILD.bazel │ │ │ ├── android_tooling.cpp │ │ │ ├── com_code_intelligence_selffuzz_jazzer_driver_FuzzedDataProviderImpl.h │ │ │ ├── coverage_tracker.cpp │ │ │ ├── coverage_tracker.h │ │ │ ├── fuzz_target_runner.cpp │ │ │ ├── fuzz_target_runner.h │ │ │ ├── fuzzed_data_provider.cpp │ │ │ ├── fuzzed_data_provider_test.cpp │ │ │ ├── init_jazzer_preload.cpp │ │ │ ├── jazzer_fuzzer_callbacks.cpp │ │ │ ├── libfuzzer_callbacks.cpp │ │ │ ├── mutator.cpp │ │ │ ├── sanitizer_hooks_with_pc.h │ │ │ ├── sanitizer_symbols.cpp │ │ │ └── signal_handler.cpp │ │ │ └── jazzer_preload.c │ └── resources │ │ ├── BUILD.bazel │ │ └── META-INF │ │ └── services │ │ └── org.junit.platform.engine.TestEngine └── test │ └── java │ └── com │ └── code_intelligence │ └── jazzer │ ├── BUILD.bazel │ ├── JazzerTest.java │ ├── api │ ├── AutofuzzTest.java │ └── BUILD.bazel │ ├── autofuzz │ ├── AutofuzzCodegenVisitorTest.java │ ├── BUILD.bazel │ ├── BuilderPatternTest.java │ ├── InterfaceCreationTest.java │ ├── MetaTest.java │ ├── SettersTest.java │ ├── TestHelpers.java │ └── testdata │ │ ├── BUILD.bazel │ │ └── EmployeeWithSetters.java │ ├── driver │ ├── BUILD.bazel │ ├── FuzzTargetRunnerTest.java │ ├── FuzzedDataProviderImplTest.java │ ├── OptItemTest.java │ └── RecordingFuzzedDataProviderTest.java │ ├── instrumentor │ ├── AfterHooks.java │ ├── AfterHooksPatchTest.kt │ ├── AfterHooksTarget.java │ ├── AfterHooksTargetContract.java │ ├── BUILD.bazel │ ├── BeforeHooks.java │ ├── BeforeHooksPatchTest.kt │ ├── BeforeHooksTarget.java │ ├── BeforeHooksTargetContract.java │ ├── CoverageInstrumentationSpecialCasesTarget.java │ ├── CoverageInstrumentationTarget.java │ ├── CoverageInstrumentationTest.kt │ ├── DescriptorUtilsTest.kt │ ├── DynamicTestContract.java │ ├── HookValidationTest.kt │ ├── InvalidHookMocks.java │ ├── MockCoverageMap.java │ ├── MockTraceDataFlowCallbacks.java │ ├── PatchTestUtils.kt │ ├── ReplaceHooks.java │ ├── ReplaceHooksInit.java │ ├── ReplaceHooksPatchTest.kt │ ├── ReplaceHooksTarget.java │ ├── ReplaceHooksTargetContract.java │ ├── TraceDataFlowInstrumentationTarget.java │ ├── TraceDataFlowInstrumentationTest.kt │ └── ValidHookMocks.java │ ├── junit │ ├── ApiStatsTest.java │ ├── BUILD.bazel │ ├── CorpusDirectoryTest.java │ ├── CoverageTest.java │ ├── DirectoryInputsTest.java │ ├── FindingsBaseDirTest.java │ ├── FuzzerDictionaryTest.java │ ├── FuzzingWithCrashTest.java │ ├── FuzzingWithoutCrashTest.java │ ├── HermeticInstrumentationTest.java │ ├── InvalidMutatorTest.java │ ├── MutatorTest.java │ ├── PerExecutionLifecycleTest.java │ ├── PerExecutionLifecycleWithFindingTest.java │ ├── PerTestLifecycleTest.java │ ├── RegressionTestTest.java │ ├── TestMethod.java │ ├── UtilsTest.java │ ├── ValueProfileTest.java │ └── test_resources_root │ │ └── com │ │ └── example │ │ ├── CorpusDirectoryFuzzTestInputs │ │ └── corpusDirectoryFuzz │ │ │ └── seed │ │ └── DirectoryInputsFuzzTestInputs │ │ ├── inputsFuzz │ │ └── seed │ │ └── nested_dir │ │ └── seed │ ├── mutation │ ├── ArgumentsMutatorTest.java │ ├── BUILD.bazel │ ├── combinator │ │ ├── BUILD.bazel │ │ └── MutatorCombinatorsTest.java │ ├── engine │ │ ├── BUILD.bazel │ │ ├── ChainedMutatorFactoryTest.java │ │ └── SeededPseudoRandomTest.java │ ├── mutator │ │ ├── BUILD.bazel │ │ ├── StressTest.java │ │ ├── aggregate │ │ │ ├── BUILD.bazel │ │ │ ├── CachedConstructorMutatorTest.java │ │ │ ├── ConstructorBasedBeanMutatorTest.java │ │ │ ├── RecordMutatorTest.java │ │ │ ├── SetterBasedBeanMutatorTest.java │ │ │ └── SuperBuilderMutatorTest.java │ │ ├── collection │ │ │ ├── ArrayMutatorTest.java │ │ │ ├── BUILD.bazel │ │ │ ├── ChunkMutationsTest.java │ │ │ ├── ListMutatorTest.java │ │ │ └── MapMutatorTest.java │ │ ├── lang │ │ │ ├── BUILD.bazel │ │ │ ├── BooleanMutatorTest.java │ │ │ ├── ByteArrayMutatorTest.java │ │ │ ├── EnumMutatorTest.java │ │ │ ├── FloatingPointMutatorTest.java │ │ │ ├── InputStreamMutatorTest.java │ │ │ ├── IntegralMutatorTest.java │ │ │ ├── NullableMutatorTest.java │ │ │ ├── PCharGenerator.java │ │ │ ├── PrimitiveArrayMutatorTest.java │ │ │ └── StringMutatorTest.java │ │ ├── proto │ │ │ ├── BUILD.bazel │ │ │ ├── BuilderAdaptersTest.java │ │ │ ├── BuilderMutatorProto2Test.java │ │ │ ├── BuilderMutatorProto3Test.java │ │ │ ├── MessageMutatorTest.java │ │ │ ├── proto2.proto │ │ │ └── proto3.proto │ │ └── time │ │ │ ├── BUILD.bazel │ │ │ ├── LocalDateMutatorTest.java │ │ │ ├── LocalDateTimeMutatorTest.java │ │ │ ├── LocalTimeMutatorTest.java │ │ │ └── ZonedDateTimeMutatorTest.java │ └── support │ │ ├── AnnotationSupportTest.java │ │ ├── BUILD.bazel │ │ ├── ExceptionSupportTest.java │ │ ├── HolderTest.java │ │ ├── InputStreamSupportTest.java │ │ ├── PropertyConstraintSupportTest.java │ │ ├── TestSupport.java │ │ ├── TypeSupportTest.java │ │ └── WeakIdentityHashMapTest.java │ ├── runtime │ ├── BUILD.bazel │ └── TraceCmpHooksTest.java │ └── utils │ ├── BUILD.bazel │ └── CapturedOutput.java ├── tests ├── BUILD.bazel ├── benchmarks │ ├── BUILD.bazel │ └── src │ │ └── test │ │ └── java │ │ └── com │ │ └── example │ │ ├── ListOfIntegersFuzzer.java │ │ ├── StructuredMutatorMazeFuzzer.java │ │ └── UnstructuredPackedMazeFuzzer.java └── src │ └── test │ ├── cc │ └── complex_proto_fuzzer.cc │ ├── data │ ├── crash_resistant_coverage_test │ │ ├── crashing_seeds │ │ │ ├── crash │ │ │ └── empty_input │ │ └── new_coverage_seeds │ │ │ └── new_coverage │ └── fuzz_test_lister_test │ │ └── org │ │ └── example │ │ └── FuzzTests.class │ ├── java │ └── com │ │ └── example │ │ ├── AutofuzzAssertionErrorTarget.java │ │ ├── AutofuzzCrashingSetterTarget.java │ │ ├── AutofuzzIgnoreTarget.java │ │ ├── AutofuzzInnerClassTarget.java │ │ ├── BytesMemoryLeakFuzzer.java │ │ ├── CoverageFuzzer.java │ │ ├── CrashResistantCoverageTarget.java │ │ ├── DisabledHooksFuzzer.java │ │ ├── ForkModeFuzzer.java │ │ ├── HookDependenciesFuzzer.java │ │ ├── HookDependenciesFuzzerHooks.java │ │ ├── InitializationErrorTest.java │ │ ├── InvalidMutatorTest.java │ │ ├── JUnitAgentConfigurationFuzzTest.java │ │ ├── JUnitAssertFuzzer.java │ │ ├── JUnitInvalidJavaSeedTest.java │ │ ├── JUnitReproducerTest.java │ │ ├── JUnitReproducerTest.seed │ │ ├── JUnitSsrfAllowConnectionsBeforeFuzzingFuzzer.java │ │ ├── JUnitSsrfAllowListFuzzer.java │ │ ├── JUnitSsrfFindingFuzzer.java │ │ ├── JUnitTimeoutTest.java │ │ ├── JazzerApiFuzzer.java │ │ ├── KotlinStringCompareFuzzer.kt │ │ ├── KotlinVararg.kt │ │ ├── KotlinVarargFuzzer.java │ │ ├── LocalDateTimeFuzzer.java │ │ ├── LongStringFuzzer.java │ │ ├── LongStringFuzzerInput │ │ ├── MapFuzzer.java │ │ ├── MemoryLeakFuzzer.java │ │ ├── MutatorComplexProtoFuzzer.java │ │ ├── MutatorDynamicProtoFuzzer.java │ │ ├── MutatorFuzzer.java │ │ ├── NativeValueProfileFuzzer.java │ │ ├── NoCoverageFuzzer.java │ │ ├── NoSeedFuzzer.java │ │ ├── ObjectEqualsIntegerFuzzer.java │ │ ├── ObjectEqualsStringFuzzer.java │ │ ├── OfflineInstrumentedFuzzer.java │ │ ├── OfflineInstrumentedTarget.java │ │ ├── PrimitiveTypeCompareHookFuzzer.java │ │ ├── RegressionModeTest.java │ │ ├── SeedFuzzer.java │ │ ├── SilencedFuzzer.java │ │ ├── StringCompareFuzzer.java │ │ ├── SwitchCoverageHelper.java │ │ ├── SwitchMultipleCaseLabelsOfStrings.java │ │ ├── SwitchOnIntegersFuzzer.java │ │ ├── SwitchOnStringsFuzzer.java │ │ ├── SwitchPatternMatchingWithGuardOverTypes.java │ │ ├── SwitchStatementOnIntegersFuzzer.java │ │ ├── SwitchStatementOnStringsFuzzer.java │ │ ├── TestMethodInManifestFuzzer.java │ │ ├── TimeoutFuzzer.java │ │ └── TimeoutTest.java │ ├── native │ └── com │ │ └── example │ │ ├── BUILD.bazel │ │ └── native_value_profile_fuzzer.cpp │ ├── proto │ ├── BUILD.bazel │ └── simple_proto.proto │ └── shell │ ├── crash_resistant_coverage_test.sh │ ├── fuzz_test_lister_test.sh │ ├── jazzer_from_path_test.sh │ └── junit_agent_configuration_test.sh └── third_party ├── BUILD.bazel ├── android ├── BUILD └── android_configure.bzl ├── jacoco-ignore-offline-instrumentation.patch ├── jacoco-make-probe-adapter-subclassable.patch ├── jacoco-make-probe-inserter-subclassable.patch ├── jacoco_internal.BUILD ├── jacoco_internal.jarjar ├── jdk_8.bzl ├── libFuzzer.BUILD ├── libjpeg_turbo.BUILD ├── protobuf-disable-layering_check.patch └── slicer.BUILD /.bazelignore: -------------------------------------------------------------------------------- 1 | examples/junit/target 2 | -------------------------------------------------------------------------------- /.bazelversion: -------------------------------------------------------------------------------- 1 | 7.3.0 2 | -------------------------------------------------------------------------------- /.clang-format: -------------------------------------------------------------------------------- 1 | --- 2 | Language: Cpp 3 | BasedOnStyle: Google 4 | --- 5 | Language: Java 6 | BasedOnStyle: Google 7 | AllowShortFunctionsOnASingleLine: Empty 8 | ... 9 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Do not perform LF/CRLF conversion during checkin or checkout. 2 | * -text 3 | -------------------------------------------------------------------------------- /.github/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Extracted on 2022-12-22 as described in 2 | # https://www.smileykeith.com/2021/03/08/locking-xcode-in-bazel/ 3 | 4 | package(default_visibility = ["//visibility:public"]) 5 | 6 | # Xcode version on public GitHub Actions macos-12 runners 7 | xcode_version( 8 | name = "version14_2_0_14C18", 9 | aliases = [ 10 | "14.2.0.14C18", 11 | "14.2.0", 12 | "14C18", 13 | "14.2", 14 | "14", 15 | ], 16 | default_ios_sdk_version = "16.2", 17 | default_macos_sdk_version = "13.1", 18 | default_tvos_sdk_version = "16.1", 19 | default_watchos_sdk_version = "9.1", 20 | version = "14.2.0.14C18", 21 | ) 22 | 23 | # Xcode version on public GitHub Actions macos-13 and macos-14 runners 24 | xcode_version( 25 | name = "version15_2_0_15C500b", 26 | aliases = [ 27 | "15.2.0.15C500b", 28 | "15C500b", 29 | "15.2.0", 30 | "15.2", 31 | "15", 32 | ], 33 | default_ios_sdk_version = "17.2", 34 | default_macos_sdk_version = "14.2", 35 | default_tvos_sdk_version = "17.1", 36 | default_watchos_sdk_version = "10.2", 37 | version = "15.2.0.15C500b", 38 | ) 39 | 40 | xcode_config( 41 | name = "host_xcodes", 42 | default = ":version15_2_0_15C500b", 43 | versions = [ 44 | ":version15_2_0_15C500b", 45 | ":version14_2_0_14C18", 46 | ], 47 | ) 48 | -------------------------------------------------------------------------------- /.github/scripts/echoBuildBuddyConfig.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # 4 | # Copyright 2024 Code Intelligence GmbH 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | if [ -n "${1}" ]; then 20 | echo "BUILD_BUDDY_CONFIG=--config=ci --remote_header=x-buildbuddy-api-key=${1}"; 21 | else 22 | echo ""; 23 | fi 24 | -------------------------------------------------------------------------------- /.github/workflows/check-formatting.yml: -------------------------------------------------------------------------------- 1 | name: Check formatting 2 | 3 | # Controls when the action will run. 4 | on: 5 | pull_request: 6 | branches: [ main ] 7 | merge_group: 8 | 9 | workflow_dispatch: 10 | 11 | jobs: 12 | check_formatting: 13 | runs-on: ubuntu-22.04 14 | 15 | steps: 16 | - uses: actions/checkout@v4 17 | 18 | - name: Run format.sh and print changes 19 | env: 20 | CI: 1 21 | run: | 22 | ./format.sh 23 | git diff 24 | 25 | - name: Check for changes 26 | run: "[ $(git status --porcelain | wc -l) -eq 0 ]" 27 | -------------------------------------------------------------------------------- /.github/workflows/datadog.yaml: -------------------------------------------------------------------------------- 1 | name: Datadog Event 2 | 3 | on: 4 | release: 5 | types: [published] 6 | 7 | jobs: 8 | send-release-event: 9 | runs-on: ubuntu-22.04 10 | steps: 11 | - name: Send Release Event 12 | run: | 13 | curl -sX POST "https://api.datadoghq.eu/api/v1/events" \ 14 | -H "Accept: application/json" \ 15 | -H "Content-Type: application/json" \ 16 | -H "DD-API-KEY: ${{ secrets.DATADOG_API_KEY }}" \ 17 | --data-raw '{ 18 | "title": "Jazzer has been released", 19 | "text": "%%% \nJazzer has been released with version **${{ github.event.release.tag_name }}**\n %%%", 20 | "tags": [ 21 | "repo:${{ github.repository }}", 22 | "project:Jazzer", 23 | "version:${{ github.event.release.tag_name }}" 24 | ] 25 | }' 26 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /bazel-* 2 | .idea 3 | .ijwb 4 | .clwb 5 | /coverage 6 | # The lockfile speeds up local builds, but is still quite verbose and potentially 7 | # platform-dependent. Ignore it for now. 8 | # https://github.com/bazelbuild/bazel/issues/20369 9 | MODULE.bazel.lock 10 | -------------------------------------------------------------------------------- /REPO.bazel: -------------------------------------------------------------------------------- 1 | # Applies to all packages in the Jazzer main repository, but not to external repositories. 2 | # Override on a per-package basis via `package(default_applicable_licenses = [...])` if necessary. 3 | repo(default_applicable_licenses = ["//:license"]) 4 | -------------------------------------------------------------------------------- /WORKSPACE.bazel: -------------------------------------------------------------------------------- 1 | # This file only exists for tooling that may not yet support WORKSPACE.bzlmod. 2 | -------------------------------------------------------------------------------- /WORKSPACE.bzlmod: -------------------------------------------------------------------------------- 1 | # Empty to avoid pulling in the non-bzlmod WORKSPACE file 2 | -------------------------------------------------------------------------------- /bazel/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeIntelligenceTesting/jazzer/efbc6354e412ce221ad3b18a6fdd32bf12241825/bazel/BUILD.bazel -------------------------------------------------------------------------------- /bazel/compat.bzl: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2024 Code Intelligence GmbH 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | SKIP_ON_MACOS = select({ 18 | "@platforms//os:macos": ["@platforms//:incompatible"], 19 | "//conditions:default": [], 20 | }) 21 | 22 | SKIP_ON_WINDOWS = select({ 23 | "@platforms//os:windows": ["@platforms//:incompatible"], 24 | "//conditions:default": [], 25 | }) 26 | 27 | LINUX_ONLY = select({ 28 | "@platforms//os:linux": [], 29 | "//conditions:default": ["@platforms//:incompatible"], 30 | }) 31 | 32 | ANDROID_ONLY = ["@platforms//os:android"] 33 | 34 | MULTI_PLATFORM = select({ 35 | "@platforms//os:macos": [ 36 | "//bazel/platforms:macos_arm64", 37 | "//bazel/platforms:macos_x86_64", 38 | ], 39 | "//conditions:default": [], 40 | }) 41 | -------------------------------------------------------------------------------- /bazel/coverage/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # Run this target to generate and open an HTML coverage report. 2 | # Takes the same arguments as `bazel coverage`, but after a double dash (`--`). 3 | # The default is to run `bazel coverage //...`, which accumulates the coverage of all tests. 4 | sh_binary( 5 | name = "coverage", 6 | srcs = ["coverage.sh"], 7 | data = [ 8 | "@genhtml//file:genhtml", 9 | ], 10 | ) 11 | -------------------------------------------------------------------------------- /bazel/coverage/coverage.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | # 3 | # Copyright 2024 Code Intelligence GmbH 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | 19 | # Use just like `bazel test` to generate and open an HTML coverage report. 20 | # Requires a local installation of Perl. 21 | 22 | RUNFILES_ROOT=$PWD 23 | cd "$BUILD_WORKSPACE_DIRECTORY" || exit 1 24 | if ! bazel coverage "${@:-//...}"; 25 | then 26 | exit $? 27 | fi 28 | "$RUNFILES_ROOT"/../genhtml/file/genhtml -o coverage \ 29 | --prefix "$PWD" \ 30 | --title "bazel coverage ${*:-//...}" \ 31 | bazel-out/_coverage/_coverage_report.dat 32 | xdg-open coverage/index.html > /dev/null 2>&1 33 | -------------------------------------------------------------------------------- /bazel/platforms/BUILD.bazel: -------------------------------------------------------------------------------- 1 | platform( 2 | name = "x64_windows-clang-cl", 3 | constraint_values = [ 4 | "@platforms//cpu:x86_64", 5 | "@platforms//os:windows", 6 | "@bazel_tools//tools/cpp:clang-cl", 7 | ], 8 | ) 9 | 10 | platform( 11 | name = "macos_x86_64", 12 | constraint_values = [ 13 | "@platforms//cpu:x86_64", 14 | "@platforms//os:macos", 15 | ], 16 | visibility = ["//:__subpackages__"], 17 | ) 18 | 19 | platform( 20 | name = "macos_arm64", 21 | constraint_values = [ 22 | "@platforms//cpu:arm64", 23 | "@platforms//os:macos", 24 | ], 25 | visibility = ["//:__subpackages__"], 26 | ) 27 | -------------------------------------------------------------------------------- /bazel/toolchains/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@rules_kotlin//kotlin:kotlin.bzl", "define_kt_toolchain") 2 | load("@rules_kotlin//kotlin:lint.bzl", "ktlint_config") 3 | load("@rules_kotlin//kotlin/internal:opts.bzl", "kt_javac_options", "kt_kotlinc_options") 4 | 5 | kt_kotlinc_options( 6 | name = "kotlinc_options", 7 | ) 8 | 9 | kt_javac_options( 10 | name = "default_javac_options", 11 | ) 12 | 13 | define_kt_toolchain( 14 | name = "kotlin_toolchain", 15 | api_version = "1.9", 16 | javac_options = ":default_javac_options", 17 | jvm_target = "1.8", 18 | kotlinc_options = ":kotlinc_options", 19 | language_version = "1.9", 20 | ) 21 | 22 | ktlint_config( 23 | name = "ktlint_config", 24 | editorconfig = "editorconfig.ktlint", 25 | visibility = ["//visibility:public"], 26 | ) 27 | -------------------------------------------------------------------------------- /bazel/toolchains/editorconfig.ktlint: -------------------------------------------------------------------------------- 1 | [*.kt] 2 | ktlint_standard_package-name=disabled 3 | -------------------------------------------------------------------------------- /bazel/tools/BUILD.bazel: -------------------------------------------------------------------------------- 1 | exports_files(["compute_benchmark_stats.sh"]) 2 | -------------------------------------------------------------------------------- /bazel/tools/java/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "fuzz_target_test_wrapper", 3 | srcs = ["com/code_intelligence/jazzer/tools/FuzzTargetTestWrapper.java"], 4 | visibility = ["//:__subpackages__"], 5 | deps = ["@bazel_tools//tools/java/runfiles"], 6 | ) 7 | 8 | java_binary( 9 | name = "JarStripper", 10 | srcs = ["com/code_intelligence/jazzer/tools/JarStripper.java"], 11 | main_class = "com.code_intelligence.jazzer.tools.JarStripper", 12 | visibility = ["//visibility:public"], 13 | ) 14 | -------------------------------------------------------------------------------- /deploy/deploy_local.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Copyright 2024 Code Intelligence GmbH 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | cd "$BUILD_WORKSPACE_DIRECTORY" || fail "BUILD_WORKSPACE_DIRECTORY not found" 19 | 20 | bazel run --define "maven_repo=file://$HOME/.m2/repository" //deploy:jazzer.publish 21 | bazel run --define "maven_repo=file://$HOME/.m2/repository" //deploy:jazzer-junit.publish 22 | bazel run --define "maven_repo=file://$HOME/.m2/repository" //deploy:jazzer-api.publish 23 | -------------------------------------------------------------------------------- /deploy/jazzer-api_artifact_test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | # 3 | # Copyright 2024 Code Intelligence GmbH 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | [ -f "$1" ] || exit 1 19 | JAR="$2/bin/jar" 20 | [ -e "$JAR" ] || exit 1 21 | # List all files in the jar and exclude an allowed list of files. 22 | # Since grep fails if there is no match, ! ... | grep ... fails if there is a 23 | # match. 24 | ! "$JAR" tf "$1" | \ 25 | grep -v \ 26 | -e '^com/$' \ 27 | -e '^com/code_intelligence/$' \ 28 | -e '^com/code_intelligence/jazzer/$' \ 29 | -e '^com/code_intelligence/jazzer/api/' \ 30 | -e '^com/code_intelligence/jazzer/mutation/$' \ 31 | -e '^com/code_intelligence/jazzer/mutation/annotation/' \ 32 | -e '^com/code_intelligence/jazzer/mutation/utils/' \ 33 | -e '^jaz/' \ 34 | -e '^META-INF/$' \ 35 | -e '^META-INF/MANIFEST.MF$' 36 | -------------------------------------------------------------------------------- /deploy/jazzer-junit_artifact_test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | # 3 | # Copyright 2024 Code Intelligence GmbH 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | [ -f "$1" ] || exit 1 19 | JAR="$2/bin/jar" 20 | [ -e "$JAR" ] || exit 1 21 | # List all files in the jar and exclude an allowed list of files. 22 | # Since grep fails if there is no match, ! ... | grep ... fails if there is a 23 | # match. 24 | ! "$JAR" tf "$1" | \ 25 | grep -v \ 26 | -e '^com/$' \ 27 | -e '^com/code_intelligence/$' \ 28 | -e '^com/code_intelligence/jazzer/$' \ 29 | -e '^com/code_intelligence/jazzer/junit/' \ 30 | -e '^com/code_intelligence/jazzer/sanitizers/$' \ 31 | -e '^com/code_intelligence/jazzer/sanitizers/Constants.class$' \ 32 | -e '^META-INF/$' \ 33 | -e '^META-INF/MANIFEST.MF$' \ 34 | -e '^META-INF/services/$' \ 35 | -e '^META-INF/services/org.junit.platform.engine.TestEngine$' 36 | -------------------------------------------------------------------------------- /deploy/jazzer_artifact_test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | # 3 | # Copyright 2024 Code Intelligence GmbH 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | [ -f "$1" ] || exit 1 19 | JAR="$2/bin/jar" 20 | [ -e "$JAR" ] || exit 1 21 | # List all files in the jar and exclude an allowed list of files. 22 | # Since grep fails if there is no match, ! ... | grep ... fails if there is a 23 | # match. 24 | ! "$JAR" tf "$1" | \ 25 | grep -v \ 26 | -e '^com/$' \ 27 | -e '^com/code_intelligence/$' \ 28 | -e '^com/code_intelligence/jazzer/' \ 29 | -e '^win32-x86/' \ 30 | -e '^win32-x86-64/' \ 31 | -e '^META-INF/$' \ 32 | -e '^META-INF/MANIFEST.MF$' 33 | -------------------------------------------------------------------------------- /deploy/maven.pub: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mDMEZJFzFRYJKwYBBAHaRw8BAQdArjB1uNKTmGXJGTmmajJwtF0sB3LcyPv3oJpp 4 | 9aqIk7q0QENvZGUgSW50ZWxsaWdlbmNlIEdtYkggLSBTaWduaW5nIDxmdXp6aW5n 5 | QGNvZGUtaW50ZWxsaWdlbmNlLmNvbT6ImQQTFgoAQQIbAwULCQgHAgIiAgYVCgkI 6 | CwIEFgIDAQIeBwIXgBYhBNIztsbn7cCGbUhsFmBU2Hwibf3CBQJkkXPWBQkJZgJB 7 | AAoJEGBU2Hwibf3C/eYBAMqj/8q8oEuEjnRZWPMooc6vgRN2KnLBoGjtcEhN+VHi 8 | APsHM2qx2DRfDYFSaS23UaTRkoqVJAKeRfeKAMVho9njDLg4BGSRcxUSCisGAQQB 9 | l1UBBQEBB0AqXbsNXVDtvc7np/OrwFiNibeYJU1Je8evOSZP/7a/VgMBCAeIfgQY 10 | FgoAJgIbDBYhBNIztsbn7cCGbUhsFmBU2Hwibf3CBQJkkXQOBQkJZgJ5AAoJEGBU 11 | 2Hwibf3CzboA/jRGNlrsAcYAicdVJgiK1Ia0At0DA8IViXWzkTTbzv2hAP0abQex 12 | YIkqCaAWBrDFyrderBve5gVz4D8ITFzjhllWCg== 13 | =zYq8 14 | -----END PGP PUBLIC KEY BLOCK----- 15 | -------------------------------------------------------------------------------- /docs/images/remote-debug.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeIntelligenceTesting/jazzer/efbc6354e412ce221ad3b18a6fdd32bf12241825/docs/images/remote-debug.jpeg -------------------------------------------------------------------------------- /examples/json_sanitizer_denylist_crash: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeIntelligenceTesting/jazzer/efbc6354e412ce221ad3b18a6fdd32bf12241825/examples/json_sanitizer_denylist_crash -------------------------------------------------------------------------------- /examples/junit-spring-web/.gitignore: -------------------------------------------------------------------------------- 1 | HELP.md 2 | target/ 3 | !.mvn/wrapper/maven-wrapper.jar 4 | !**/src/main/**/target/ 5 | !**/src/test/**/target/ 6 | 7 | ### STS ### 8 | .apt_generated 9 | .classpath 10 | .factorypath 11 | .project 12 | .settings 13 | .springBeans 14 | .sts4-cache 15 | 16 | ### IntelliJ IDEA ### 17 | .idea 18 | *.iws 19 | *.iml 20 | *.ipr 21 | 22 | ### NetBeans ### 23 | /nbproject/private/ 24 | /nbbuild/ 25 | /dist/ 26 | /nbdist/ 27 | /.nb-gradle/ 28 | build/ 29 | !**/src/main/**/build/ 30 | !**/src/test/**/build/ 31 | 32 | ### VS Code ### 33 | .vscode/ 34 | -------------------------------------------------------------------------------- /examples/junit-spring-web/.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeIntelligenceTesting/jazzer/efbc6354e412ce221ad3b18a6fdd32bf12241825/examples/junit-spring-web/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /examples/junit-spring-web/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip 2 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar 3 | -------------------------------------------------------------------------------- /examples/junit-spring-web/src/main/resources/application.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeIntelligenceTesting/jazzer/efbc6354e412ce221ad3b18a6fdd32bf12241825/examples/junit-spring-web/src/main/resources/application.properties -------------------------------------------------------------------------------- /examples/junit-spring-web/src/test/resources/application.properties: -------------------------------------------------------------------------------- 1 | logging.level.org.springframework.web=INFO 2 | -------------------------------------------------------------------------------- /examples/junit-spring-web/src/test/resources/com/example/JunitSpringWebApplicationTestsInputs/Test-001: -------------------------------------------------------------------------------- 1 | error -------------------------------------------------------------------------------- /examples/junit-spring-web/src/test/resources/com/example/JunitSpringWebApplicationTestsInputs/crash-11f9578d05e6f7bb58a3cdd00107e9f4e3882671: -------------------------------------------------------------------------------- 1 | error -------------------------------------------------------------------------------- /examples/junit-spring-web/src/test/resources/com/example/JunitSpringWebApplicationTestsInputs/crash-4acd17b34d3dafa673ab1f7ade3a8a29582a5730: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeIntelligenceTesting/jazzer/efbc6354e412ce221ad3b18a6fdd32bf12241825/examples/junit-spring-web/src/test/resources/com/example/JunitSpringWebApplicationTestsInputs/crash-4acd17b34d3dafa673ab1f7ade3a8a29582a5730 -------------------------------------------------------------------------------- /examples/junit-spring-web/src/test/resources/com/example/JunitSpringWebApplicationTestsInputs/fuzzTestWithDtoShouldFail/Test-001: -------------------------------------------------------------------------------- 1 | error -------------------------------------------------------------------------------- /examples/junit-spring-web/src/test/resources/com/example/JunitSpringWebApplicationTestsInputs/fuzzTestWithDtoShouldFail/crash-11f9578d05e6f7bb58a3cdd00107e9f4e3882671: -------------------------------------------------------------------------------- 1 | error -------------------------------------------------------------------------------- /examples/junit-spring-web/src/test/resources/com/example/JunitSpringWebApplicationTestsInputs/fuzzTestWithDtoShouldFail/crash-4acd17b34d3dafa673ab1f7ade3a8a29582a5730: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeIntelligenceTesting/jazzer/efbc6354e412ce221ad3b18a6fdd32bf12241825/examples/junit-spring-web/src/test/resources/com/example/JunitSpringWebApplicationTestsInputs/fuzzTestWithDtoShouldFail/crash-4acd17b34d3dafa673ab1f7ade3a8a29582a5730 -------------------------------------------------------------------------------- /examples/junit-spring-web/src/test/resources/junit-platform.properties: -------------------------------------------------------------------------------- 1 | jazzer.instrument=com.example.**,com.other.package.** 2 | -------------------------------------------------------------------------------- /examples/junit/.gitignore: -------------------------------------------------------------------------------- 1 | /.idea 2 | /target 3 | -------------------------------------------------------------------------------- /examples/junit/src/main/java/com/example/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "parser", 3 | srcs = ["Parser.java"], 4 | visibility = ["//examples/junit/src/test/java/com/example:__pkg__"], 5 | ) 6 | -------------------------------------------------------------------------------- /examples/junit/src/main/java/com/example/Parser.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | public class Parser { 20 | public static void parse(byte[] data) { 21 | if (data[4] == 'c' && new String(data).startsWith("aaaaaa")) { 22 | throw new IllegalStateException("Not reached"); 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /examples/junit/src/test/java/com/example/ByteFuzzTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import static org.junit.jupiter.api.Assertions.fail; 20 | 21 | import com.code_intelligence.jazzer.junit.FuzzTest; 22 | 23 | class ByteFuzzTest { 24 | @FuzzTest 25 | void byteFuzz(byte[] data) { 26 | if (data.length < 1) { 27 | return; 28 | } 29 | if (data[0] % 2 == 0) { 30 | fail(); 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /examples/junit/src/test/java/com/example/CommandLineFuzzTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import static org.junit.jupiter.api.Assumptions.assumeTrue; 20 | 21 | import com.code_intelligence.jazzer.junit.FuzzTest; 22 | 23 | class CommandLineFuzzTest { 24 | int run = 0; 25 | 26 | @FuzzTest 27 | void commandLineFuzz(byte[] bytes) { 28 | assumeTrue(bytes.length > 0); 29 | switch (run++) { 30 | case 0: 31 | throw new RuntimeException(); 32 | case 1: 33 | throw new IllegalStateException(); 34 | case 2: 35 | throw new Error(); 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /examples/junit/src/test/java/com/example/InvalidFuzzTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | import com.code_intelligence.jazzer.junit.FuzzTest; 21 | import org.junit.jupiter.api.TestInfo; 22 | 23 | class InvalidFuzzTests { 24 | @FuzzTest 25 | void invalidParameterCountFuzz() {} 26 | 27 | @FuzzTest 28 | void invalidParameterResolverFuzz(FuzzedDataProvider data, TestInfo testInfo) { 29 | throw new RuntimeException(testInfo.getDisplayName()); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /examples/junit/src/test/java/com/example/KeepGoingFuzzTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.junit.FuzzTest; 20 | 21 | public class KeepGoingFuzzTest { 22 | private static int counter = 0; 23 | 24 | @FuzzTest 25 | public void keepGoingFuzzTest(byte[] ignored) { 26 | counter++; 27 | if (counter == 1) { 28 | throw new IllegalArgumentException("error1"); 29 | } 30 | if (counter == 2) { 31 | throw new IllegalArgumentException("error2"); 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /examples/junit/src/test/java/com/example/MockitoFuzzTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.junit.FuzzTest; 20 | import org.mockito.Mockito; 21 | 22 | public class MockitoFuzzTest { 23 | public static class Foo { 24 | public String bar(String ignored) { 25 | return "bar"; 26 | } 27 | } 28 | 29 | @FuzzTest 30 | void fuzzWithMockito(byte[] bytes) { 31 | // Mock the Foo class to trigger an instrumentation cycle, 32 | // if not properly ignored. 33 | Foo foo = Mockito.mock(Foo.class); 34 | foo.bar(new String(bytes)); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /examples/junit/src/test/java/com/example/ThrowingFuzzTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | import com.code_intelligence.jazzer.junit.FuzzTest; 21 | 22 | public class ThrowingFuzzTest { 23 | @FuzzTest 24 | public void throwingFuzz(FuzzedDataProvider ignored) { 25 | throw new IllegalStateException("This is a test."); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /examples/junit/src/test/resources/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "example_seed_corpora", 3 | resources = glob(["com/example/*Inputs/**"]), 4 | visibility = ["//examples/junit/src/test/java/com/example:__pkg__"], 5 | ) 6 | 7 | java_library( 8 | name = "example_dictionaries", 9 | resources = glob(["**/*.dict"]), 10 | visibility = ["//examples/junit/src/test/java/com/example:__pkg__"], 11 | ) 12 | 13 | filegroup( 14 | name = "MutatorFuzzTestInputs", 15 | srcs = ["com/example/MutatorFuzzTestInputs"], 16 | visibility = ["//visibility:public"], 17 | ) 18 | 19 | filegroup( 20 | name = "additional_seed_directories", 21 | srcs = [ 22 | "additional/dir1", 23 | "additional/dir2", 24 | ], 25 | visibility = ["//examples/junit/src/test/java/com/example:__pkg__"], 26 | ) 27 | -------------------------------------------------------------------------------- /examples/junit/src/test/resources/additional/dir1/seed4: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /examples/junit/src/test/resources/additional/dir2/seed5: -------------------------------------------------------------------------------- 1 |  -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ByteFuzzTestInputs/byteFuzz/fails: -------------------------------------------------------------------------------- 1 | b -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ByteFuzzTestInputs/byteFuzz/succeeds: -------------------------------------------------------------------------------- 1 | a -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/MutatorFuzzTestInputs/mutatorFuzz/invalid: -------------------------------------------------------------------------------- 1 | abcd 2 | -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ValidFuzzTestsInputs/byteFuzz/assert: -------------------------------------------------------------------------------- 1 | assert -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ValidFuzzTestsInputs/byteFuzz/honeypot: -------------------------------------------------------------------------------- 1 | honeypot -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ValidFuzzTestsInputs/byteFuzz/sanitizer_internal_class: -------------------------------------------------------------------------------- 1 | sanitizer_internal_class -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ValidFuzzTestsInputs/byteFuzz/sanitizer_user_class: -------------------------------------------------------------------------------- 1 | sanitizer_user_class -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ValidFuzzTestsInputs/dataFuzz/assert: -------------------------------------------------------------------------------- 1 | assert -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ValidFuzzTestsInputs/dataFuzz/honeypot: -------------------------------------------------------------------------------- 1 | honeypot -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ValidFuzzTestsInputs/dataFuzz/sanitizer_internal_class: -------------------------------------------------------------------------------- 1 | sanitizer_internal_class -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ValidFuzzTestsInputs/dataFuzz/sanitizer_user_class: -------------------------------------------------------------------------------- 1 | sanitizer_user_class -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ValidFuzzTestsInputs/noCrashFuzz/assert: -------------------------------------------------------------------------------- 1 | assert -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ValidFuzzTestsInputs/noCrashFuzz/honeypot: -------------------------------------------------------------------------------- 1 | honeypot -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ValidFuzzTestsInputs/noCrashFuzz/sanitizer_internal_class: -------------------------------------------------------------------------------- 1 | sanitizer_internal_class -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ValidFuzzTestsInputs/noCrashFuzz/sanitizer_user_class: -------------------------------------------------------------------------------- 1 | sanitizer_user_class -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ValidFuzzTestsInputs/no_crash: -------------------------------------------------------------------------------- 1 | no_crash -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/ValueProfileFuzzTestInputs/valueProfileFuzz/empty_seed: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeIntelligenceTesting/jazzer/efbc6354e412ce221ad3b18a6fdd32bf12241825/examples/junit/src/test/resources/com/example/ValueProfileFuzzTestInputs/valueProfileFuzz/empty_seed -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/test.dict: -------------------------------------------------------------------------------- 1 | # test dictionary 2 | "a_" 3 | "53Cr\"3T_" 4 | "fl4G" 5 | -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/test2.dict: -------------------------------------------------------------------------------- 1 | "53Cr\"3T_" 2 | -------------------------------------------------------------------------------- /examples/junit/src/test/resources/com/example/test3.dict: -------------------------------------------------------------------------------- 1 | "fl4G" -------------------------------------------------------------------------------- /examples/junit/src/test/resources/junit-platform.properties: -------------------------------------------------------------------------------- 1 | jazzer.instrument=com.example.**,com.other.package.** 2 | -------------------------------------------------------------------------------- /examples/labels.bzl: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2024 Code Intelligence GmbH 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | LIBJPEG_TURBO_LABEL = Label("@libjpeg_turbo//:turbojpeg_native") 18 | -------------------------------------------------------------------------------- /examples/src/main/java/com/example/CommonsTextFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | import org.apache.commons.text.StringSubstitutor; 21 | 22 | public class CommonsTextFuzzer { 23 | public static void fuzzerTestOneInput(FuzzedDataProvider data) { 24 | try { 25 | StringSubstitutor.createInterpolator().replace(data.consumeAsciiString(20)); 26 | } catch (java.lang.IllegalArgumentException 27 | | java.lang.ArrayIndexOutOfBoundsException ignored) { 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /examples/src/main/java/com/example/ExampleFuzzerHooks.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.HookType; 20 | import com.code_intelligence.jazzer.api.MethodHook; 21 | import java.lang.invoke.MethodHandle; 22 | 23 | public class ExampleFuzzerHooks { 24 | @MethodHook( 25 | type = HookType.REPLACE, 26 | targetClassName = "java.security.SecureRandom", 27 | targetMethod = "nextLong", 28 | targetMethodDescriptor = "()J") 29 | public static long getRandomNumber( 30 | MethodHandle handle, Object thisObject, Object[] args, int hookId) { 31 | return 4; // chosen by fair dice roll. 32 | // guaranteed to be random. 33 | // https://xkcd.com/221/ 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /examples/src/main/java/com/example/ExampleOutOfMemoryFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | public class ExampleOutOfMemoryFuzzer { 20 | public static long[] leak; 21 | 22 | public static void fuzzerTestOneInput(byte[] input) { 23 | if (input.length == 0) { 24 | return; 25 | } 26 | leak = new long[Integer.MAX_VALUE]; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /examples/src/main/java/com/example/ExampleStackOverflowFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import java.math.BigDecimal; 20 | 21 | public class ExampleStackOverflowFuzzer { 22 | public static void fuzzerTestOneInput(byte[] input) { 23 | step1(); 24 | } 25 | 26 | private static void step1() { 27 | BigDecimal unused = BigDecimal.valueOf(10, 100); 28 | step2(); 29 | } 30 | 31 | private static void step2() { 32 | boolean unused = "foobar".contains("bar"); 33 | step1(); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /examples/src/main/java/com/example/FastJsonFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.alibaba.fastjson.JSON; 20 | import com.alibaba.fastjson.JSONException; 21 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 22 | 23 | // Found the issues described in 24 | // https://github.com/alibaba/fastjson/issues/3631 25 | public class FastJsonFuzzer { 26 | public static void fuzzerTestOneInput(FuzzedDataProvider data) { 27 | try { 28 | JSON.parse(data.consumeRemainingAsString()); 29 | } catch (JSONException ignored) { 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /examples/src/main/java/com/example/GifImageParserFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import java.io.IOException; 20 | import java.util.HashMap; 21 | import org.apache.commons.imaging.ImageReadException; 22 | import org.apache.commons.imaging.common.bytesource.ByteSourceArray; 23 | import org.apache.commons.imaging.formats.gif.GifImageParser; 24 | 25 | // Found https://issues.apache.org/jira/browse/IMAGING-277 and 26 | // https://issues.apache.org/jira/browse/IMAGING-278. 27 | public class GifImageParserFuzzer { 28 | public static void fuzzerTestOneInput(byte[] input) { 29 | try { 30 | new GifImageParser().getBufferedImage(new ByteSourceArray(input), new HashMap<>()); 31 | } catch (IOException | ImageReadException ignored) { 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /examples/src/main/java/com/example/JpegImageParserFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import java.io.IOException; 20 | import java.util.HashMap; 21 | import org.apache.commons.imaging.ImageReadException; 22 | import org.apache.commons.imaging.common.bytesource.ByteSourceArray; 23 | import org.apache.commons.imaging.formats.jpeg.JpegImageParser; 24 | 25 | // Found https://issues.apache.org/jira/browse/IMAGING-275. 26 | public class JpegImageParserFuzzer { 27 | public static void fuzzerTestOneInput(byte[] input) { 28 | try { 29 | new JpegImageParser().getBufferedImage(new ByteSourceArray(input), new HashMap<>()); 30 | } catch (IOException | ImageReadException ignored) { 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /examples/src/main/java/com/example/JsonSanitizerCrashFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | import com.google.json.JsonSanitizer; 21 | 22 | public class JsonSanitizerCrashFuzzer { 23 | public static void fuzzerTestOneInput(FuzzedDataProvider data) { 24 | String input = data.consumeRemainingAsString(); 25 | try { 26 | JsonSanitizer.sanitize(input, 10); 27 | } catch (ArrayIndexOutOfBoundsException ignored) { 28 | // ArrayIndexOutOfBoundsException is expected if nesting depth is 29 | // exceeded. 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /examples/src/main/java/com/example/KlaxonFuzzer.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example 18 | 19 | import com.beust.klaxon.KlaxonException 20 | import com.beust.klaxon.Parser 21 | import com.code_intelligence.jazzer.api.FuzzedDataProvider 22 | 23 | // Reproduces https://github.com/cbeust/klaxon/pull/330 24 | object KlaxonFuzzer { 25 | @JvmStatic 26 | fun fuzzerTestOneInput(data: FuzzedDataProvider) { 27 | try { 28 | Parser.default().parse(StringBuilder(data.consumeRemainingAsString())) 29 | } catch (_: KlaxonException) { 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /examples/src/main/java/com/example/TiffImageParserFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import java.io.IOException; 20 | import java.util.HashMap; 21 | import org.apache.commons.imaging.ImageReadException; 22 | import org.apache.commons.imaging.common.bytesource.ByteSourceArray; 23 | import org.apache.commons.imaging.formats.tiff.TiffImageParser; 24 | 25 | // Found https://issues.apache.org/jira/browse/IMAGING-276. 26 | public class TiffImageParserFuzzer { 27 | public static void fuzzerTestOneInput(byte[] input) { 28 | try { 29 | new TiffImageParser().getBufferedImage(new ByteSourceArray(input), new HashMap<>()); 30 | } catch (IOException | ImageReadException ignored) { 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /launcher/android/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 16 | 17 | 21 | 22 | -------------------------------------------------------------------------------- /launcher/android/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("//bazel:compat.bzl", "ANDROID_ONLY", "SKIP_ON_WINDOWS") 2 | 3 | android_library( 4 | name = "jazzer_android_lib", 5 | data = [ 6 | "//launcher:jazzer_single_arch", 7 | "//src/main/java/com/code_intelligence/jazzer/android:jazzer_standalone_android.apk", 8 | ], 9 | tags = ["manual"], 10 | target_compatible_with = ANDROID_ONLY, 11 | ) 12 | 13 | android_binary( 14 | name = "jazzer_android", 15 | manifest = ":android_manifest", 16 | min_sdk_version = 26, 17 | tags = ["manual"], 18 | target_compatible_with = SKIP_ON_WINDOWS, 19 | visibility = ["//visibility:public"], 20 | deps = [ 21 | ":jazzer_android_lib", 22 | ], 23 | ) 24 | 25 | filegroup( 26 | name = "android_manifest", 27 | srcs = ["AndroidManifest.xml"], 28 | tags = ["manual"], 29 | visibility = [ 30 | "//visibility:public", 31 | ], 32 | ) 33 | -------------------------------------------------------------------------------- /launcher/test_main.cpp: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Code Intelligence GmbH 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include 16 | 17 | #include "gtest/gtest.h" 18 | 19 | int main(int argc, char **argv) { 20 | rules_jni_init(argv[0]); 21 | ::testing::InitGoogleTest(&argc, argv); 22 | return RUN_ALL_TESTS(); 23 | } 24 | -------------------------------------------------------------------------------- /launcher/testdata/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_binary( 2 | name = "fuzz_target_mocks", 3 | srcs = glob(["test/*.java"]), 4 | create_executable = False, 5 | visibility = ["//visibility:public"], 6 | ) 7 | -------------------------------------------------------------------------------- /launcher/testdata/test/PropertyPrinter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package test; 18 | 19 | // Class used for testing 20 | class PropertyPrinter { 21 | public static String printProperty(String property) { 22 | return System.getProperty(property); 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /platform_mappings: -------------------------------------------------------------------------------- 1 | # Required for compatibility with apple_support's universal_binary, which 2 | # doesn't support toolchain resolution yet and instead transitions on --cpu. 3 | flags: 4 | --cpu=darwin_x86_64 5 | //bazel/platforms:macos_x86_64 6 | 7 | --cpu=darwin_arm64 8 | //bazel/platforms:macos_arm64 9 | -------------------------------------------------------------------------------- /renovate.json5: -------------------------------------------------------------------------------- 1 | { 2 | $schema: "https://docs.renovatebot.com/renovate-schema.json", 3 | extends: [ 4 | "config:recommended", 5 | ":dependencyDashboard", 6 | "group:all", 7 | "schedule:weekly" 8 | ], 9 | customManagers: [ 10 | { 11 | description: "Maven dependencies managed by rules_jvm_external", 12 | customType: "regex", 13 | fileMatch: [ 14 | "^MODULE.bazel$" 15 | ], 16 | matchStringsStrategy: "recursive", 17 | matchStrings: [ 18 | // First narrow down the search to those dependencies in a Starlark list annotated with 19 | // a special comment. 20 | "# renovate: keep updated[^\\]]*]", 21 | // Match all lines of the form: 22 | // "com.google.guava:guava:jar:28.2-jre", 23 | "\\n\\s*\"(?[^:]+:[^:]+):(?:jar:)?(?\\d[^\"]*)\"," 24 | ], 25 | datasourceTemplate: "maven" 26 | } 27 | ], 28 | packageRules: [ 29 | { 30 | // Assign regex matches to a separate group since these PRs require manual lockfile updates. 31 | matchManagers: ["regex"], 32 | groupName: "Maven deps", 33 | groupSlug: "maven", 34 | }, 35 | { 36 | // System scoped Maven dependencies are build locally. 37 | matchDepTypes: ["system"], 38 | matchManagers: ["maven"], 39 | enabled: false 40 | } 41 | ] 42 | } 43 | -------------------------------------------------------------------------------- /sanitizers/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "sanitizers", 3 | visibility = ["//src/main/java/com/code_intelligence/jazzer/runtime:__pkg__"], 4 | runtime_deps = [ 5 | "//sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers", 6 | ], 7 | ) 8 | 9 | java_library( 10 | name = "offline_only_sanitizers", 11 | visibility = ["//visibility:public"], 12 | runtime_deps = [ 13 | ":sanitizers", 14 | ], 15 | ) 16 | -------------------------------------------------------------------------------- /sanitizers/sanitizers.bzl: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2024 Code Intelligence GmbH 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | _sanitizer_package_prefix = "com.code_intelligence.jazzer.sanitizers." 18 | 19 | _sanitizer_class_names = [ 20 | # keep sorted 21 | "ClojureLangHooks", 22 | "Deserialization", 23 | "ExpressionLanguageInjection", 24 | "FilePathTraversal", 25 | "LdapInjection", 26 | "NamingContextLookup", 27 | "OsCommandInjection", 28 | "ReflectiveCall", 29 | "RegexInjection", 30 | "RegexRoadblocks", 31 | "ScriptEngineInjection", 32 | "ServerSideRequestForgery", 33 | "SqlInjection", 34 | "XPathInjection", 35 | ] 36 | 37 | SANITIZER_CLASSES = [_sanitizer_package_prefix + class_name for class_name in _sanitizer_class_names] 38 | -------------------------------------------------------------------------------- /sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/utils/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "reflection_utils", 3 | srcs = ["ReflectionUtils.java"], 4 | visibility = [ 5 | "//sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers:__pkg__", 6 | ], 7 | ) 8 | -------------------------------------------------------------------------------- /sanitizers/src/test/java/com/example/LibraryLoad.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | 21 | public class LibraryLoad { 22 | public static void fuzzerTestOneInput(FuzzedDataProvider data) { 23 | String input = data.consumeRemainingAsAsciiString(); 24 | 25 | try { 26 | System.loadLibrary(input); 27 | } catch (SecurityException 28 | | UnsatisfiedLinkError 29 | | NullPointerException 30 | | IllegalArgumentException ignored) { 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /sanitizers/src/test/java/com/example/ObjectInputStreamDeserialization.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import java.io.ByteArrayInputStream; 20 | import java.io.IOException; 21 | import java.io.ObjectInputStream; 22 | 23 | public class ObjectInputStreamDeserialization { 24 | public static void fuzzerTestOneInput(byte[] data) { 25 | try { 26 | ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(data)); 27 | ois.readObject(); 28 | } catch (IOException | ClassNotFoundException ignored) { 29 | // Ignored checked exception. 30 | } catch (NullPointerException | NegativeArraySizeException ignored) { 31 | // Ignored RuntimeExceptions thrown by readObject(). 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /sanitizers/src/test/java/com/example/ReflectiveCall.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | 21 | public class ReflectiveCall { 22 | public static void fuzzerTestOneInput(FuzzedDataProvider data) { 23 | String input = data.consumeRemainingAsAsciiString(); 24 | if (input.startsWith("@")) { 25 | String className = input.substring(1); 26 | try { 27 | Class.forName(className).newInstance(); 28 | } catch (ClassNotFoundException | InstantiationException | IllegalAccessException ignored) { 29 | } 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /sanitizers/src/test/java/com/example/RegexInsecureQuoteInjection.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | import java.util.regex.Pattern; 21 | import java.util.regex.PatternSyntaxException; 22 | 23 | public class RegexInsecureQuoteInjection { 24 | public static void fuzzerTestOneInput(FuzzedDataProvider data) { 25 | String input = data.consumeRemainingAsString(); 26 | try { 27 | Pattern.matches("\\Q" + input + "\\E", "foobar"); 28 | } catch (PatternSyntaxException ignored) { 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /sanitizers/src/test/java/com/example/SsrfSocketConnect.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | import java.net.Socket; 21 | 22 | public class SsrfSocketConnect { 23 | public static void fuzzerTestOneInput(FuzzedDataProvider data) throws Exception { 24 | String hostname = data.consumeString(15); 25 | try (Socket s = new Socket(hostname, 80)) { 26 | s.getInetAddress(); 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /sanitizers/src/test/java/com/example/SsrfUrlConnection.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | import java.io.IOException; 21 | import java.net.HttpURLConnection; 22 | import java.net.URL; 23 | 24 | public class SsrfUrlConnection { 25 | public static void fuzzerTestOneInput(FuzzedDataProvider data) throws Exception { 26 | String hostname = data.consumeString(15); 27 | try { 28 | URL url = new URL("https://" + hostname); 29 | HttpURLConnection con = (HttpURLConnection) url.openConnection(); 30 | con.setRequestMethod("GET"); 31 | con.getInputStream(); 32 | } catch (IOException | IllegalArgumentException ignored) { 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /sanitizers/src/test/java/com/example/el/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_testonly = True) 2 | 3 | java_library( 4 | name = "ExpressionLanguageExample", 5 | srcs = [ 6 | "InsecureEmailValidator.java", 7 | "UserData.java", 8 | ], 9 | visibility = ["//sanitizers/src/test/java/com/example:__pkg__"], 10 | deps = [ 11 | "@maven//:javax_el_javax_el_api", 12 | "@maven//:javax_validation_validation_api", 13 | "@maven//:javax_xml_bind_jaxb_api", 14 | "@maven//:org_glassfish_javax_el", 15 | "@maven//:org_hibernate_hibernate_validator", 16 | ], 17 | ) 18 | -------------------------------------------------------------------------------- /selffuzz/.gitignore: -------------------------------------------------------------------------------- 1 | .cifuzz-build/ 2 | .cifuzz-corpus/ 3 | .cifuzz-findings/ 4 | target/ 5 | src/test/resources/ -------------------------------------------------------------------------------- /selffuzz/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@bazel_jar_jar//:jar_jar.bzl", "jar_jar") 2 | 3 | jar_jar( 4 | name = "jazzer_selffuzz", 5 | input_jar = "//src/main/java/com/code_intelligence/jazzer:jazzer", 6 | rules = "selffuzz_shade_rules.jarjar", 7 | visibility = ["__subpackages__"], 8 | ) 9 | 10 | jar_jar( 11 | name = "jazzer_api_selffuzz", 12 | input_jar = "//src/main/java/com/code_intelligence/jazzer/api:api", 13 | rules = "selffuzz_shade_rules.jarjar", 14 | visibility = ["__subpackages__"], 15 | ) 16 | -------------------------------------------------------------------------------- /selffuzz/README.md: -------------------------------------------------------------------------------- 1 | # Selffuzz 2 | 3 | This package holds fuzz tests for Jazzer. In order to get around the 4 | constraint that Jazzer cannot instrument its own code this is a separate 5 | package that takes the built Jazzer jar and shades it such that we can 6 | have the normal Jazzer classes running the fuzzing while our test code 7 | calls the shaded Jazzer classes which have been instrumented. 8 | 9 | ## Building and running 10 | 11 | ```shell 12 | bazel build //... 13 | cifuzz run "" 14 | ``` 15 | 16 | The shaded classes will be in the `com.code_intelligence.selffuzz.jazzer` package. 17 | 18 | ## Maven and Bazel 19 | 20 | This package contains both Maven and Bazel files. There is no interaction 21 | between them. Bazel is used to integrate with the build system of the wider 22 | project and to integrate with Intellij and Maven is used by `cifuzz` for running the fuzz tests. 23 | Any dependencies used in the tests must therefore be listed in both Maven and Bazel. 24 | 25 | ### Jazzer dependency in Maven 26 | 27 | In addition to testing the current working version of Jazzer, this also uses it to run the fuzzing by 28 | directly referencing the output jars produced by `bazel build //deploy` in `pom.xml`. Because we're 29 | sidestepping Maven's normal dependency handling, it won't automatically resolve Jazzer's transitive dependencies meaning 30 | they must be manually added to selffuzz's `pom.xml` in order for everything to be available. 31 | -------------------------------------------------------------------------------- /selffuzz/ci-settings.xml: -------------------------------------------------------------------------------- 1 | 16 | 17 | 18 | 19 | 20 | code-intelligence 21 | ${env.REPOSITORY_USER} 22 | ${env.REPOSITORY_TOKEN} 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /selffuzz/selffuzz_shade_rules.jarjar: -------------------------------------------------------------------------------- 1 | # this is loaded in a special way at runtime and so we can't shade it but it should be safe to share between selffuzz 2 | # and normal jazzer. In order to not shade it, we make a rule to transform it to itself and then have the 3 | # general rule because a file will be transformed by the first rule where it fits the filter 4 | rule com.code_intelligence.jazzer.utils.UnsafeProvider com.code_intelligence.jazzer.utils.UnsafeProvider 5 | rule com.code_intelligence.jazzer.** com.code_intelligence.selffuzz.jazzer.@1 6 | -------------------------------------------------------------------------------- /selffuzz/src/main/java/.gitignore: -------------------------------------------------------------------------------- 1 | # this exists to ensure this otherwise empty directory is included in git because our CI will fail if there's no 2 | # directory here -------------------------------------------------------------------------------- /selffuzz/src/test/java/com/code_intelligence/selffuzz/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "helpers", 3 | srcs = ["Helpers.java"], 4 | visibility = ["//:__subpackages__"], 5 | deps = [ 6 | "//selffuzz:jazzer_selffuzz", 7 | "@maven//:org_junit_jupiter_junit_jupiter_api", 8 | ], 9 | ) 10 | -------------------------------------------------------------------------------- /selffuzz/src/test/java/com/code_intelligence/selffuzz/driver/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("//bazel:fuzz_target.bzl", "java_fuzz_target_test") 2 | 3 | # Mutator fuzz tests define a low `runs` to only start and iterate 4 | # a few times via Bazel. Long running fuzzing is executed in CI Sense through 5 | # the CI pipeline integration. 6 | 7 | java_fuzz_target_test( 8 | name = "FuzzedDataProviderImplFuzzTest", 9 | srcs = ["FuzzedDataProviderImplFuzzTest.java"], 10 | fuzzer_args = [ 11 | "-runs=1000", 12 | ], 13 | target_class = "com.code_intelligence.selffuzz.driver.FuzzedDataProviderImplFuzzTest", 14 | deps = [ 15 | "//selffuzz:jazzer_api_selffuzz", 16 | "//selffuzz:jazzer_selffuzz", 17 | "//src/main/java/com/code_intelligence/jazzer/driver:fuzzed_data_provider_impl", 18 | "//src/main/java/com/code_intelligence/jazzer/junit:fuzz_test", 19 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 20 | "//src/main/native/com/code_intelligence/jazzer/driver:jazzer_fuzzed_data_provider", 21 | "@maven//:org_junit_jupiter_junit_jupiter_api", 22 | "@maven//:org_junit_jupiter_junit_jupiter_engine", 23 | "@maven//:org_junit_platform_junit_platform_launcher", 24 | ], 25 | ) 26 | -------------------------------------------------------------------------------- /selffuzz/src/test/java/com/code_intelligence/selffuzz/mutation/mutator/proto/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("//bazel:fuzz_target.bzl", "java_fuzz_target_test") 2 | 3 | java_fuzz_target_test( 4 | name = "ProtobufMutatorFuzzTest", 5 | srcs = ["ProtobufMutatorFuzzTest.java"], 6 | expected_warning_or_error = "ERROR: Could not find suitable mutator for type: com.google.protobuf.DynamicMessage", 7 | fuzzer_args = [ 8 | "-runs=5000", 9 | ], 10 | target_class = "com.code_intelligence.selffuzz.mutation.mutator.proto.ProtobufMutatorFuzzTest", 11 | deps = [ 12 | "//selffuzz:jazzer_selffuzz", 13 | "//selffuzz/src/test/java/com/code_intelligence/selffuzz:helpers", 14 | "//src/main/java/com/code_intelligence/jazzer/junit:fuzz_test", 15 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/proto", 16 | "@maven//:org_junit_jupiter_junit_jupiter_api", 17 | "@maven//:org_junit_jupiter_junit_jupiter_engine", 18 | "@maven//:org_junit_jupiter_junit_jupiter_params", 19 | "@protobuf//java/core", 20 | ], 21 | ) 22 | -------------------------------------------------------------------------------- /src/jmh/java/com/code_intelligence/jazzer/BUILD.bazel: -------------------------------------------------------------------------------- 1 | package(default_testonly = True) 2 | 3 | java_plugin( 4 | name = "JmhGeneratorAnnotationProcessor", 5 | processor_class = "org.openjdk.jmh.generators.BenchmarkProcessor", 6 | visibility = ["//src/jmh/java:__subpackages__"], 7 | deps = ["@maven//:org_openjdk_jmh_jmh_generator_annprocess"], 8 | ) 9 | -------------------------------------------------------------------------------- /src/jmh/java/com/code_intelligence/jazzer/instrumentor/DirectByteBuffer2CoverageMap.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.instrumentor; 18 | 19 | import java.nio.ByteBuffer; 20 | 21 | public final class DirectByteBuffer2CoverageMap { 22 | // The current target, JsonSanitizer, uses less than 2048 coverage counters. 23 | private static final int NUM_COUNTERS = 4096; 24 | public static final ByteBuffer counters = ByteBuffer.allocateDirect(NUM_COUNTERS); 25 | 26 | public static void enlargeIfNeeded(int nextId) { 27 | // Statically sized counters buffer. 28 | } 29 | 30 | public static void recordCoverage(final int id) { 31 | final byte counter = counters.get(id); 32 | counters.put(id, (byte) (counter == -1 ? 1 : counter + 1)); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /src/jmh/java/com/code_intelligence/jazzer/jmh.bzl: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2024 Code Intelligence GmbH 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | JMH_TEST_ARGS = [ 18 | # Fail fast on any exceptions produced by benchmarks. 19 | "-foe true", 20 | "-wf 0", 21 | "-f 1", 22 | "-wi 0", 23 | "-i 1", 24 | "-r 1s", 25 | "-w 1s", 26 | ] 27 | -------------------------------------------------------------------------------- /src/jmh/java/com/code_intelligence/jazzer/runtime/FuzzerCallbacks.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.runtime; 18 | 19 | import com.github.fmeum.rules_jni.RulesJni; 20 | 21 | public final class FuzzerCallbacks { 22 | static { 23 | RulesJni.loadLibrary("fuzzer_callbacks", FuzzerCallbacks.class); 24 | } 25 | 26 | static native void traceCmpInt(int arg1, int arg2, int pc); 27 | 28 | static native void traceSwitch(long val, long[] cases, int pc); 29 | 30 | static native void traceMemcmp(byte[] b1, byte[] b2, int result, int pc); 31 | 32 | static native void traceStrstr(String s1, String s2, int pc); 33 | } 34 | -------------------------------------------------------------------------------- /src/jmh/java/com/code_intelligence/jazzer/runtime/FuzzerCallbacksWithPc.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.runtime; 18 | 19 | import com.github.fmeum.rules_jni.RulesJni; 20 | 21 | /** 22 | * Unoptimized implementation of the libFuzzer callbacks that use the trampoline construction to 23 | * inject fake PCs. 24 | */ 25 | public final class FuzzerCallbacksWithPc { 26 | static { 27 | RulesJni.loadLibrary("fuzzer_callbacks", FuzzerCallbacksWithPc.class); 28 | } 29 | 30 | static native void traceCmpInt(int arg1, int arg2, int pc); 31 | 32 | static native void traceSwitch(long val, long[] cases, int pc); 33 | } 34 | -------------------------------------------------------------------------------- /src/jmh/native/com/code_intelligence/jazzer/runtime/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@rules_jni//jni:defs.bzl", "cc_jni_library") 2 | 3 | package(default_testonly = True) 4 | 5 | cc_jni_library( 6 | name = "fuzzer_callbacks", 7 | srcs = ["fuzzer_callbacks.cpp"], 8 | visibility = ["//src/jmh/java/com/code_intelligence/jazzer/runtime:__pkg__"], 9 | deps = [ 10 | "//src/jmh/java/com/code_intelligence/jazzer/runtime:fuzzer_callbacks.hdrs", 11 | "//src/main/native/com/code_intelligence/jazzer/driver:sanitizer_hooks_with_pc", 12 | "@jazzer_libfuzzer//:libfuzzer_no_main", 13 | ], 14 | ) 15 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/AutofuzzConstructionException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | // An exception wrapping a Throwable thrown during the construction of parameters for, but not the 20 | // actual invocation of an autofuzzed method. 21 | /** Only used internally. */ 22 | public class AutofuzzConstructionException extends RuntimeException { 23 | public AutofuzzConstructionException() { 24 | super(); 25 | } 26 | 27 | public AutofuzzConstructionException(String message) { 28 | super(message); 29 | } 30 | 31 | public AutofuzzConstructionException(Throwable cause) { 32 | super(cause); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/AutofuzzInvocationException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | // An exception wrapping a {@link Throwable} thrown during the actual invocation of, but not the 20 | // construction of parameters for an autofuzzed method. 21 | /** Only used internally. */ 22 | public class AutofuzzInvocationException extends RuntimeException { 23 | public AutofuzzInvocationException() { 24 | super(); 25 | } 26 | 27 | public AutofuzzInvocationException(Throwable cause) { 28 | super(cause); 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/Consumer1.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | import java.util.function.Consumer; 20 | 21 | @FunctionalInterface 22 | public interface Consumer1 extends Consumer { 23 | @Override 24 | void accept(T1 t1); 25 | } 26 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/Consumer2.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | import java.util.function.BiConsumer; 20 | 21 | @FunctionalInterface 22 | public interface Consumer2 extends BiConsumer { 23 | @Override 24 | void accept(T1 t1, T2 t2); 25 | } 26 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/Consumer3.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | @FunctionalInterface 20 | public interface Consumer3 { 21 | void accept(T1 t1, T2 t2, T3 t3); 22 | } 23 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/Consumer4.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | @FunctionalInterface 20 | public interface Consumer4 { 21 | void accept(T1 t1, T2 t2, T3 t3, T4 t4); 22 | } 23 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/Consumer5.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | @FunctionalInterface 20 | public interface Consumer5 { 21 | void accept(T1 t1, T2 t2, T3 t3, T4 t4, T5 t5); 22 | } 23 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/Function1.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | import java.util.function.Function; 20 | 21 | @FunctionalInterface 22 | public interface Function1 extends Function { 23 | @Override 24 | R apply(T1 t1); 25 | } 26 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/Function2.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | import java.util.function.BiFunction; 20 | 21 | @FunctionalInterface 22 | public interface Function2 extends BiFunction { 23 | @Override 24 | R apply(T1 t1, T2 t2); 25 | } 26 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/Function3.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | @FunctionalInterface 20 | public interface Function3 { 21 | R apply(T1 t1, T2 t2, T3 t3); 22 | } 23 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/Function4.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | @FunctionalInterface 20 | public interface Function4 { 21 | R apply(T1 t1, T2 t2, T3 t3, T4 t4); 22 | } 23 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/Function5.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | @FunctionalInterface 20 | public interface Function5 { 21 | R apply(T1 t1, T2 t2, T3 t3, T4 t4, T5 t5); 22 | } 23 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/HookType.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | /** The type of a {@link MethodHook}. */ 20 | // Note: The order of entries is important and is used during instrumentation. 21 | public enum HookType { 22 | BEFORE, 23 | REPLACE, 24 | AFTER, 25 | } 26 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/MethodHooks.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | import java.lang.annotation.Documented; 20 | import java.lang.annotation.ElementType; 21 | import java.lang.annotation.Retention; 22 | import java.lang.annotation.RetentionPolicy; 23 | import java.lang.annotation.Target; 24 | 25 | /** Internal helper allowing to apply multiple {@link MethodHook} annotations to the same method. */ 26 | @Retention(RetentionPolicy.RUNTIME) 27 | @Target(ElementType.METHOD) 28 | @Documented 29 | public @interface MethodHooks { 30 | MethodHook[] value(); 31 | } 32 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/api/SilentCloseable.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.api; 18 | 19 | /** 20 | * A specialization of {@link AutoCloseable} without a {@code throws} declarations on {@link 21 | * #close()}. 22 | */ 23 | public interface SilentCloseable extends AutoCloseable { 24 | @Override 25 | void close(); 26 | } 27 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/autofuzz/AutofuzzError.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.autofuzz; 18 | 19 | /** An error indicating an internal error in the autofuzz functionality. */ 20 | public class AutofuzzError extends Error { 21 | private static final String MESSAGE_TRAILER = 22 | String.format( 23 | "%nPlease file an issue at:%n " 24 | + " https://github.com/CodeIntelligenceTesting/jazzer/issues/new/choose"); 25 | 26 | public AutofuzzError(String message) { 27 | super(message + MESSAGE_TRAILER); 28 | } 29 | 30 | public AutofuzzError(String message, Throwable cause) { 31 | super(message + MESSAGE_TRAILER, cause); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/autofuzz/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "autofuzz", 3 | srcs = [ 4 | "AccessibleObjectLookup.java", 5 | "AutofuzzCodegenVisitor.java", 6 | "AutofuzzError.java", 7 | "FuzzTarget.java", 8 | "Meta.java", 9 | "YourAverageJavaClass.java", 10 | ], 11 | visibility = ["//visibility:public"], 12 | deps = [ 13 | "//src/main/java/com/code_intelligence/jazzer/api", 14 | "//src/main/java/com/code_intelligence/jazzer/runtime:jazzer_bootstrap_compile_only", 15 | "//src/main/java/com/code_intelligence/jazzer/utils", 16 | "//src/main/java/com/code_intelligence/jazzer/utils:log", 17 | "//src/main/java/com/code_intelligence/jazzer/utils:simple_glob_matcher", 18 | "@maven//:io_github_classgraph_classgraph", 19 | "@maven//:net_jodah_typetools", 20 | "@maven//:org_ow2_asm_asm", 21 | ], 22 | ) 23 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/driver/Constants.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.driver; 18 | 19 | public final class Constants { 20 | 21 | // Default value of the libFuzzer -error_exitcode flag. 22 | public static final int JAZZER_FINDING_EXIT_CODE = 77; 23 | 24 | // Success exit code if no finding/error was detected. 25 | public static final int JAZZER_SUCCESS_EXIT_CODE = 0; 26 | 27 | // Error exit code if the fuzz test could not be executed or 28 | // other configuration errors occurred. 29 | public static final int JAZZER_ERROR_EXIT_CODE = 1; 30 | 31 | private Constants() {} 32 | } 33 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/driver/ReflectionUtils.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.driver; 18 | 19 | import java.lang.reflect.Method; 20 | import java.lang.reflect.Modifier; 21 | import java.util.Optional; 22 | 23 | class ReflectionUtils { 24 | static Optional targetPublicStaticMethod( 25 | Class clazz, String name, Class... parameterTypes) { 26 | try { 27 | Method method = clazz.getMethod(name, parameterTypes); 28 | if (!Modifier.isStatic(method.getModifiers()) || !Modifier.isPublic(method.getModifiers())) { 29 | return Optional.empty(); 30 | } 31 | return Optional.of(method); 32 | } catch (NoSuchMethodException e) { 33 | return Optional.empty(); 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/driver/Reproducer.java.tmpl: -------------------------------------------------------------------------------- 1 | import java.lang.reflect.InvocationTargetException; 2 | import java.lang.reflect.Method; 3 | 4 | public class Crash_%1$s { 5 | static final String base64Bytes = String.join("", "%2$s"); 6 | 7 | public static void main(String[] args) throws Throwable { 8 | Crash_%1$s.class.getClassLoader().setDefaultAssertionStatus(true); 9 | try { 10 | Method fuzzerInitialize = %3$s.class.getMethod("fuzzerInitialize"); 11 | fuzzerInitialize.invoke(null); 12 | } catch (NoSuchMethodException ignored) { 13 | try { 14 | Method fuzzerInitialize = %3$s.class.getMethod("fuzzerInitialize", String[].class); 15 | fuzzerInitialize.invoke(null, (Object) args); 16 | } catch (NoSuchMethodException ignored1) { 17 | } catch (IllegalAccessException | InvocationTargetException e) { 18 | e.printStackTrace(); 19 | System.exit(1); 20 | } 21 | } catch (IllegalAccessException | InvocationTargetException e) { 22 | e.printStackTrace(); 23 | System.exit(1); 24 | } 25 | %4$s 26 | %3$s.fuzzerTestOneInput(input); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/driver/SignalHandler.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.driver; 18 | 19 | import com.github.fmeum.rules_jni.RulesJni; 20 | import sun.misc.Signal; 21 | 22 | public final class SignalHandler { 23 | static { 24 | RulesJni.loadLibrary("jazzer_signal_handler", SignalHandler.class); 25 | Signal.handle(new Signal("INT"), sig -> handleInterrupt()); 26 | } 27 | 28 | public static void initialize() { 29 | // Implicitly runs the static initializer. 30 | } 31 | 32 | private static native void handleInterrupt(); 33 | } 34 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/jazzer_shade_rules.jarjar: -------------------------------------------------------------------------------- 1 | rule com.github.** com.code_intelligence.jazzer.third_party.@0 2 | rule io.** com.code_intelligence.jazzer.third_party.@0 3 | rule kotlin.** com.code_intelligence.jazzer.third_party.@0 4 | rule net.** com.code_intelligence.jazzer.third_party.@0 5 | rule nonapi.** com.code_intelligence.jazzer.third_party.@0 6 | rule org.objectweb.** com.code_intelligence.jazzer.third_party.@0 7 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/junit/ApiStats.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.junit; 18 | 19 | public interface ApiStats { 20 | void addStat(String endpointUri, String method, int responseStatusCode); 21 | 22 | String stringify(); 23 | } 24 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/junit/ApiStatsHolder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.junit; 18 | 19 | import com.code_intelligence.jazzer.utils.Log; 20 | 21 | public final class ApiStatsHolder { 22 | 23 | public static ApiStats apiStats = new ApiStatsNoop(); 24 | 25 | public static void printApiStats() { 26 | String stats = apiStats.stringify(); 27 | if (ApiStatsInterval.NO_STATS.equals(stats)) { 28 | return; 29 | } 30 | Log.println(stats); 31 | } 32 | 33 | public static void collectApiStats(String requestURI, String method, int statusCode) { 34 | apiStats.addStat(requestURI, method, statusCode); 35 | } 36 | 37 | private ApiStatsHolder() {} 38 | } 39 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/junit/ApiStatsNoop.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.junit; 18 | 19 | public class ApiStatsNoop implements ApiStats { 20 | @Override 21 | public void addStat(String endpointUri, String method, int responseStatusCode) {} 22 | 23 | @Override 24 | public String stringify() { 25 | return ""; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/junit/DictionaryEntriesList.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.junit; 18 | 19 | import java.lang.annotation.ElementType; 20 | import java.lang.annotation.Retention; 21 | import java.lang.annotation.RetentionPolicy; 22 | import java.lang.annotation.Target; 23 | 24 | @Target({ElementType.METHOD, ElementType.ANNOTATION_TYPE}) 25 | @Retention(RetentionPolicy.RUNTIME) 26 | public @interface DictionaryEntriesList { 27 | DictionaryEntries[] value(); 28 | } 29 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/junit/DictionaryFiles.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.junit; 18 | 19 | import java.lang.annotation.ElementType; 20 | import java.lang.annotation.Retention; 21 | import java.lang.annotation.RetentionPolicy; 22 | import java.lang.annotation.Target; 23 | 24 | @Target({ElementType.METHOD, ElementType.ANNOTATION_TYPE}) 25 | @Retention(RetentionPolicy.RUNTIME) 26 | public @interface DictionaryFiles { 27 | DictionaryFile[] value(); 28 | } 29 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/junit/ExitCodeException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.junit; 18 | 19 | public final class ExitCodeException extends Exception { 20 | public final int exitCode; 21 | 22 | public ExitCodeException(String message, int exitCode) { 23 | super(message); 24 | this.exitCode = exitCode; 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/junit/FuzzTestConfigurationError.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.junit; 18 | 19 | /** 20 | * An {@link Error} thrown when a {@link FuzzTest} is not configured correctly, for example due to 21 | * unsupported parameters or invalid settings. 22 | */ 23 | public class FuzzTestConfigurationError extends Error { 24 | public FuzzTestConfigurationError(String message) { 25 | super(message); 26 | } 27 | 28 | public FuzzTestConfigurationError(String message, Throwable cause) { 29 | super(message, cause); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/junit/FuzzTestFindingException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.junit; 18 | 19 | /** 20 | * Wrapper exception that is used to distinguish between handled findings and unhandled execution 21 | * exceptions. 22 | */ 23 | public class FuzzTestFindingException extends RuntimeException { 24 | public FuzzTestFindingException(Throwable finding) { 25 | super(finding); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "mutation", 3 | srcs = glob(["*.java"]), 4 | visibility = [ 5 | "//visibility:public", 6 | ], 7 | deps = [ 8 | "//src/main/java/com/code_intelligence/jazzer/api", 9 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 10 | "//src/main/java/com/code_intelligence/jazzer/mutation/api", 11 | "//src/main/java/com/code_intelligence/jazzer/mutation/combinator", 12 | "//src/main/java/com/code_intelligence/jazzer/mutation/engine", 13 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator", 14 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 15 | "//src/main/java/com/code_intelligence/jazzer/utils:log", 16 | ], 17 | ) 18 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/annotation/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "annotation", 3 | srcs = glob(["*.java"]), 4 | visibility = ["//visibility:public"], 5 | deps = [ 6 | "//src/main/java/com/code_intelligence/jazzer/mutation/utils", 7 | ], 8 | ) 9 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/annotation/proto/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "proto", 3 | srcs = glob(["*.java"]), 4 | visibility = ["//visibility:public"], 5 | deps = [ 6 | ":protobuf_runtime_compile_only", 7 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 8 | "//src/main/java/com/code_intelligence/jazzer/mutation/utils", 9 | ], 10 | ) 11 | 12 | java_library( 13 | name = "protobuf_runtime_compile_only", 14 | # The proto mutator factory detects the presence of Protobuf at runtime and disables itself if 15 | # it isn't found. Without something else bringing in the Protobuf runtime, there is no point in 16 | # supporting proto mutations. 17 | neverlink = True, 18 | visibility = [ 19 | "//selffuzz:__subpackages__", 20 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/proto:__pkg__", 21 | ], 22 | exports = [ 23 | "@protobuf//java/core", 24 | ], 25 | ) 26 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/api/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "api", 3 | srcs = glob(["*.java"]), 4 | visibility = ["//visibility:public"], 5 | deps = [ 6 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 7 | "@maven//:com_google_errorprone_error_prone_annotations", 8 | ], 9 | ) 10 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/api/Cache.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.mutation.api; 18 | 19 | /** 20 | * A cache that can be used during _one_ fizzing iteration to save generated objects.
21 | * Generally, mutators should try to stay stateless and only rely on the cache as a last resort. 22 | */ 23 | public interface Cache { 24 | 25 | V get(K key); 26 | 27 | V put(K key, V value); 28 | 29 | void clear(); 30 | } 31 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/combinator/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "combinator", 3 | srcs = glob(["*.java"]), 4 | visibility = ["//visibility:public"], 5 | deps = [ 6 | "//src/main/java/com/code_intelligence/jazzer/mutation/api", 7 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 8 | "@maven//:com_google_errorprone_error_prone_type_annotations", 9 | "@maven//:net_jodah_typetools", 10 | ], 11 | ) 12 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/engine/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "engine", 3 | srcs = glob(["*.java"]), 4 | visibility = [ 5 | "//src/jmh/java/com/code_intelligence/jazzer/mutation:__subpackages__", 6 | "//src/main/java/com/code_intelligence/jazzer/mutation:__subpackages__", 7 | "//src/test/java/com/code_intelligence/jazzer/mutation:__subpackages__", 8 | ], 9 | deps = [ 10 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 11 | "//src/main/java/com/code_intelligence/jazzer/mutation/api", 12 | "//src/main/java/com/code_intelligence/jazzer/mutation/combinator", 13 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 14 | "//src/main/java/com/code_intelligence/jazzer/utils:log", 15 | "@maven//:com_google_errorprone_error_prone_annotations", 16 | ], 17 | ) 18 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/mutator/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "mutator", 3 | srcs = glob(["*.java"]), 4 | visibility = ["//visibility:public"], 5 | deps = [ 6 | "//src/main/java/com/code_intelligence/jazzer/api", 7 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 8 | "//src/main/java/com/code_intelligence/jazzer/mutation/api", 9 | "//src/main/java/com/code_intelligence/jazzer/mutation/engine", 10 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/aggregate", 11 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/collection", 12 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/lang", 13 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/libfuzzer", 14 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/proto", 15 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/time", 16 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 17 | ], 18 | ) 19 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/mutator/collection/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "collection", 3 | srcs = glob(["*.java"]), 4 | visibility = [ 5 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator:__pkg__", 6 | "//src/test/java/com/code_intelligence/jazzer/mutation/mutator:__subpackages__", 7 | ], 8 | deps = [ 9 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 10 | "//src/main/java/com/code_intelligence/jazzer/mutation/api", 11 | "//src/main/java/com/code_intelligence/jazzer/mutation/combinator", 12 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 13 | ], 14 | ) 15 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/mutator/collection/CollectionMutators.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.mutation.mutator.collection; 18 | 19 | import com.code_intelligence.jazzer.mutation.api.MutatorFactory; 20 | import java.util.stream.Stream; 21 | 22 | public final class CollectionMutators { 23 | private CollectionMutators() {} 24 | 25 | public static Stream newFactories() { 26 | return Stream.of(new ListMutatorFactory(), new MapMutatorFactory(), new ArrayMutatorFactory()); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/mutator/lang/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "lang", 3 | srcs = glob(["*.java"]), 4 | visibility = [ 5 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator:__pkg__", 6 | "//src/test/java/com/code_intelligence/jazzer/mutation/mutator:__subpackages__", 7 | ], 8 | deps = [ 9 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 10 | "//src/main/java/com/code_intelligence/jazzer/mutation/api", 11 | "//src/main/java/com/code_intelligence/jazzer/mutation/combinator", 12 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/libfuzzer:libfuzzermutate", 13 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 14 | "@maven//:com_google_errorprone_error_prone_annotations", 15 | ], 16 | ) 17 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/mutator/libfuzzer/LibFuzzerMutators.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.mutation.mutator.libfuzzer; 18 | 19 | import com.code_intelligence.jazzer.mutation.api.MutatorFactory; 20 | import java.util.stream.Stream; 21 | 22 | public final class LibFuzzerMutators { 23 | private LibFuzzerMutators() {} 24 | 25 | public static Stream newFactories() { 26 | return Stream.of(new FuzzedDataProviderMutatorFactory()); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/mutator/proto/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "proto", 3 | srcs = glob(["*.java"]), 4 | visibility = [ 5 | "//selffuzz:__subpackages__", 6 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator:__pkg__", 7 | "//src/test/java/com/code_intelligence/jazzer/mutation/mutator/proto:__pkg__", 8 | ], 9 | deps = [ 10 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 11 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation/proto", 12 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation/proto:protobuf_runtime_compile_only", 13 | "//src/main/java/com/code_intelligence/jazzer/mutation/api", 14 | "//src/main/java/com/code_intelligence/jazzer/mutation/combinator", 15 | "//src/main/java/com/code_intelligence/jazzer/mutation/engine", 16 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 17 | "//src/main/java/com/code_intelligence/jazzer/mutation/utils", 18 | ], 19 | ) 20 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/mutator/proto/ProtoMutators.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.mutation.mutator.proto; 18 | 19 | import com.code_intelligence.jazzer.mutation.api.MutatorFactory; 20 | import java.util.stream.Stream; 21 | 22 | public final class ProtoMutators { 23 | private ProtoMutators() {} 24 | 25 | public static Stream newFactories() { 26 | try { 27 | Class.forName("com.google.protobuf.Message"); 28 | return Stream.of( 29 | new ByteStringMutatorFactory(), new MessageMutatorFactory(), new BuilderMutatorFactory()); 30 | } catch (ClassNotFoundException e) { 31 | return Stream.empty(); 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/mutator/time/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "time", 3 | srcs = glob(["*.java"]), 4 | visibility = [ 5 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator:__pkg__", 6 | "//src/test/java/com/code_intelligence/jazzer/mutation/mutator:__subpackages__", 7 | ], 8 | deps = [ 9 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 10 | "//src/main/java/com/code_intelligence/jazzer/mutation/api", 11 | "//src/main/java/com/code_intelligence/jazzer/mutation/combinator", 12 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 13 | "@maven//:com_google_errorprone_error_prone_annotations", 14 | ], 15 | ) 16 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/mutator/time/TimeMutators.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.mutation.mutator.time; 18 | 19 | import com.code_intelligence.jazzer.mutation.api.MutatorFactory; 20 | import java.util.stream.Stream; 21 | 22 | public final class TimeMutators { 23 | private TimeMutators() {} 24 | 25 | public static Stream newFactories() { 26 | return Stream.of( 27 | new LocalDateMutatorFactory(), 28 | new LocalDateTimeMutatorFactory(), 29 | new LocalTimeMutatorFactory(), 30 | new ZonedDateTimeMutatorFactory()); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/support/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "support", 3 | srcs = glob(["*.java"]), 4 | visibility = [ 5 | "//src/main/java/com/code_intelligence/jazzer/mutation:__subpackages__", 6 | "//src/test/java/com/code_intelligence/jazzer/mutation:__subpackages__", 7 | ], 8 | deps = [ 9 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 10 | "//src/main/java/com/code_intelligence/jazzer/mutation/utils", 11 | "//src/main/java/com/code_intelligence/jazzer/utils:log", 12 | ], 13 | ) 14 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/support/ExceptionSupport.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.mutation.support; 18 | 19 | public final class ExceptionSupport { 20 | /** 21 | * Allows throwing any {@link Throwable} unchanged as if it were an unchecked exception. 22 | * 23 | *

Example: {@code throw asUnchecked(new IOException())} 24 | */ 25 | @SuppressWarnings("unchecked") 26 | public static T asUnchecked(Throwable t) throws T { 27 | throw (T) t; 28 | } 29 | 30 | private ExceptionSupport() {} 31 | } 32 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/utils/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "utils", 3 | srcs = glob(["*.java"]), 4 | visibility = [ 5 | "//selffuzz/src/test/java/com/code_intelligence/selffuzz/mutation/mutator/lang:__pkg__", 6 | "//src/main/java/com/code_intelligence/jazzer/mutation:__pkg__", 7 | "//src/main/java/com/code_intelligence/jazzer/mutation:__subpackages__", 8 | "//src/test/java/com/code_intelligence/jazzer/mutation:__pkg__", 9 | "//src/test/java/com/code_intelligence/jazzer/mutation:__subpackages__", 10 | ], 11 | ) 12 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/utils/ValidateContainerDimensions.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.mutation.utils; 18 | 19 | import static java.lang.annotation.ElementType.ANNOTATION_TYPE; 20 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 21 | 22 | import java.lang.annotation.Retention; 23 | import java.lang.annotation.Target; 24 | 25 | /** 26 | * Meta-annotation intended to be used internally by Jazzer for container annotations with min and 27 | * max fields. Annotations annotated with @ValidateContainerDimensions will be validated to ensure 28 | * that min and max are both {@code >= 0}, and that {@code min <= max}. 29 | */ 30 | @Target(ANNOTATION_TYPE) 31 | @Retention(RUNTIME) 32 | public @interface ValidateContainerDimensions {} 33 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/mutation/utils/ValidateMinMax.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.mutation.utils; 18 | 19 | import static java.lang.annotation.ElementType.ANNOTATION_TYPE; 20 | import static java.lang.annotation.RetentionPolicy.RUNTIME; 21 | 22 | import java.lang.annotation.Retention; 23 | import java.lang.annotation.Target; 24 | 25 | /** 26 | * Meta-annotation intended to be used internally by Jazzer for annotations that have min and max 27 | * fields. For all such annotations, Jazzer will assert that {@code min <= max}. 28 | */ 29 | @Target(ANNOTATION_TYPE) 30 | @Retention(RUNTIME) 31 | public @interface ValidateMinMax {} 32 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/replay/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@rules_jni//jni:defs.bzl", "java_jni_library") 2 | 3 | java_jni_library( 4 | name = "replay", 5 | srcs = ["Replayer.java"], 6 | deps = [ 7 | "//src/main/java/com/code_intelligence/jazzer/api", 8 | "//src/main/java/com/code_intelligence/jazzer/driver:fuzzed_data_provider_impl", 9 | ], 10 | ) 11 | 12 | java_binary( 13 | name = "Replayer", 14 | visibility = ["//visibility:public"], 15 | runtime_deps = [":replay"], 16 | ) 17 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/runtime/Constants.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.runtime; 18 | 19 | public final class Constants { 20 | public static final boolean IS_ANDROID = System.getProperty("java.vm.vendor").contains("Android"); 21 | } 22 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/runtime/bootstrap_shade_rules: -------------------------------------------------------------------------------- 1 | rule com.github.fmeum.rules_jni.** com.code_intelligence.jazzer.bootstrap.@0 2 | rule kotlin.** com.code_intelligence.jazzer.bootstrap.@0 3 | rule net.sf.jsqlparser.** com.code_intelligence.jazzer.bootstrap.@0 4 | rule org.objectweb.asm.** com.code_intelligence.jazzer.bootstrap.@0 5 | -------------------------------------------------------------------------------- /src/main/java/com/code_intelligence/jazzer/runtime/verify_shading.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | # 3 | # Copyright 2024 Code Intelligence GmbH 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | [ -f "$1" ] || exit 1 19 | JAR="$2/bin/jar" 20 | [ -e "$JAR" ] || exit 1 21 | # List all files in the jar and exclude an allowed list of files. 22 | # Since grep fails if there is no match, ! ... | grep ... fails if there is a 23 | # match. 24 | ! "$JAR" tf "$1" | \ 25 | grep -v \ 26 | -e '^com/$' \ 27 | -e '^com/code_intelligence/$' \ 28 | -e '^com/code_intelligence/jazzer/' \ 29 | -e '^jaz/' \ 30 | -e '^META-INF/$' \ 31 | -e '^META-INF/MANIFEST.MF$' 32 | -------------------------------------------------------------------------------- /src/main/java/jaz/BUILD.bazel: -------------------------------------------------------------------------------- 1 | filegroup( 2 | name = "jaz", 3 | srcs = [ 4 | "Ter.java", 5 | "Zer.java", 6 | ], 7 | visibility = ["//src/main/java/com/code_intelligence/jazzer/api:__pkg__"], 8 | ) 9 | -------------------------------------------------------------------------------- /src/main/java/jaz/Ter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package jaz; 18 | 19 | /** 20 | * A safe to use companion of {@link jaz.Zer} that is used to produce serializable instances of it 21 | * with only light patching. 22 | */ 23 | @SuppressWarnings("unused") 24 | public class Ter implements java.io.Serializable { 25 | static final long serialVersionUID = 42L; 26 | 27 | public static final byte REFLECTIVE_CALL_SANITIZER_ID = 0; 28 | public static final byte DESERIALIZATION_SANITIZER_ID = 1; 29 | public static final byte EXPRESSION_LANGUAGE_SANITIZER_ID = 2; 30 | 31 | private byte sanitizer = REFLECTIVE_CALL_SANITIZER_ID; 32 | 33 | public Ter() {} 34 | 35 | public Ter(byte sanitizer) { 36 | this.sanitizer = sanitizer; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /src/main/native/com/code_intelligence/jazzer/android/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("//bazel:compat.bzl", "ANDROID_ONLY") 2 | load("@rules_jni//jni:defs.bzl", "cc_jni_library") 3 | load("@bazel_skylib//rules:copy_file.bzl", "copy_file") 4 | 5 | copy_file( 6 | name = "jvmti_h_encoded", 7 | src = "@android_jvmti//file", 8 | out = "jvmti.encoded", 9 | is_executable = False, 10 | tags = ["manual"], 11 | target_compatible_with = ANDROID_ONLY, 12 | ) 13 | 14 | genrule( 15 | name = "jvmti_h", 16 | srcs = [ 17 | "jvmti.encoded", 18 | ], 19 | outs = ["jvmti.h"], 20 | cmd = "cat $< | base64 --decode > $(OUTS)", 21 | tags = ["manual"], 22 | target_compatible_with = ANDROID_ONLY, 23 | ) 24 | 25 | cc_jni_library( 26 | name = "android_native_agent", 27 | srcs = [ 28 | "dex_file_manager.cpp", 29 | "dex_file_manager.h", 30 | "jazzer_jvmti_allocator.h", 31 | "native_agent.cpp", 32 | ":jvmti_h", 33 | ], 34 | includes = [ 35 | ".", 36 | ], 37 | linkopts = [ 38 | "-lz", 39 | ], 40 | tags = ["manual"], 41 | target_compatible_with = ANDROID_ONLY, 42 | visibility = ["//visibility:public"], 43 | deps = [ 44 | "@abseil-cpp//absl/strings", 45 | "@jazzer_slicer", 46 | ], 47 | ) 48 | -------------------------------------------------------------------------------- /src/main/native/com/code_intelligence/jazzer/driver/fuzz_target_runner.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Code Intelligence GmbH 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #pragma once 16 | 17 | namespace jazzer { 18 | /* 19 | * Print the stack traces of all active JVM threads. 20 | * 21 | * This function can be called from any thread. 22 | */ 23 | void DumpJvmStackTraces(); 24 | } // namespace jazzer 25 | -------------------------------------------------------------------------------- /src/main/native/com/code_intelligence/jazzer/driver/mutator.cpp: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Code Intelligence GmbH 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include 16 | #include 17 | 18 | #include "com_code_intelligence_jazzer_runtime_Mutator.h" 19 | 20 | extern "C" size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize); 21 | 22 | [[maybe_unused]] jint 23 | Java_com_code_1intelligence_jazzer_runtime_Mutator_defaultMutateNative( 24 | JNIEnv *env, jclass, jbyteArray jni_data, jint size) { 25 | jint maxSize = env->GetArrayLength(jni_data); 26 | uint8_t *data = 27 | static_cast(env->GetPrimitiveArrayCritical(jni_data, nullptr)); 28 | jint res = LLVMFuzzerMutate(data, size, maxSize); 29 | env->ReleasePrimitiveArrayCritical(jni_data, data, 0); 30 | return res; 31 | } 32 | -------------------------------------------------------------------------------- /src/main/native/com/code_intelligence/jazzer/driver/sanitizer_symbols.cpp: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Code Intelligence GmbH 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Suppress libFuzzer warnings about missing sanitizer methods in non-sanitizer 16 | // builds. 17 | extern "C" [[maybe_unused]] int __sanitizer_acquire_crash_state() { return 1; } 18 | 19 | namespace jazzer { 20 | void DumpJvmStackTraces(); 21 | } 22 | 23 | // Dump a JVM stack trace on timeouts. 24 | extern "C" [[maybe_unused]] void __sanitizer_print_stack_trace() { 25 | jazzer::DumpJvmStackTraces(); 26 | } 27 | -------------------------------------------------------------------------------- /src/main/resources/BUILD.bazel: -------------------------------------------------------------------------------- 1 | filegroup( 2 | name = "jazzer_test_engine_service", 3 | srcs = ["META-INF/services/org.junit.platform.engine.TestEngine"], 4 | visibility = ["//visibility:public"], 5 | ) 6 | -------------------------------------------------------------------------------- /src/main/resources/META-INF/services/org.junit.platform.engine.TestEngine: -------------------------------------------------------------------------------- 1 | com.code_intelligence.jazzer.junit.JazzerTestEngine -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@contrib_rules_jvm//java:defs.bzl", "JUNIT5_DEPS", "java_junit5_test") 2 | 3 | java_junit5_test( 4 | name = "JazzerTest", 5 | size = "small", 6 | srcs = glob(["JazzerTest.java"]), 7 | deps = JUNIT5_DEPS + [ 8 | # keep sorted 9 | "//src/main/java/com/code_intelligence/jazzer:jazzer_lib", 10 | "@maven//:com_google_truth_truth", 11 | "@maven//:org_junit_jupiter_junit_jupiter_api", 12 | ], 13 | ) 14 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/api/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_test( 2 | name = "AutofuzzTest", 3 | size = "small", 4 | srcs = [ 5 | "AutofuzzTest.java", 6 | ], 7 | env = { 8 | # Also consider implementing classes from com.code_intelligence.jazzer.*. 9 | "JAZZER_AUTOFUZZ_TESTING": "1", 10 | }, 11 | test_class = "com.code_intelligence.jazzer.api.AutofuzzTest", 12 | runtime_deps = [ 13 | "//src/main/java/com/code_intelligence/jazzer/autofuzz", 14 | # Needed for JazzerInternal. 15 | "//src/main/java/com/code_intelligence/jazzer/runtime", 16 | ], 17 | deps = [ 18 | "//src/main/java/com/code_intelligence/jazzer/api", 19 | "//src/main/native/com/code_intelligence/jazzer/driver:jazzer_driver", 20 | "@maven//:junit_junit", 21 | ], 22 | ) 23 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/autofuzz/testdata/BUILD.bazel: -------------------------------------------------------------------------------- 1 | java_library( 2 | name = "test_data", 3 | srcs = glob(["*.java"]), 4 | visibility = ["//visibility:public"], 5 | ) 6 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/instrumentor/AfterHooksTargetContract.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.instrumentor; 18 | 19 | /** 20 | * Helper interface used to call methods on instances of AfterHooksTarget classes loaded via 21 | * different class loaders. 22 | */ 23 | public interface AfterHooksTargetContract extends DynamicTestContract { 24 | void registerHasFunc1BeenCalled(); 25 | 26 | void verifyFirstSecret(String secret); 27 | 28 | void verifySecondSecret(String secret); 29 | 30 | void verifyThirdSecret(String secret); 31 | } 32 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/instrumentor/BeforeHooksTargetContract.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.instrumentor; 18 | 19 | /** 20 | * Helper interface used to call methods on instances of BeforeHooksTarget classes loaded via 21 | * different class loaders. 22 | */ 23 | public interface BeforeHooksTargetContract extends DynamicTestContract { 24 | void func1(); 25 | 26 | void setFuncWithArgsCalled(Boolean val); 27 | } 28 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/instrumentor/DynamicTestContract.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.instrumentor; 18 | 19 | import java.util.Map; 20 | 21 | public interface DynamicTestContract { 22 | Map selfCheck(); 23 | } 24 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/instrumentor/ReplaceHooksInit.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.instrumentor; 18 | 19 | public class ReplaceHooksInit { 20 | public boolean initialized; 21 | 22 | public ReplaceHooksInit() {} 23 | 24 | @SuppressWarnings("unused") 25 | public ReplaceHooksInit(boolean initialized, String ignored) { 26 | this.initialized = initialized; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/instrumentor/ReplaceHooksTargetContract.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.instrumentor; 18 | 19 | /** 20 | * Helper interface used to call methods on instances of ReplaceHooksTarget classes loaded via 21 | * different class loaders. 22 | */ 23 | public interface ReplaceHooksTargetContract extends DynamicTestContract { 24 | void pass(String test); 25 | } 26 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/junit/FuzzerDictionaryTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.code_intelligence.jazzer.junit; 18 | 19 | import static com.code_intelligence.jazzer.junit.FuzzerDictionary.escapeForDictionary; 20 | import static com.google.common.truth.Truth.assertThat; 21 | 22 | import org.junit.jupiter.api.Test; 23 | 24 | class FuzzerDictionaryTest { 25 | @Test 26 | void testEscapeForDictionary() { 27 | assertThat(escapeForDictionary("foo")).isEqualTo("\"foo\""); 28 | assertThat(escapeForDictionary("f\"o\\o\tbar")).isEqualTo("\"f\\\"o\\\\o\tbar\""); 29 | assertThat(escapeForDictionary("\u0012\u001A")).isEqualTo("\"\\x12\\x1A\""); 30 | assertThat(escapeForDictionary("✂\uD83D\uDCCB")) 31 | .isEqualTo("\"\\xE2\\x9C\\x82\\xF0\\x9F\\x93\\x8B\""); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/junit/test_resources_root/com/example/CorpusDirectoryFuzzTestInputs/corpusDirectoryFuzz/seed: -------------------------------------------------------------------------------- 1 | seed 2 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/junit/test_resources_root/com/example/DirectoryInputsFuzzTestInputs/inputsFuzz/seed: -------------------------------------------------------------------------------- 1 | directory -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/junit/test_resources_root/com/example/DirectoryInputsFuzzTestInputs/nested_dir/seed: -------------------------------------------------------------------------------- 1 | directory -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/mutation/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@contrib_rules_jvm//java:defs.bzl", "java_test_suite") 2 | 3 | java_test_suite( 4 | name = "MutationTests", 5 | size = "small", 6 | srcs = glob(["*Test.java"]), 7 | runner = "junit5", 8 | deps = [ 9 | "//src/main/java/com/code_intelligence/jazzer/mutation", 10 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 11 | "//src/main/java/com/code_intelligence/jazzer/mutation/api", 12 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator", 13 | "//src/test/java/com/code_intelligence/jazzer/mutation/support:test_support", 14 | ], 15 | ) 16 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/mutation/combinator/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@contrib_rules_jvm//java:defs.bzl", "java_test_suite") 2 | 3 | java_test_suite( 4 | name = "CompositeTests", 5 | size = "small", 6 | srcs = glob(["*.java"]), 7 | runner = "junit5", 8 | deps = [ 9 | "//src/main/java/com/code_intelligence/jazzer/mutation/api", 10 | "//src/main/java/com/code_intelligence/jazzer/mutation/combinator", 11 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 12 | "//src/test/java/com/code_intelligence/jazzer/mutation/support:test_support", 13 | ], 14 | ) 15 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/mutation/engine/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@contrib_rules_jvm//java:defs.bzl", "java_junit5_test", "java_test_suite") 2 | 3 | java_test_suite( 4 | name = "EngineTests", 5 | size = "small", 6 | srcs = [ 7 | "SeededPseudoRandomTest.java", 8 | ], 9 | runner = "junit5", 10 | deps = [ 11 | "//src/main/java/com/code_intelligence/jazzer/mutation/engine", 12 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 13 | "//src/test/java/com/code_intelligence/jazzer/mutation/support:test_support", 14 | ], 15 | ) 16 | 17 | java_junit5_test( 18 | name = "ChainedMutatorFactoryTest", 19 | srcs = ["ChainedMutatorFactoryTest.java"], 20 | test_class = "com.code_intelligence.jazzer.mutation.engine.ChainedMutatorFactoryTest", 21 | deps = [ 22 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 23 | "//src/main/java/com/code_intelligence/jazzer/mutation/api", 24 | "//src/main/java/com/code_intelligence/jazzer/mutation/engine", 25 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator", 26 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 27 | "//src/test/java/com/code_intelligence/jazzer/mutation/support:test_support", 28 | "//src/test/java/com/code_intelligence/jazzer/utils:test_utils", 29 | ], 30 | ) 31 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/mutation/mutator/collection/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@contrib_rules_jvm//java:defs.bzl", "java_test_suite") 2 | 3 | java_test_suite( 4 | name = "CollectionTests", 5 | size = "small", 6 | srcs = glob(["*.java"]), 7 | env = {"JAZZER_MOCK_LIBFUZZER_MUTATOR": "true"}, 8 | runner = "junit5", 9 | deps = [ 10 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 11 | "//src/main/java/com/code_intelligence/jazzer/mutation/api", 12 | "//src/main/java/com/code_intelligence/jazzer/mutation/engine", 13 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/collection", 14 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/lang", 15 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 16 | "//src/main/java/com/code_intelligence/jazzer/mutation/utils", 17 | "//src/test/java/com/code_intelligence/jazzer/mutation/support:test_support", 18 | ], 19 | ) 20 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/mutation/mutator/lang/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@contrib_rules_jvm//java:defs.bzl", "java_test_suite") 2 | 3 | java_test_suite( 4 | name = "PrimitiveTests", 5 | size = "small", 6 | srcs = glob(["*.java"]), 7 | env = {"JAZZER_MOCK_LIBFUZZER_MUTATOR": "true"}, 8 | runner = "junit5", 9 | deps = [ 10 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 11 | "//src/main/java/com/code_intelligence/jazzer/mutation/api", 12 | "//src/main/java/com/code_intelligence/jazzer/mutation/engine", 13 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/lang", 14 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/libfuzzer:libfuzzermutate", 15 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 16 | "//src/test/java/com/code_intelligence/jazzer/mutation/support:test_support", 17 | "@protobuf//java/core", 18 | ], 19 | ) 20 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/mutation/mutator/time/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@contrib_rules_jvm//java:defs.bzl", "java_test_suite") 2 | 3 | java_test_suite( 4 | name = "TimeTests", 5 | size = "small", 6 | srcs = glob(["*.java"]), 7 | env = {"JAZZER_MOCK_LIBFUZZER_MUTATOR": "true"}, 8 | runner = "junit5", 9 | deps = [ 10 | "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 11 | "//src/main/java/com/code_intelligence/jazzer/mutation/api", 12 | "//src/main/java/com/code_intelligence/jazzer/mutation/engine", 13 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/lang", 14 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/libfuzzer:libfuzzermutate", 15 | "//src/main/java/com/code_intelligence/jazzer/mutation/mutator/time", 16 | "//src/main/java/com/code_intelligence/jazzer/mutation/support", 17 | "//src/test/java/com/code_intelligence/jazzer/mutation/support:test_support", 18 | "@protobuf//java/core", 19 | ], 20 | ) 21 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/runtime/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("//bazel:compat.bzl", "SKIP_ON_WINDOWS") 2 | 3 | java_test( 4 | name = "TraceCmpHooksTest", 5 | srcs = [ 6 | "TraceCmpHooksTest.java", 7 | ], 8 | target_compatible_with = SKIP_ON_WINDOWS, 9 | deps = [ 10 | "//src/main/java/com/code_intelligence/jazzer/runtime", 11 | "//src/main/native/com/code_intelligence/jazzer/driver:jazzer_driver", 12 | "@maven//:junit_junit", 13 | ], 14 | ) 15 | -------------------------------------------------------------------------------- /src/test/java/com/code_intelligence/jazzer/utils/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("//bazel:compat.bzl", "SKIP_ON_WINDOWS") 2 | 3 | java_library( 4 | name = "test_utils", 5 | srcs = ["CapturedOutput.java"], 6 | visibility = ["//visibility:public"], 7 | deps = [ 8 | "//src/main/java/com/code_intelligence/jazzer/utils:log", 9 | ], 10 | ) 11 | -------------------------------------------------------------------------------- /tests/src/test/cc/complex_proto_fuzzer.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Code Intelligence GmbH 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "src/libfuzzer/libfuzzer_macro.h" 16 | #include "src/test/java/com/code_intelligence/jazzer/mutation/mutator/proto/proto2.pb.h" 17 | 18 | DEFINE_PROTO_FUZZER(const com::code_intelligence::jazzer::protobuf::TestProtobuf& proto) { 19 | if (proto.i32() == 1234 && proto.str() == "abcd") { 20 | abort(); 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /tests/src/test/data/crash_resistant_coverage_test/crashing_seeds/crash: -------------------------------------------------------------------------------- 1 | aaa -------------------------------------------------------------------------------- /tests/src/test/data/crash_resistant_coverage_test/crashing_seeds/empty_input: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeIntelligenceTesting/jazzer/efbc6354e412ce221ad3b18a6fdd32bf12241825/tests/src/test/data/crash_resistant_coverage_test/crashing_seeds/empty_input -------------------------------------------------------------------------------- /tests/src/test/data/crash_resistant_coverage_test/new_coverage_seeds/new_coverage: -------------------------------------------------------------------------------- 1 | aaaaaaaaaaaaaaaaa -------------------------------------------------------------------------------- /tests/src/test/data/fuzz_test_lister_test/org/example/FuzzTests.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeIntelligenceTesting/jazzer/efbc6354e412ce221ad3b18a6fdd32bf12241825/tests/src/test/data/fuzz_test_lister_test/org/example/FuzzTests.class -------------------------------------------------------------------------------- /tests/src/test/java/com/example/AutofuzzAssertionErrorTarget.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | public class AutofuzzAssertionErrorTarget { 20 | public static void autofuzz(byte[] b) { 21 | assert b == null || b.length <= 5 || b[3] != 7; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/AutofuzzCrashingSetterTarget.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | public class AutofuzzCrashingSetterTarget extends Thread { 20 | public void start(final byte[] out) {} 21 | } 22 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/AutofuzzIgnoreTarget.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | public class AutofuzzIgnoreTarget { 20 | @SuppressWarnings("unused") 21 | public void doStuff(String data) { 22 | if (data.isEmpty()) { 23 | throw new NullPointerException(); 24 | } 25 | if (data.length() < 10) { 26 | throw new IllegalArgumentException(); 27 | } 28 | throw new RuntimeException(); 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/AutofuzzInnerClassTarget.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow; 20 | 21 | @SuppressWarnings("unused") 22 | public class AutofuzzInnerClassTarget { 23 | public static class Middle { 24 | public static class Inner { 25 | public void test(int a, int b) { 26 | if (a == b) { 27 | throw new FuzzerSecurityIssueLow("Finished Autofuzz Target"); 28 | } 29 | } 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/BytesMemoryLeakFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | public class BytesMemoryLeakFuzzer { 20 | public static void fuzzerTestOneInput(byte[] data) {} 21 | } 22 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/CrashResistantCoverageTarget.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import java.time.Instant; 20 | 21 | public class CrashResistantCoverageTarget { 22 | public static void fuzzerTestOneInput(byte[] data) { 23 | if (data.length < 10) { 24 | // Crash immediately on the empty and the first seed input so that we can verify that the 25 | // crash-resistant merge strategy actually works. 26 | throw new IllegalStateException("Crash"); 27 | } 28 | if (data.length < 100) { 29 | someFunction(); 30 | } 31 | } 32 | 33 | public static void someFunction() { 34 | // A non-trivial condition that always evaluates to true. 35 | if (Instant.now().getNano() >= 0) { 36 | System.out.println("Hello, world!"); 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/InitializationErrorTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.junit.FuzzTest; 20 | 21 | public class InitializationErrorTest { 22 | 23 | static { 24 | sneakyThrow(); 25 | } 26 | 27 | private static void sneakyThrow() { 28 | throw new IllegalArgumentException("Sneaky throw in static initializer"); 29 | } 30 | 31 | @FuzzTest 32 | public void fuzz(String ignored) { 33 | throw new IllegalStateException("This method should not be executed"); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/InvalidMutatorTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.junit.FuzzTest; 20 | import com.code_intelligence.jazzer.mutation.annotation.UrlSegment; 21 | 22 | public class InvalidMutatorTest { 23 | 24 | @FuzzTest 25 | public void invalidParameter(System ignored) { 26 | throw new IllegalStateException("This method should not be executed"); 27 | } 28 | 29 | @FuzzTest 30 | public void invalidAnnotation(@UrlSegment Integer ignored) { 31 | throw new IllegalStateException("This method should not be executed"); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/JUnitAssertFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import static org.junit.jupiter.api.Assertions.assertNotEquals; 20 | 21 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 22 | 23 | public class JUnitAssertFuzzer { 24 | public static void fuzzerTestOneInput(FuzzedDataProvider data) { 25 | assertNotEquals("JUnit rocks!", data.consumeRemainingAsString()); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/JUnitReproducerTest.seed: -------------------------------------------------------------------------------- 1 | Hello, Jazzer! 2 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/JUnitSsrfAllowConnectionsBeforeFuzzingFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | import com.code_intelligence.jazzer.junit.FuzzTest; 21 | import java.io.IOException; 22 | import java.net.Socket; 23 | import org.junit.jupiter.api.BeforeAll; 24 | 25 | public class JUnitSsrfAllowConnectionsBeforeFuzzingFuzzer { 26 | // Before the fuzzer is started, we allow network connections. 27 | @BeforeAll 28 | static void connect() { 29 | try (Socket s = new Socket("localhost", 62351)) { 30 | s.getInetAddress(); 31 | } catch (IOException ignored) { 32 | } 33 | } 34 | 35 | @FuzzTest 36 | void fuzzTest(FuzzedDataProvider data) throws Exception {} 37 | } 38 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/JUnitSsrfAllowListFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.BugDetectors; 20 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 21 | import com.code_intelligence.jazzer.junit.FuzzTest; 22 | import java.net.ConnectException; 23 | import java.net.Socket; 24 | 25 | public class JUnitSsrfAllowListFuzzer { 26 | 27 | @FuzzTest 28 | void fuzzTest(FuzzedDataProvider data) throws Exception { 29 | BugDetectors.allowNetworkConnections( 30 | (host, port) -> host.equals("localhost") && port.equals(62351)); 31 | try (Socket s = new Socket("localhost", 62351)) { 32 | s.getInetAddress(); 33 | } catch (ConnectException ignored) { 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/JUnitSsrfFindingFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | import com.code_intelligence.jazzer.junit.FuzzTest; 21 | import java.net.ConnectException; 22 | import java.net.Socket; 23 | 24 | public class JUnitSsrfFindingFuzzer { 25 | @FuzzTest 26 | void fuzzTest(FuzzedDataProvider data) throws Exception { 27 | try (Socket s = new Socket("localhost", 62351)) { 28 | s.getInetAddress(); 29 | } catch (ConnectException ignored) { 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/JazzerApiFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow; 21 | import com.code_intelligence.jazzer.api.Jazzer; 22 | 23 | public class JazzerApiFuzzer { 24 | public static void fuzzerTestOneInput(FuzzedDataProvider data) { 25 | Jazzer.exploreState(data.consumeByte(), 1); 26 | Jazzer.guideTowardsEquality(data.consumeString(10), data.pickValue(new String[] {"foo"}), 1); 27 | Jazzer.guideTowardsEquality(data.consumeBytes(10), new byte[] {}, 2); 28 | Jazzer.guideTowardsContainment(data.consumeAsciiString(10), "bar", 2); 29 | throw new FuzzerSecurityIssueLow("Jazzer API calls succeed"); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/KotlinStringCompareFuzzer.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example 18 | 19 | import java.io.IOException 20 | import kotlin.io.encoding.Base64 21 | import kotlin.io.encoding.ExperimentalEncodingApi 22 | 23 | object KotlinStringCompareFuzzer { 24 | @JvmStatic 25 | @OptIn(ExperimentalEncodingApi::class) 26 | fun fuzzerTestOneInput(data: ByteArray) { 27 | val text = Base64.encode(data) 28 | if (text.startsWith("aGVsbG8K") && 29 | // hello 30 | text.endsWith("d29ybGQK") // world 31 | ) { 32 | throw IOException("Found the secret message!") 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/KotlinVararg.kt: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example 18 | 19 | class KotlinVararg( 20 | vararg opts: String, 21 | ) { 22 | private val allOpts = opts.toList().joinToString(", ") 23 | 24 | fun doStuff() = allOpts 25 | } 26 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/KotlinVarargFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | import java.io.IOException; 21 | 22 | public class KotlinVarargFuzzer { 23 | public static void fuzzerTestOneInput(FuzzedDataProvider data) throws IOException { 24 | String out = new KotlinVararg(data.consumeRemainingAsString().split("; ")).doStuff(); 25 | if (out.contains("a, a")) { 26 | throw new IOException(out); 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/LocalDateTimeFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow; 20 | import com.code_intelligence.jazzer.junit.FuzzTest; 21 | import java.time.LocalDateTime; 22 | 23 | public class LocalDateTimeFuzzer { 24 | @FuzzTest 25 | void localDateTimeFuzzTest(LocalDateTime localDateTime) { 26 | if (localDateTime == null) { 27 | return; 28 | } 29 | LocalDateTime targetDate = LocalDateTime.of(2024, 5, 30, 23, 59); 30 | if (targetDate.getDayOfYear() == localDateTime.getDayOfYear()) { 31 | throw new FuzzerSecurityIssueLow("LocalDateTime mutator works!"); 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/LongStringFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow; 20 | 21 | /** 22 | * Provoke a finding with huge captured data to verify that the generated crash reproducer is still 23 | * compilable. This test uses a huge, predefined corpus to speed up finding the issue. 24 | * 25 | *

Reproduces issue #269 (...) 27 | */ 28 | public class LongStringFuzzer { 29 | public static void fuzzerTestOneInput(byte[] data) { 30 | if (data.length > 1024 * 64) { 31 | throw new FuzzerSecurityIssueLow("String too long exception"); 32 | } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/MapFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium; 20 | import com.code_intelligence.jazzer.mutation.annotation.NotNull; 21 | import java.util.Map; 22 | 23 | public class MapFuzzer { 24 | public static void fuzzerTestOneInput(@NotNull Map<@NotNull String, @NotNull String> map) { 25 | if (map.getOrDefault("some_key", "").startsWith("prefix")) { 26 | if (map.containsKey("other_key")) { 27 | throw new FuzzerSecurityIssueMedium(); 28 | } 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/MemoryLeakFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow; 21 | 22 | public class MemoryLeakFuzzer { 23 | public static void fuzzerTestOneInput(FuzzedDataProvider data) { 24 | throw new FuzzerSecurityIssueLow(); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/MutatorComplexProtoFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium; 20 | import com.code_intelligence.jazzer.mutation.annotation.NotNull; 21 | import com.code_intelligence.jazzer.protobuf.Proto2.TestProtobuf; 22 | 23 | public class MutatorComplexProtoFuzzer { 24 | public static void fuzzerTestOneInput(@NotNull TestProtobuf proto) { 25 | if (proto.getI32() == 1234 && proto.getStr().equals("abcd")) { 26 | throw new FuzzerSecurityIssueMedium("Secret proto is found!"); 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/MutatorFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium; 20 | import com.code_intelligence.jazzer.mutation.annotation.InRange; 21 | import com.code_intelligence.jazzer.mutation.annotation.NotNull; 22 | 23 | public class MutatorFuzzer { 24 | public static void fuzzerTestOneInput( 25 | @InRange(max = -42) short num, @NotNull SimpleProto.MyProto proto) { 26 | if (num > -42) { 27 | throw new IllegalArgumentException(); 28 | } 29 | 30 | if (proto.getNumber() == 12345678) { 31 | if (proto.getMessage().getText().contains("Hello, proto!")) { 32 | throw new FuzzerSecurityIssueMedium("Dangerous proto"); 33 | } 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/NoCoverageFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | public class NoCoverageFuzzer { 20 | public static void fuzzerTestOneInput(byte[] data) {} 21 | } 22 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/NoSeedFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.Jazzer; 20 | 21 | public class NoSeedFuzzer { 22 | public static void fuzzerInitialize() { 23 | // Verify that the seed was randomly generated and not taken to be the fixed 24 | // one set in FuzzTargetTestWrapper. This has a 1 / INT_MAX chance to be 25 | // flaky, which is acceptable. 26 | if (Jazzer.SEED == (int) 2735196724L) { 27 | System.err.println( 28 | "Jazzer.SEED should not equal the fixed seed set in FuzzTargetTestWrapper"); 29 | System.exit(1); 30 | } 31 | } 32 | 33 | public static void fuzzerTestOneInput(byte[] data) {} 34 | } 35 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/ObjectEqualsIntegerFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow; 21 | import com.code_intelligence.jazzer.junit.FuzzTest; 22 | import java.util.Objects; 23 | 24 | public class ObjectEqualsIntegerFuzzer { 25 | @FuzzTest 26 | void objectEqualsInteger(FuzzedDataProvider fdp) { 27 | int integer = fdp.consumeInt(); 28 | if (Objects.equals(integer, 4711)) { 29 | throw new FuzzerSecurityIssueLow("ObjectsEqualsFuzzer works!"); 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/ObjectEqualsStringFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow; 20 | import com.code_intelligence.jazzer.junit.FuzzTest; 21 | import java.util.Objects; 22 | 23 | public class ObjectEqualsStringFuzzer { 24 | @FuzzTest 25 | void objectEqualsString(byte[] input) { 26 | String stringInput = new String(input); 27 | if (Objects.equals(stringInput, "ObjectsEqualsFuzzer")) { 28 | throw new FuzzerSecurityIssueLow("ObjectsEqualsFuzzer works!"); 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/OfflineInstrumentedFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | public class OfflineInstrumentedFuzzer { 20 | public static void fuzzerTestOneInput(byte[] data) { 21 | OfflineInstrumentedTarget.someFunction(data); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/OfflineInstrumentedTarget.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | public class OfflineInstrumentedTarget { 20 | public static void someFunction(byte[] data) { 21 | if (new String(data).equals("found it")) { 22 | throw new IllegalStateException("Expected exception"); 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/PrimitiveTypeCompareHookFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzedDataProvider; 20 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueCritical; 21 | 22 | /* 23 | * Regression test for https://github.com/CodeIntelligenceTesting/jazzer/issues/790. 24 | */ 25 | public class PrimitiveTypeCompareHookFuzzer { 26 | public static void fuzzerTestOneInput(FuzzedDataProvider data) { 27 | Byte.compare(data.consumeByte(), (byte) 127); 28 | Short.compare(data.consumeShort(), (short) 4096); 29 | throw new FuzzerSecurityIssueCritical(); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/RegressionModeTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow; 20 | import com.code_intelligence.jazzer.junit.FuzzTest; 21 | 22 | public class RegressionModeTest { 23 | 24 | private static int count = 0; 25 | 26 | @FuzzTest 27 | void fuzzTest(String ignored) { 28 | if (count++ > 0) { 29 | throw new FuzzerSecurityIssueLow("Should not be reached in regression mode"); 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/SeedFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow; 20 | import com.code_intelligence.jazzer.api.Jazzer; 21 | 22 | public class SeedFuzzer { 23 | public static void fuzzerInitialize() { 24 | if (Jazzer.SEED != 1234567) { 25 | throw new FuzzerSecurityIssueLow("Expected Jazzer.SEED to be 1234567, got " + Jazzer.SEED); 26 | } 27 | } 28 | 29 | public static void fuzzerTestOneInput(byte[] data) {} 30 | } 31 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/StringCompareFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow; 20 | import java.util.Base64; 21 | 22 | public class StringCompareFuzzer { 23 | public static void fuzzerTestOneInput(byte[] data) { 24 | String text = Base64.getEncoder().encodeToString(data); 25 | if (text.startsWith("aGVsbG8K") // hello 26 | && text.endsWith("d29ybGQK") // world 27 | ) { 28 | throw new FuzzerSecurityIssueLow("Found the secret message!"); 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/SwitchCoverageHelper.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | public class SwitchCoverageHelper { 20 | int covered = 0; 21 | final int cases; 22 | static boolean[] casesVisited; 23 | 24 | public SwitchCoverageHelper(int cases) { 25 | this.cases = cases; 26 | casesVisited = new boolean[cases]; 27 | } 28 | 29 | public void coverCase(int caze) { 30 | if (caze < 0 || caze >= cases) { 31 | throw new IllegalArgumentException("Invalid case"); 32 | } 33 | if (casesVisited[caze]) { 34 | return; 35 | } 36 | casesVisited[caze] = true; 37 | covered++; 38 | } 39 | 40 | public boolean allBranchesCovered() { 41 | return covered == cases; 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/TestMethodInManifestFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | import com.code_intelligence.jazzer.api.FuzzerSecurityIssueCritical; 20 | import com.code_intelligence.jazzer.junit.FuzzTest; 21 | import org.junit.jupiter.api.MethodOrderer; 22 | import org.junit.jupiter.api.Order; 23 | import org.junit.jupiter.api.TestMethodOrder; 24 | 25 | @TestMethodOrder(MethodOrderer.OrderAnnotation.class) 26 | class TestMethodInManifestFuzzer { 27 | @Order(0) 28 | @FuzzTest 29 | void notThisFuzzTest(byte[] bytes) {} 30 | 31 | @Order(1) 32 | @FuzzTest 33 | void thisFuzzTest(byte[] bytes) { 34 | throw new FuzzerSecurityIssueCritical(); 35 | } 36 | 37 | @Order(2) 38 | @FuzzTest 39 | void alsoNotThisFuzzTest(byte[] bytes) {} 40 | } 41 | -------------------------------------------------------------------------------- /tests/src/test/java/com/example/TimeoutFuzzer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Code Intelligence GmbH 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package com.example; 18 | 19 | public class TimeoutFuzzer { 20 | public static void fuzzerTestOneInput(byte[] b) { 21 | while (true) {} 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /tests/src/test/native/com/example/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@rules_jni//jni:defs.bzl", "cc_jni_library") 2 | load("//bazel:compat.bzl", "SKIP_ON_WINDOWS") 3 | 4 | cc_jni_library( 5 | name = "native_value_profile_fuzzer", 6 | srcs = ["native_value_profile_fuzzer.cpp"], 7 | copts = [ 8 | "-fsanitize=fuzzer-no-link", 9 | ], 10 | linkopts = [ 11 | "-fsanitize=fuzzer-no-link", 12 | ], 13 | target_compatible_with = SKIP_ON_WINDOWS, 14 | visibility = ["//tests:__pkg__"], 15 | deps = ["//tests:native_value_profile_fuzzer.hdrs"], 16 | ) 17 | -------------------------------------------------------------------------------- /tests/src/test/proto/BUILD.bazel: -------------------------------------------------------------------------------- 1 | proto_library( 2 | name = "simple_proto", 3 | srcs = ["simple_proto.proto"], 4 | ) 5 | 6 | java_proto_library( 7 | name = "simple_java_proto", 8 | visibility = ["//tests:__pkg__"], 9 | deps = [":simple_proto"], 10 | ) 11 | -------------------------------------------------------------------------------- /tests/src/test/proto/simple_proto.proto: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2024 Code Intelligence GmbH 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | syntax = "proto3"; 18 | 19 | package com.example; 20 | 21 | option java_package = "com.example"; 22 | 23 | message MyProto { 24 | uint64 number = 1; 25 | MySubProto message = 2; 26 | } 27 | 28 | message MySubProto { 29 | string text = 1; 30 | } 31 | 32 | -------------------------------------------------------------------------------- /third_party/BUILD.bazel: -------------------------------------------------------------------------------- 1 | exports_files(["jacoco_internal.jarjar"]) 2 | -------------------------------------------------------------------------------- /third_party/android/BUILD: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeIntelligenceTesting/jazzer/efbc6354e412ce221ad3b18a6fdd32bf12241825/third_party/android/BUILD -------------------------------------------------------------------------------- /third_party/jacoco-ignore-offline-instrumentation.patch: -------------------------------------------------------------------------------- 1 | diff --git org.jacoco.core/src/org/jacoco/core/internal/instr/InstrSupport.java org.jacoco.core/src/org/jacoco/core/internal/instr/InstrSupport.java 2 | index b8333a2f..1c728638 100644 3 | --- org.jacoco.core/src/org/jacoco/core/internal/instr/InstrSupport.java 4 | +++ org.jacoco.core/src/org/jacoco/core/internal/instr/InstrSupport.java 5 | @@ -234,11 +234,6 @@ public final class InstrSupport { 6 | */ 7 | public static void assertNotInstrumented(final String member, 8 | final String owner) throws IllegalStateException { 9 | - if (member.equals(DATAFIELD_NAME) || member.equals(INITMETHOD_NAME)) { 10 | - throw new IllegalStateException(format( 11 | - "Cannot process instrumented class %s. Please supply original non-instrumented classes.", 12 | - owner)); 13 | - } 14 | } 15 | 16 | /** 17 | -------------------------------------------------------------------------------- /third_party/jacoco_internal.BUILD: -------------------------------------------------------------------------------- 1 | load("@bazel_jar_jar//:jar_jar.bzl", "jar_jar") 2 | 3 | java_import( 4 | name = "jacoco_internal", 5 | jars = ["jacoco_internal_shaded.jar"], 6 | visibility = ["//visibility:public"], 7 | deps = [ 8 | "@maven//:org_ow2_asm_asm", 9 | "@maven//:org_ow2_asm_asm_commons", 10 | "@maven//:org_ow2_asm_asm_tree", 11 | ], 12 | ) 13 | 14 | jar_jar( 15 | name = "jacoco_internal_shaded", 16 | input_jar = "libjacoco_internal_unshaded.jar", 17 | rules = "@jazzer//third_party:jacoco_internal.jarjar", 18 | ) 19 | 20 | java_library( 21 | name = "jacoco_internal_unshaded", 22 | srcs = glob([ 23 | "org.jacoco.core/src/org/jacoco/core/**/*.java", 24 | ]), 25 | javacopts = [ 26 | "-Xep:EqualsHashCode:OFF", 27 | "-Xep:ReturnValueIgnored:OFF", 28 | ], 29 | resources = glob([ 30 | "org.jacoco.core/src/org/jacoco/core/**/*.properties", 31 | ]), 32 | deps = [ 33 | "@maven//:org_ow2_asm_asm", 34 | "@maven//:org_ow2_asm_asm_commons", 35 | "@maven//:org_ow2_asm_asm_tree", 36 | ], 37 | ) 38 | -------------------------------------------------------------------------------- /third_party/jacoco_internal.jarjar: -------------------------------------------------------------------------------- 1 | rule org.jacoco.** com.code_intelligence.jazzer.third_party.@0 2 | -------------------------------------------------------------------------------- /third_party/protobuf-disable-layering_check.patch: -------------------------------------------------------------------------------- 1 | From f4444a81218ede5eb58306bd57eaefb5d9ffd9e2 Mon Sep 17 00:00:00 2001 2 | From: Fabian Meumertzheim 3 | Date: Mon, 8 Jan 2024 13:30:32 +0100 4 | Subject: [PATCH] Disable unsupported `layering_check` Bazel feature 5 | 6 | This allows downstream projects to use `layering_check` without having 7 | to patch Protobuf to disable the feature for the repository. 8 | --- 9 | REPO.bazel | 11 +++++++++++ 10 | 1 file changed, 11 insertions(+) 11 | create mode 100644 REPO.bazel 12 | 13 | diff --git a/REPO.bazel b/REPO.bazel 14 | new file mode 100644 15 | index 00000000000..a537ac745fa 16 | --- /dev/null 17 | +++ b/REPO.bazel 18 | @@ -0,0 +1,11 @@ 19 | +# This file is read by Bazel 7 and newer, both if Protobuf is the main 20 | +# repository and if it is an external repository. 21 | +repo( 22 | + features = [ 23 | + # Protobuf cc_* targets do not specify all dependencies from which they 24 | + # include headers. This causes builds of downstream projects with 25 | + # --feature=layering_check to fail, which can be avoided by disabling 26 | + # the feature for the entire repository. 27 | + "-layering_check", 28 | + ], 29 | +) 30 | -------------------------------------------------------------------------------- /third_party/slicer.BUILD: -------------------------------------------------------------------------------- 1 | cc_library( 2 | name = "jazzer_slicer", 3 | srcs = [ 4 | "slicer/bytecode_encoder.cc", 5 | "slicer/code_ir.cc", 6 | "slicer/common.cc", 7 | "slicer/control_flow_graph.cc", 8 | "slicer/debuginfo_encoder.cc", 9 | "slicer/dex_bytecode.cc", 10 | "slicer/dex_format.cc", 11 | "slicer/dex_ir.cc", 12 | "slicer/dex_ir_builder.cc", 13 | "slicer/dex_utf8.cc", 14 | "slicer/instrumentation.cc", 15 | "slicer/reader.cc", 16 | "slicer/tryblocks_encoder.cc", 17 | "slicer/writer.cc", 18 | ], 19 | hdrs = glob(["slicer/export/slicer/*.h"]), 20 | copts = [ 21 | "-Wall", 22 | "-Wno-sign-compare", 23 | "-Wno-unused-parameter", 24 | "-Wno-shift-count-overflow", 25 | "-Wno-missing-braces", 26 | ], 27 | includes = ["slicer/export"], 28 | visibility = [ 29 | "//visibility:public", 30 | ], 31 | ) 32 | --------------------------------------------------------------------------------