1*33edd672SMarkload("@fmeum_rules_jni//jni:defs.bzl", "java_jni_library") 2*33edd672SMarkload("@io_bazel_rules_kotlin//kotlin:jvm.bzl", "kt_jvm_library") 3*33edd672SMarkload("//bazel:compat.bzl", "LINUX_ONLY", "SKIP_ON_MACOS", "SKIP_ON_WINDOWS") 4*33edd672SMarkload("//bazel:fuzz_target.bzl", "java_fuzz_target_test") 5*33edd672SMarkload("//bazel:kotlin.bzl", "ktlint") 6*33edd672SMark 7*33edd672SMarkjava_fuzz_target_test( 8*33edd672SMark name = "LongStringFuzzer", 9*33edd672SMark srcs = [ 10*33edd672SMark "src/test/java/com/example/LongStringFuzzer.java", 11*33edd672SMark ], 12*33edd672SMark allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], 13*33edd672SMark data = ["src/test/java/com/example/LongStringFuzzerInput"], 14*33edd672SMark # Additionally verify that Jazzer-Fuzz-Target-Class is picked up if --target_class isn't set. 15*33edd672SMark deploy_manifest_lines = ["Jazzer-Fuzz-Target-Class: com.example.LongStringFuzzer"], 16*33edd672SMark fuzzer_args = [ 17*33edd672SMark "$(rlocationpath src/test/java/com/example/LongStringFuzzerInput)", 18*33edd672SMark ], 19*33edd672SMark launcher_variant = "native", 20*33edd672SMark verify_crash_input = False, 21*33edd672SMark) 22*33edd672SMark 23*33edd672SMarkjava_fuzz_target_test( 24*33edd672SMark name = "JpegImageParserAutofuzz", 25*33edd672SMark allowed_findings = ["java.lang.NegativeArraySizeException"], 26*33edd672SMark fuzzer_args = [ 27*33edd672SMark "--autofuzz=org.apache.commons.imaging.formats.jpeg.JpegImageParser::getBufferedImage", 28*33edd672SMark "--autofuzz_ignore=java.lang.NullPointerException", 29*33edd672SMark ], 30*33edd672SMark runtime_deps = [ 31*33edd672SMark "@maven//:org_apache_commons_commons_imaging", 32*33edd672SMark ], 33*33edd672SMark) 34*33edd672SMark 35*33edd672SMarkjava_binary( 36*33edd672SMark name = "HookDependenciesFuzzerHooks", 37*33edd672SMark srcs = ["src/test/java/com/example/HookDependenciesFuzzerHooks.java"], 38*33edd672SMark create_executable = False, 39*33edd672SMark deploy_manifest_lines = ["Jazzer-Hook-Classes: com.example.HookDependenciesFuzzerHooks"], 40*33edd672SMark deps = ["//src/main/java/com/code_intelligence/jazzer/api:hooks"], 41*33edd672SMark) 42*33edd672SMark 43*33edd672SMarkjava_fuzz_target_test( 44*33edd672SMark name = "HookDependenciesFuzzer", 45*33edd672SMark srcs = ["src/test/java/com/example/HookDependenciesFuzzer.java"], 46*33edd672SMark allowed_findings = [ 47*33edd672SMark "com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow", 48*33edd672SMark ], 49*33edd672SMark env = {"JAVA_OPTS": "-Xverify:all"}, 50*33edd672SMark hook_jar = "HookDependenciesFuzzerHooks_deploy.jar", 51*33edd672SMark target_class = "com.example.HookDependenciesFuzzer", 52*33edd672SMark verify_crash_reproducer = False, 53*33edd672SMark) 54*33edd672SMark 55*33edd672SMarkjava_fuzz_target_test( 56*33edd672SMark name = "AutofuzzWithoutCoverage", 57*33edd672SMark allowed_findings = ["java.lang.NullPointerException"], 58*33edd672SMark fuzzer_args = [ 59*33edd672SMark # Autofuzz a method that triggers no coverage instrumentation (the Java standard library is 60*33edd672SMark # excluded by default). 61*33edd672SMark "--autofuzz=java.util.regex.Pattern::compile", 62*33edd672SMark ], 63*33edd672SMark) 64*33edd672SMark 65*33edd672SMarkjava_fuzz_target_test( 66*33edd672SMark name = "ForkModeFuzzer", 67*33edd672SMark size = "enormous", 68*33edd672SMark srcs = [ 69*33edd672SMark "src/test/java/com/example/ForkModeFuzzer.java", 70*33edd672SMark ], 71*33edd672SMark allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], 72*33edd672SMark env = { 73*33edd672SMark "JAVA_OPTS": "-Dfoo=not_foo -Djava_opts=1", 74*33edd672SMark }, 75*33edd672SMark fuzzer_args = [ 76*33edd672SMark "-fork=2", 77*33edd672SMark "--additional_jvm_args=-Dbaz=baz", 78*33edd672SMark ] + select({ 79*33edd672SMark # \\\\ becomes \\ when evaluated as a Starlark string literal, then \ in 80*33edd672SMark # java_fuzz_target_test. 81*33edd672SMark "@platforms//os:windows": ["--jvm_args=-Dfoo=foo;-Dbar=b\\\\;ar"], 82*33edd672SMark "//conditions:default": ["--jvm_args=-Dfoo=foo:-Dbar=b\\\\:ar"], 83*33edd672SMark }), 84*33edd672SMark launcher_variant = "native", 85*33edd672SMark # Consumes more resources than can be expressed via the size attribute. 86*33edd672SMark tags = ["exclusive-if-local"], 87*33edd672SMark target_class = "com.example.ForkModeFuzzer", 88*33edd672SMark # The exit codes of the forked libFuzzer processes are not picked up correctly. 89*33edd672SMark target_compatible_with = SKIP_ON_MACOS, 90*33edd672SMark) 91*33edd672SMark 92*33edd672SMarkjava_fuzz_target_test( 93*33edd672SMark name = "CoverageFuzzer", 94*33edd672SMark srcs = [ 95*33edd672SMark "src/test/java/com/example/CoverageFuzzer.java", 96*33edd672SMark ], 97*33edd672SMark allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], 98*33edd672SMark env = { 99*33edd672SMark "COVERAGE_REPORT_FILE": "coverage.txt", 100*33edd672SMark "COVERAGE_DUMP_FILE": "coverage.exec", 101*33edd672SMark }, 102*33edd672SMark fuzzer_args = [ 103*33edd672SMark "-use_value_profile=1", 104*33edd672SMark "--coverage_report=coverage.txt", 105*33edd672SMark "--coverage_dump=coverage.exec", 106*33edd672SMark "--instrumentation_includes=com.example.**", 107*33edd672SMark ], 108*33edd672SMark target_class = "com.example.CoverageFuzzer", 109*33edd672SMark verify_crash_input = False, 110*33edd672SMark verify_crash_reproducer = False, 111*33edd672SMark deps = [ 112*33edd672SMark "@maven//:org_jacoco_org_jacoco_core", 113*33edd672SMark ], 114*33edd672SMark) 115*33edd672SMark 116*33edd672SMarkjava_library( 117*33edd672SMark name = "autofuzz_inner_class_target", 118*33edd672SMark srcs = ["src/test/java/com/example/AutofuzzInnerClassTarget.java"], 119*33edd672SMark deps = [ 120*33edd672SMark "//deploy:jazzer-api", 121*33edd672SMark ], 122*33edd672SMark) 123*33edd672SMark 124*33edd672SMarkjava_fuzz_target_test( 125*33edd672SMark name = "AutofuzzInnerClassFuzzer", 126*33edd672SMark allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], 127*33edd672SMark fuzzer_args = [ 128*33edd672SMark "--autofuzz=com.example.AutofuzzInnerClassTarget.Middle.Inner::test", 129*33edd672SMark ], 130*33edd672SMark runtime_deps = [ 131*33edd672SMark ":autofuzz_inner_class_target", 132*33edd672SMark ], 133*33edd672SMark) 134*33edd672SMark 135*33edd672SMark# Regression test for https://github.com/CodeIntelligenceTesting/jazzer/issues/405. 136*33edd672SMarkjava_fuzz_target_test( 137*33edd672SMark name = "MemoryLeakFuzzer", 138*33edd672SMark timeout = "moderate", 139*33edd672SMark srcs = ["src/test/java/com/example/MemoryLeakFuzzer.java"], 140*33edd672SMark allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], 141*33edd672SMark env = { 142*33edd672SMark "JAVA_OPTS": "-Xmx800m", 143*33edd672SMark }, 144*33edd672SMark # --keep_going ignores the only finding. 145*33edd672SMark expect_crash = False, 146*33edd672SMark fuzzer_args = [ 147*33edd672SMark # Before the bug was fixed, either the GC overhead limit or the overall heap limit was 148*33edd672SMark # reached by this target in this number of runs. 149*33edd672SMark "-runs=1000000", 150*33edd672SMark # Skip over the first and only exception to keep the fuzzer running until it hits the runs 151*33edd672SMark # limit. 152*33edd672SMark "--keep_going=2", 153*33edd672SMark ], 154*33edd672SMark target_class = "com.example.MemoryLeakFuzzer", 155*33edd672SMark) 156*33edd672SMark 157*33edd672SMarkJAZZER_API_TEST_CASES = { 158*33edd672SMark "default": [], 159*33edd672SMark "nohooks": ["--nohooks"], 160*33edd672SMark} 161*33edd672SMark 162*33edd672SMark[ 163*33edd672SMark java_fuzz_target_test( 164*33edd672SMark name = "JazzerApiFuzzer_" + case, 165*33edd672SMark srcs = ["src/test/java/com/example/JazzerApiFuzzer.java"], 166*33edd672SMark allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], 167*33edd672SMark fuzzer_args = args, 168*33edd672SMark target_class = "com.example.JazzerApiFuzzer", 169*33edd672SMark ) 170*33edd672SMark for case, args in JAZZER_API_TEST_CASES.items() 171*33edd672SMark] 172*33edd672SMark 173*33edd672SMarkjava_fuzz_target_test( 174*33edd672SMark name = "DisabledHooksFuzzer", 175*33edd672SMark timeout = "short", 176*33edd672SMark srcs = ["src/test/java/com/example/DisabledHooksFuzzer.java"], 177*33edd672SMark fuzzer_args = [ 178*33edd672SMark "-runs=0", 179*33edd672SMark "--custom_hooks=com.example.DisabledHook", 180*33edd672SMark ] + select({ 181*33edd672SMark "@platforms//os:windows": ["--disabled_hooks=com.example.DisabledHook;com.code_intelligence.jazzer.sanitizers.RegexInjection"], 182*33edd672SMark "//conditions:default": ["--disabled_hooks=com.example.DisabledHook:com.code_intelligence.jazzer.sanitizers.RegexInjection"], 183*33edd672SMark }), 184*33edd672SMark target_class = "com.example.DisabledHooksFuzzer", 185*33edd672SMark) 186*33edd672SMark 187*33edd672SMarkjava_fuzz_target_test( 188*33edd672SMark name = "BytesMemoryLeakFuzzer", 189*33edd672SMark timeout = "moderate", 190*33edd672SMark srcs = ["src/test/java/com/example/BytesMemoryLeakFuzzer.java"], 191*33edd672SMark env = { 192*33edd672SMark "JAVA_OPTS": "-Xmx200m", 193*33edd672SMark }, 194*33edd672SMark fuzzer_args = [ 195*33edd672SMark # Before the bug was fixed, either the GC overhead limit or the overall heap limit was 196*33edd672SMark # reached by this target in this number of runs. 197*33edd672SMark "-runs=10000000", 198*33edd672SMark ], 199*33edd672SMark target_class = "com.example.BytesMemoryLeakFuzzer", 200*33edd672SMark) 201*33edd672SMark 202*33edd672SMark# Verifies that Jazzer continues fuzzing when the first two executions did not result in any 203*33edd672SMark# coverage feedback. 204*33edd672SMarkjava_fuzz_target_test( 205*33edd672SMark name = "NoCoverageFuzzer", 206*33edd672SMark timeout = "short", 207*33edd672SMark srcs = ["src/test/java/com/example/NoCoverageFuzzer.java"], 208*33edd672SMark fuzzer_args = [ 209*33edd672SMark "-runs=10", 210*33edd672SMark "--instrumentation_excludes=**", 211*33edd672SMark ], 212*33edd672SMark target_class = "com.example.NoCoverageFuzzer", 213*33edd672SMark) 214*33edd672SMark 215*33edd672SMarkjava_fuzz_target_test( 216*33edd672SMark name = "SeedFuzzer", 217*33edd672SMark timeout = "short", 218*33edd672SMark srcs = ["src/test/java/com/example/SeedFuzzer.java"], 219*33edd672SMark fuzzer_args = [ 220*33edd672SMark "-runs=0", 221*33edd672SMark "-seed=1234567", 222*33edd672SMark ], 223*33edd672SMark target_class = "com.example.SeedFuzzer", 224*33edd672SMark) 225*33edd672SMark 226*33edd672SMarkjava_fuzz_target_test( 227*33edd672SMark name = "NoSeedFuzzer", 228*33edd672SMark timeout = "short", 229*33edd672SMark srcs = ["src/test/java/com/example/NoSeedFuzzer.java"], 230*33edd672SMark env = { 231*33edd672SMark "JAZZER_NO_EXPLICIT_SEED": "1", 232*33edd672SMark }, 233*33edd672SMark fuzzer_args = [ 234*33edd672SMark "-runs=0", 235*33edd672SMark ], 236*33edd672SMark target_class = "com.example.NoSeedFuzzer", 237*33edd672SMark) 238*33edd672SMark 239*33edd672SMarkjava_jni_library( 240*33edd672SMark name = "native_value_profile_fuzzer", 241*33edd672SMark srcs = ["src/test/java/com/example/NativeValueProfileFuzzer.java"], 242*33edd672SMark native_libs = ["//tests/src/test/native/com/example:native_value_profile_fuzzer"], 243*33edd672SMark visibility = ["//tests/src/test/native/com/example:__pkg__"], 244*33edd672SMark deps = ["//deploy:jazzer-api"], 245*33edd672SMark) 246*33edd672SMark 247*33edd672SMarkjava_fuzz_target_test( 248*33edd672SMark name = "NativeValueProfileFuzzer", 249*33edd672SMark allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueLow"], 250*33edd672SMark fuzzer_args = [ 251*33edd672SMark "-use_value_profile=1", 252*33edd672SMark "--native", 253*33edd672SMark ], 254*33edd672SMark target_class = "com.example.NativeValueProfileFuzzer", 255*33edd672SMark target_compatible_with = SKIP_ON_WINDOWS, 256*33edd672SMark verify_crash_reproducer = False, 257*33edd672SMark runtime_deps = [":native_value_profile_fuzzer"], 258*33edd672SMark) 259*33edd672SMark 260*33edd672SMarkjava_binary( 261*33edd672SMark name = "JUnitAgentConfigurationFuzzTest", 262*33edd672SMark srcs = ["src/test/java/com/example/JUnitAgentConfigurationFuzzTest.java"], 263*33edd672SMark main_class = "com.code_intelligence.jazzer.Jazzer", 264*33edd672SMark runtime_deps = [ 265*33edd672SMark "//deploy:jazzer", 266*33edd672SMark "@maven//:org_junit_jupiter_junit_jupiter_engine", 267*33edd672SMark ], 268*33edd672SMark deps = [ 269*33edd672SMark "//deploy:jazzer-api", 270*33edd672SMark "//deploy:jazzer-junit", 271*33edd672SMark "@maven//:org_junit_jupiter_junit_jupiter_api", 272*33edd672SMark ], 273*33edd672SMark) 274*33edd672SMark 275*33edd672SMarksh_test( 276*33edd672SMark name = "junit_agent_configuration_test", 277*33edd672SMark srcs = ["src/test/shell/junit_agent_configuration_test.sh"], 278*33edd672SMark args = ["$(rlocationpath :JUnitAgentConfigurationFuzzTest)"], 279*33edd672SMark data = [":JUnitAgentConfigurationFuzzTest"], 280*33edd672SMark deps = ["@bazel_tools//tools/bash/runfiles"], 281*33edd672SMark) 282*33edd672SMark 283*33edd672SMarkjava_fuzz_target_test( 284*33edd672SMark name = "JUnitAssertFuzzer", 285*33edd672SMark timeout = "short", 286*33edd672SMark srcs = ["src/test/java/com/example/JUnitAssertFuzzer.java"], 287*33edd672SMark allowed_findings = ["org.opentest4j.AssertionFailedError"], 288*33edd672SMark target_class = "com.example.JUnitAssertFuzzer", 289*33edd672SMark deps = ["@maven//:org_junit_jupiter_junit_jupiter_api"], 290*33edd672SMark) 291*33edd672SMark 292*33edd672SMarkjava_library( 293*33edd672SMark name = "autofuzz_ignore_target", 294*33edd672SMark srcs = ["src/test/java/com/example/AutofuzzIgnoreTarget.java"], 295*33edd672SMark) 296*33edd672SMark 297*33edd672SMarkjava_fuzz_target_test( 298*33edd672SMark name = "AutofuzzIgnoreFuzzer", 299*33edd672SMark allowed_findings = ["java.lang.RuntimeException"], 300*33edd672SMark fuzzer_args = [ 301*33edd672SMark "--autofuzz=com.example.AutofuzzIgnoreTarget::doStuff", 302*33edd672SMark "--autofuzz_ignore=java.lang.NullPointerException", 303*33edd672SMark "--ignore=bdde2af8735993f3,0123456789ABCDEF", 304*33edd672SMark ], 305*33edd672SMark runtime_deps = [ 306*33edd672SMark ":autofuzz_ignore_target", 307*33edd672SMark ], 308*33edd672SMark) 309*33edd672SMark 310*33edd672SMarkjava_binary( 311*33edd672SMark name = "CrashResistantCoverageTarget", 312*33edd672SMark srcs = ["src/test/java/com/example/CrashResistantCoverageTarget.java"], 313*33edd672SMark) 314*33edd672SMark 315*33edd672SMarksh_test( 316*33edd672SMark name = "crash_resistant_coverage_test", 317*33edd672SMark srcs = ["src/test/shell/crash_resistant_coverage_test.sh"], 318*33edd672SMark data = [ 319*33edd672SMark "src/test/data/crash_resistant_coverage_test/crashing_seeds", 320*33edd672SMark "src/test/data/crash_resistant_coverage_test/new_coverage_seeds/new_coverage", 321*33edd672SMark ":CrashResistantCoverageTarget_deploy.jar", 322*33edd672SMark "//launcher:jazzer", 323*33edd672SMark "@bazel_tools//tools/bash/runfiles", 324*33edd672SMark "@jacocoagent//file:jacocoagent.jar", 325*33edd672SMark "@jacococli//file:jacococli.jar", 326*33edd672SMark ], 327*33edd672SMark target_compatible_with = LINUX_ONLY, 328*33edd672SMark) 329*33edd672SMark 330*33edd672SMarkjava_fuzz_target_test( 331*33edd672SMark name = "JavaDriver", 332*33edd672SMark allowed_findings = ["java.lang.NullPointerException"], 333*33edd672SMark fuzzer_args = [ 334*33edd672SMark "--autofuzz=java.util.regex.Pattern::compile", 335*33edd672SMark ], 336*33edd672SMark) 337*33edd672SMark 338*33edd672SMarkjava_fuzz_target_test( 339*33edd672SMark name = "JavaDriverWithFork", 340*33edd672SMark allowed_findings = ["java.lang.NullPointerException"], 341*33edd672SMark fuzzer_args = [ 342*33edd672SMark "--autofuzz=java.util.regex.Pattern::compile", 343*33edd672SMark "-fork=2", 344*33edd672SMark ], 345*33edd672SMark # -fork is broken on macOS for unknown reasons. 346*33edd672SMark target_compatible_with = SKIP_ON_MACOS, 347*33edd672SMark) 348*33edd672SMark 349*33edd672SMarkkt_jvm_library( 350*33edd672SMark name = "kotlin_vararg", 351*33edd672SMark srcs = ["src/test/java/com/example/KotlinVararg.kt"], 352*33edd672SMark) 353*33edd672SMark 354*33edd672SMarkjava_fuzz_target_test( 355*33edd672SMark name = "KotlinVarargFuzzer", 356*33edd672SMark srcs = ["src/test/java/com/example/KotlinVarargFuzzer.java"], 357*33edd672SMark allowed_findings = ["java.io.IOException"], 358*33edd672SMark target_class = "com.example.KotlinVarargFuzzer", 359*33edd672SMark deps = [":kotlin_vararg"], 360*33edd672SMark) 361*33edd672SMark 362*33edd672SMarkjava_fuzz_target_test( 363*33edd672SMark name = "TimeoutFuzzer", 364*33edd672SMark timeout = "short", 365*33edd672SMark srcs = ["src/test/java/com/example/TimeoutFuzzer.java"], 366*33edd672SMark allowed_findings = ["timeout"], 367*33edd672SMark fuzzer_args = [ 368*33edd672SMark "-timeout=1", 369*33edd672SMark ], 370*33edd672SMark target_class = "com.example.TimeoutFuzzer", 371*33edd672SMark verify_crash_reproducer = False, 372*33edd672SMark) 373*33edd672SMark 374*33edd672SMarkjava_library( 375*33edd672SMark name = "autofuzz_crashing_setter_target", 376*33edd672SMark srcs = ["src/test/java/com/example/AutofuzzCrashingSetterTarget.java"], 377*33edd672SMark) 378*33edd672SMark 379*33edd672SMark# Regression test for https://github.com/CodeIntelligenceTesting/jazzer/issues/586. 380*33edd672SMarkjava_fuzz_target_test( 381*33edd672SMark name = "AutofuzzCrashingSetterFuzzer", 382*33edd672SMark fuzzer_args = [ 383*33edd672SMark "--autofuzz=com.example.AutofuzzCrashingSetterTarget::start", 384*33edd672SMark "--autofuzz_ignore=java.lang.NullPointerException", 385*33edd672SMark "-runs=100000", 386*33edd672SMark ], 387*33edd672SMark runtime_deps = [ 388*33edd672SMark ":autofuzz_crashing_setter_target", 389*33edd672SMark ], 390*33edd672SMark) 391*33edd672SMark 392*33edd672SMarkjava_library( 393*33edd672SMark name = "autofuzz_assertion_error_target", 394*33edd672SMark srcs = ["src/test/java/com/example/AutofuzzAssertionErrorTarget.java"], 395*33edd672SMark) 396*33edd672SMark 397*33edd672SMark# Regression test for https://github.com/CodeIntelligenceTesting/jazzer/issues/589. 398*33edd672SMarkjava_fuzz_target_test( 399*33edd672SMark name = "AutofuzzAssertionError", 400*33edd672SMark allowed_findings = ["java.lang.AssertionError"], 401*33edd672SMark fuzzer_args = [ 402*33edd672SMark "--autofuzz=com.example.AutofuzzAssertionErrorTarget::autofuzz", 403*33edd672SMark ], 404*33edd672SMark runtime_deps = [ 405*33edd672SMark ":autofuzz_assertion_error_target", 406*33edd672SMark ], 407*33edd672SMark) 408*33edd672SMark 409*33edd672SMarkjava_fuzz_target_test( 410*33edd672SMark name = "SilencedFuzzer", 411*33edd672SMark timeout = "short", 412*33edd672SMark srcs = ["src/test/java/com/example/SilencedFuzzer.java"], 413*33edd672SMark allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueHigh"], 414*33edd672SMark target_class = "com.example.SilencedFuzzer", 415*33edd672SMark) 416*33edd672SMark 417*33edd672SMarkjava_binary( 418*33edd672SMark name = "jacococli", 419*33edd672SMark main_class = "org.jacoco.cli.internal.Main", 420*33edd672SMark runtime_deps = ["@jacococli//file:jacococli.jar"], 421*33edd672SMark) 422*33edd672SMark 423*33edd672SMarkjava_library( 424*33edd672SMark name = "OfflineInstrumentedTarget", 425*33edd672SMark srcs = ["src/test/java/com/example/OfflineInstrumentedTarget.java"], 426*33edd672SMark) 427*33edd672SMark 428*33edd672SMarkgenrule( 429*33edd672SMark name = "OfflineInstrumentedTargetInstrumented", 430*33edd672SMark srcs = [":OfflineInstrumentedTarget"], 431*33edd672SMark outs = ["OfflineInstrumentedTargetInstrumented.jar"], 432*33edd672SMark cmd = """ 433*33edd672SMark$(location :jacococli) instrument $< --dest jacoco-instrumented --quiet 434*33edd672SMarkcp jacoco-instrumented/*.jar $@ 435*33edd672SMark""", 436*33edd672SMark tags = ["manual"], 437*33edd672SMark tools = [":jacococli"], 438*33edd672SMark) 439*33edd672SMark 440*33edd672SMarkjava_fuzz_target_test( 441*33edd672SMark name = "OfflineInstrumentedFuzzer", 442*33edd672SMark timeout = "short", 443*33edd672SMark srcs = ["src/test/java/com/example/OfflineInstrumentedFuzzer.java"], 444*33edd672SMark allowed_findings = ["java.lang.IllegalStateException"], 445*33edd672SMark target_class = "com.example.OfflineInstrumentedFuzzer", 446*33edd672SMark deps = [ 447*33edd672SMark ":OfflineInstrumentedTargetInstrumented", 448*33edd672SMark "@jacocoagent//file:jacocoagent.jar", # Offline instrumented classes depend on the jacoco agent 449*33edd672SMark ], 450*33edd672SMark) 451*33edd672SMark 452*33edd672SMark# TODO: Move to //examples eventually. 453*33edd672SMarkjava_fuzz_target_test( 454*33edd672SMark name = "ExperimentalMutatorFuzzer", 455*33edd672SMark srcs = ["src/test/java/com/example/ExperimentalMutatorFuzzer.java"], 456*33edd672SMark allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium"], 457*33edd672SMark fuzzer_args = [ 458*33edd672SMark "--experimental_mutator", 459*33edd672SMark "--instrumentation_includes=com.example.**", 460*33edd672SMark "--custom_hook_includes=com.example.**", 461*33edd672SMark # TODO: Investigate whether we can automatically exclude protos. 462*33edd672SMark "--instrumentation_excludes=com.example.SimpleProto*", 463*33edd672SMark "--custom_hook_excludes=com.example.SimpleProto*", 464*33edd672SMark # Limit runs to catch regressions in mutator efficiency and speed up test runs. 465*33edd672SMark "-runs=40000", 466*33edd672SMark ], 467*33edd672SMark target_class = "com.example.ExperimentalMutatorFuzzer", 468*33edd672SMark verify_crash_reproducer = False, 469*33edd672SMark deps = [ 470*33edd672SMark "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 471*33edd672SMark "//tests/src/test/proto:simple_java_proto", 472*33edd672SMark ], 473*33edd672SMark) 474*33edd672SMark 475*33edd672SMarkjava_fuzz_target_test( 476*33edd672SMark name = "ExperimentalMutatorComplexProtoFuzzer", 477*33edd672SMark srcs = ["src/test/java/com/example/ExperimentalMutatorComplexProtoFuzzer.java"], 478*33edd672SMark allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium"], 479*33edd672SMark fuzzer_args = [ 480*33edd672SMark "--experimental_mutator", 481*33edd672SMark "--instrumentation_includes=com.example.**", 482*33edd672SMark "--custom_hook_includes=com.example.**", 483*33edd672SMark ] + select({ 484*33edd672SMark # Limit runs to catch regressions in mutator efficiency and speed up test runs. 485*33edd672SMark "@platforms//os:linux": ["-runs=400000"], 486*33edd672SMark # TODO: Investigate why this test takes far more runs on macOS, with Windows also being 487*33edd672SMark # significantly worse than Linux. 488*33edd672SMark "//conditions:default": ["-runs=1200000"], 489*33edd672SMark }), 490*33edd672SMark target_class = "com.example.ExperimentalMutatorComplexProtoFuzzer", 491*33edd672SMark verify_crash_reproducer = False, 492*33edd672SMark deps = [ 493*33edd672SMark "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 494*33edd672SMark "//src/test/java/com/code_intelligence/jazzer/mutation/mutator/proto:proto2_java_proto", 495*33edd672SMark ], 496*33edd672SMark) 497*33edd672SMark 498*33edd672SMarkcc_binary( 499*33edd672SMark name = "complex_proto_fuzzer", 500*33edd672SMark testonly = True, 501*33edd672SMark srcs = ["src/test/cc/complex_proto_fuzzer.cc"], 502*33edd672SMark copts = ["-fsanitize=fuzzer"], 503*33edd672SMark linkopts = ["-fsanitize=fuzzer"], 504*33edd672SMark # libfuzzer not shipped on macOS. 505*33edd672SMark target_compatible_with = LINUX_ONLY, 506*33edd672SMark deps = [ 507*33edd672SMark "//src/test/java/com/code_intelligence/jazzer/mutation/mutator/proto:proto2_cc_proto", 508*33edd672SMark "@libprotobuf-mutator", 509*33edd672SMark ], 510*33edd672SMark) 511*33edd672SMark 512*33edd672SMarkjava_fuzz_target_test( 513*33edd672SMark name = "ExperimentalMutatorDynamicProtoFuzzer", 514*33edd672SMark srcs = ["src/test/java/com/example/ExperimentalMutatorDynamicProtoFuzzer.java"], 515*33edd672SMark allowed_findings = ["com.code_intelligence.jazzer.api.FuzzerSecurityIssueMedium"], 516*33edd672SMark fuzzer_args = [ 517*33edd672SMark "--experimental_mutator", 518*33edd672SMark "--instrumentation_includes=com.example.**", 519*33edd672SMark "--custom_hook_includes=com.example.**", 520*33edd672SMark ] + select({ 521*33edd672SMark # Limit runs to catch regressions in mutator efficiency and speed up test runs. 522*33edd672SMark "@platforms//os:linux": ["-runs=400000"], 523*33edd672SMark # TODO: Investigate why this test takes far more runs on macOS, with Windows also being 524*33edd672SMark # significantly worse than Linux. 525*33edd672SMark "//conditions:default": ["-runs=1200000"], 526*33edd672SMark }), 527*33edd672SMark target_class = "com.example.ExperimentalMutatorDynamicProtoFuzzer", 528*33edd672SMark verify_crash_reproducer = False, 529*33edd672SMark deps = [ 530*33edd672SMark "//src/main/java/com/code_intelligence/jazzer/mutation/annotation", 531*33edd672SMark "//src/main/java/com/code_intelligence/jazzer/mutation/annotation/proto", 532*33edd672SMark "@com_google_protobuf//java/core", 533*33edd672SMark ], 534*33edd672SMark) 535*33edd672SMark 536*33edd672SMarksh_test( 537*33edd672SMark name = "jazzer_from_path_test", 538*33edd672SMark srcs = ["src/test/shell/jazzer_from_path_test.sh"], 539*33edd672SMark args = ["$(rlocationpath //:jazzer_release)"], 540*33edd672SMark data = [ 541*33edd672SMark "//:jazzer_release", 542*33edd672SMark "@bazel_tools//tools/bash/runfiles", 543*33edd672SMark ], 544*33edd672SMark) 545*33edd672SMark 546*33edd672SMarkktlint() 547
