Class BugDetectors
-
Method Summary
Modifier and TypeMethodDescriptionstatic SilentCloseable
Allows all network connections.static SilentCloseable
allowNetworkConnections
(BiPredicate<String, Integer> connectionPermitted) Allows all network connections for which the provided predicate returnstrue
.static SilentCloseable
setFilePathTraversalAllowPath
(Predicate<Path> checkPath) Sets the predicate that determines if a file path is allowed to be accessed.static SilentCloseable
setFilePathTraversalTarget
(Supplier<Path> pathTraversalTarget) Sets the target for file path traversal sanitization.
-
Method Details
-
allowNetworkConnections
Allows all network connections.See
allowNetworkConnections(BiPredicate)
for an alternative that provides fine-grained control over which network connections are expected.By default, all attempted network connections are considered unexpected and result in a finding being reported.
By wrapping the call into a try-with-resources statement, network connection permissions can be configured to apply to individual parts of the fuzz test only:
Image image = parseImage(bytes); Response response; try (SilentCloseable unused = BugDetectors.allowNetworkConnections()) { response = uploadImage(image); } handleResponse(response);
- Returns:
- a
SilentCloseable
that restores the previously set permissions when closed
-
allowNetworkConnections
public static SilentCloseable allowNetworkConnections(BiPredicate<String, Integer> connectionPermitted) Allows all network connections for which the provided predicate returnstrue
.By default, all attempted network connections are considered unexpected and result in a finding being reported.
By wrapping the call into a try-with-resources statement, network connection permissions can be configured to apply to individual parts of the fuzz test only:
Image image = parseImage(bytes); Response response; try (SilentCloseable unused = BugDetectors.allowNetworkConnections( (host, port) -> host.equals("example.org"))) { response = uploadImage(image, "example.org"); } handleResponse(response);
- Parameters:
connectionPermitted
- a predicate that evaluate totrue
if network connections to the provided combination of host and port are permitted- Returns:
- a
SilentCloseable
that restores the previously set predicate when closed
-
setFilePathTraversalTarget
Sets the target for file path traversal sanitization. If the target is reached, a finding is thrown. The target is also used to guide the fuzzer to intentionally trigger file path traversal.By default, the file path traversal target is set to return
"../jazzer-traversal"
.Setting the path traversal target supplier to return
null
will disable the guidance.By wrapping the call into a try-with-resources statement, the target can be configured to apply to individual parts of the fuzz test only:
try (SilentCloseable unused = BugDetectors.setFilePathTraversalTarget(() -> Paths.get("/root"))) { // Perform operations that require file path traversal sanitization }
- Parameters:
pathTraversalTarget
- a supplier that provides the target directory for file path traversal sanitization- Returns:
- a
SilentCloseable
that restores the previously set target when closed
-
setFilePathTraversalAllowPath
Sets the predicate that determines if a file path is allowed to be accessed. Paths that are not allowed will trigger a file path traversal finding. If you use this method, don't forget to set the fuzzing target withsetFilePathTraversalTarget
that aligns with this predicate, because bothtarget
andcheckPath
can trigger a finding independently.By default, all file paths are allowed. Setting the predicate to
false
will trigger a file path traversal finding for any file path access.By wrapping the call into a try-with-resources statement, the predicate can be configured to apply to individual parts of the fuzz test only:
try (SilentCloseable unused = BugDetectors.setFilePathTraversalAllowPath( (Path p) -> p.toString().contains("secret"))) { // Perform operations that require file path traversal sanitization }
- Parameters:
checkPath
- a predicate that evaluates totrue
if the file path is allowed- Returns:
- a
SilentCloseable
that restores the previously set predicate when closed
-