aboutsummaryrefslogtreecommitdiff
path: root/tests/BUILD.bazel
diff options
context:
space:
mode:
Diffstat (limited to 'tests/BUILD.bazel')
-rw-r--r--tests/BUILD.bazel259
1 files changed, 259 insertions, 0 deletions
diff --git a/tests/BUILD.bazel b/tests/BUILD.bazel
new file mode 100644
index 00000000..cbc77434
--- /dev/null
+++ b/tests/BUILD.bazel
@@ -0,0 +1,259 @@
+load("@fmeum_rules_jni//jni:defs.bzl", "java_jni_library")
+load("//bazel:compat.bzl", "SKIP_ON_MACOS", "SKIP_ON_WINDOWS")
+load("//bazel:fuzz_target.bzl", "java_fuzz_target_test")
+
+java_fuzz_target_test(
+ name = "LongStringFuzzer",
+ srcs = [
+ "src/test/java/com/example/LongStringFuzzer.java",
+ ],
+ data = ["src/test/java/com/example/LongStringFuzzerInput"],
+ expected_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"],
+ fuzzer_args = [
+ "$(rootpath src/test/java/com/example/LongStringFuzzerInput)",
+ ],
+ target_class = "com.example.LongStringFuzzer",
+ verify_crash_input = False,
+)
+
+java_fuzz_target_test(
+ name = "JpegImageParserAutofuzz",
+ expected_findings = ["java.lang.NegativeArraySizeException"],
+ fuzzer_args = [
+ "--autofuzz=org.apache.commons.imaging.formats.jpeg.JpegImageParser::getBufferedImage",
+ # Exit after the first finding for testing purposes.
+ "--keep_going=1",
+ "--autofuzz_ignore=java.lang.NullPointerException",
+ ],
+ runtime_deps = [
+ "@maven//:org_apache_commons_commons_imaging",
+ ],
+)
+
+java_fuzz_target_test(
+ name = "HookDependenciesFuzzer",
+ srcs = ["src/test/java/com/example/HookDependenciesFuzzer.java"],
+ env = {"JAVA_OPTS": "-Xverify:all"},
+ hook_classes = ["com.example.HookDependenciesFuzzer"],
+ target_class = "com.example.HookDependenciesFuzzer",
+)
+
+java_fuzz_target_test(
+ name = "AutofuzzWithoutCoverage",
+ expected_findings = ["java.lang.NullPointerException"],
+ fuzzer_args = [
+ # Autofuzz a method that triggers no coverage instrumentation (the Java standard library is
+ # excluded by default).
+ "--autofuzz=java.util.regex.Pattern::compile",
+ "--keep_going=1",
+ ],
+)
+
+java_fuzz_target_test(
+ name = "AutofuzzHookDependencies",
+ # The reproducer does not include the hook on OOM and thus throws a regular error.
+ expected_findings = ["java.lang.OutOfMemoryError"],
+ fuzzer_args = [
+ "--instrumentation_includes=java.util.regex.**",
+ "--autofuzz=java.util.regex.Pattern::compile",
+ "--autofuzz_ignore=java.lang.Exception",
+ "--keep_going=1",
+ ],
+ # FIXME(fabian): Regularly times out on Windows with 0 exec/s for minutes.
+ target_compatible_with = SKIP_ON_WINDOWS,
+)
+
+java_fuzz_target_test(
+ name = "ForkModeFuzzer",
+ size = "enormous",
+ srcs = [
+ "src/test/java/com/example/ForkModeFuzzer.java",
+ ],
+ env = {
+ "JAVA_OPTS": "-Dfoo=not_foo -Djava_opts=1",
+ },
+ expected_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"],
+ fuzzer_args = [
+ "-fork=2",
+ "--additional_jvm_args=-Dbaz=baz",
+ ] + select({
+ # \\\\ becomes \\ when evaluated as a Starlark string literal, then \ in
+ # java_fuzz_target_test.
+ "@platforms//os:windows": ["--jvm_args=-Dfoo=foo;-Dbar=b\\\\;ar"],
+ "//conditions:default": ["--jvm_args=-Dfoo=foo:-Dbar=b\\\\:ar"],
+ }),
+ # Consumes more resources than can be expressed via the size attribute.
+ tags = ["exclusive-if-local"],
+ target_class = "com.example.ForkModeFuzzer",
+ # The exit codes of the forked libFuzzer processes are not picked up correctly.
+ target_compatible_with = SKIP_ON_MACOS,
+)
+
+java_fuzz_target_test(
+ name = "CoverageFuzzer",
+ srcs = [
+ "src/test/java/com/example/CoverageFuzzer.java",
+ ],
+ env = {
+ "COVERAGE_REPORT_FILE": "coverage.txt",
+ "COVERAGE_DUMP_FILE": "coverage.exec",
+ },
+ fuzzer_args = [
+ "-use_value_profile=1",
+ "--coverage_report=coverage.txt",
+ "--coverage_dump=coverage.exec",
+ "--instrumentation_includes=com.example.**",
+ ],
+ target_class = "com.example.CoverageFuzzer",
+ verify_crash_input = False,
+ verify_crash_reproducer = False,
+ deps = [
+ "@jazzer_jacoco//:jacoco_internal",
+ ],
+)
+
+java_library(
+ name = "autofuzz_inner_class_target",
+ srcs = ["src/test/java/com/example/AutofuzzInnerClassTarget.java"],
+ deps = [
+ "//agent:jazzer_api_compile_only",
+ ],
+)
+
+java_fuzz_target_test(
+ name = "AutofuzzInnerClassFuzzer",
+ expected_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"],
+ fuzzer_args = [
+ "--autofuzz=com.example.AutofuzzInnerClassTarget.Middle.Inner::test",
+ "--keep_going=1",
+ ],
+ runtime_deps = [
+ ":autofuzz_inner_class_target",
+ ],
+)
+
+# Regression test for https://github.com/CodeIntelligenceTesting/jazzer/issues/405.
+java_fuzz_target_test(
+ name = "MemoryLeakFuzzer",
+ timeout = "short",
+ srcs = ["src/test/java/com/example/MemoryLeakFuzzer.java"],
+ env = {
+ "JAVA_OPTS": "-Xmx800m",
+ },
+ expect_crash = False,
+ fuzzer_args = [
+ # Before the bug was fixed, either the GC overhead limit or the overall heap limit was
+ # reached by this target in this number of runs.
+ "-runs=1000000",
+ # Skip over the first and only exception to keep the fuzzer running until it hits the runs
+ # limit.
+ "--keep_going=2",
+ ],
+ target_class = "com.example.MemoryLeakFuzzer",
+)
+
+JAZZER_API_TEST_CASES = {
+ "default": [],
+ "nohooks": ["--nohooks"],
+}
+
+[
+ java_fuzz_target_test(
+ name = "JazzerApiFuzzer_" + case,
+ srcs = ["src/test/java/com/example/JazzerApiFuzzer.java"],
+ expected_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"],
+ fuzzer_args = args,
+ target_class = "com.example.JazzerApiFuzzer",
+ )
+ for case, args in JAZZER_API_TEST_CASES.items()
+]
+
+java_fuzz_target_test(
+ name = "DisabledHooksFuzzer",
+ timeout = "short",
+ srcs = ["src/test/java/com/example/DisabledHooksFuzzer.java"],
+ expect_crash = False,
+ fuzzer_args = [
+ "-runs=0",
+ "--custom_hooks=com.example.DisabledHook",
+ ] + select({
+ "@platforms//os:windows": ["--disabled_hooks=com.example.DisabledHook;com.code_intelligence.jazzer.sanitizers.RegexInjection"],
+ "//conditions:default": ["--disabled_hooks=com.example.DisabledHook:com.code_intelligence.jazzer.sanitizers.RegexInjection"],
+ }),
+ target_class = "com.example.DisabledHooksFuzzer",
+)
+
+java_fuzz_target_test(
+ name = "BytesMemoryLeakFuzzer",
+ timeout = "short",
+ srcs = ["src/test/java/com/example/BytesMemoryLeakFuzzer.java"],
+ env = {
+ "JAVA_OPTS": "-Xmx200m",
+ },
+ expect_crash = False,
+ fuzzer_args = [
+ # Before the bug was fixed, either the GC overhead limit or the overall heap limit was
+ # reached by this target in this number of runs.
+ "-runs=10000000",
+ ],
+ target_class = "com.example.BytesMemoryLeakFuzzer",
+)
+
+# Verifies that Jazzer continues fuzzing when the first two executions did not result in any
+# coverage feedback.
+java_fuzz_target_test(
+ name = "NoCoverageFuzzer",
+ timeout = "short",
+ srcs = ["src/test/java/com/example/NoCoverageFuzzer.java"],
+ expect_crash = False,
+ fuzzer_args = [
+ "-runs=10",
+ "--instrumentation_excludes=**",
+ ],
+ target_class = "com.example.NoCoverageFuzzer",
+)
+
+java_fuzz_target_test(
+ name = "SeedFuzzer",
+ timeout = "short",
+ srcs = ["src/test/java/com/example/SeedFuzzer.java"],
+ expect_crash = False,
+ fuzzer_args = [
+ "-runs=0",
+ "-seed=1234567",
+ ],
+ target_class = "com.example.SeedFuzzer",
+)
+
+java_fuzz_target_test(
+ name = "NoSeedFuzzer",
+ timeout = "short",
+ srcs = ["src/test/java/com/example/NoSeedFuzzer.java"],
+ env = {
+ "JAZZER_NO_EXPLICIT_SEED": "1",
+ },
+ expect_crash = False,
+ fuzzer_args = [
+ "-runs=0",
+ ],
+ target_class = "com.example.NoSeedFuzzer",
+)
+
+java_jni_library(
+ name = "native_value_profile_fuzzer",
+ srcs = ["src/test/java/com/example/NativeValueProfileFuzzer.java"],
+ native_libs = ["//tests/src/test/native/com/example:native_value_profile_fuzzer"],
+ visibility = ["//tests/src/test/native/com/example:__pkg__"],
+ deps = ["//agent:jazzer_api_compile_only"],
+)
+
+java_fuzz_target_test(
+ name = "NativeValueProfileFuzzer",
+ expected_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"],
+ fuzzer_args = ["-use_value_profile=1"],
+ sanitizer = "address",
+ target_class = "com.example.NativeValueProfileFuzzer",
+ target_compatible_with = SKIP_ON_WINDOWS,
+ verify_crash_reproducer = False,
+ runtime_deps = [":native_value_profile_fuzzer"],
+)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-08 05:28:21 +0000