Class BugDetectors

java.lang.Object
com.code_intelligence.jazzer.api.BugDetectors

public final class BugDetectors extends Object
Provides static functions that configure the behavior of bug detectors provided by Jazzer.
  • Method Details

    • allowNetworkConnections

      public static SilentCloseable allowNetworkConnections()
      Allows all network connections.

      See allowNetworkConnections(BiPredicate) for an alternative that provides fine-grained control over which network connections are expected.

      By default, all attempted network connections are considered unexpected and result in a finding being reported.

      By wrapping the call into a try-with-resources statement, network connection permissions can be configured to apply to individual parts of the fuzz test only:

      
       Image image = parseImage(bytes);
       Response response;
       try (SilentCloseable unused = BugDetectors.allowNetworkConnections()) {
         response = uploadImage(image);
       }
       handleResponse(response);
       
      Returns:
      a SilentCloseable that restores the previously set permissions when closed
    • allowNetworkConnections

      public static SilentCloseable allowNetworkConnections(BiPredicate<String,Integer> connectionPermitted)
      Allows all network connections for which the provided predicate returns true.

      By default, all attempted network connections are considered unexpected and result in a finding being reported.

      By wrapping the call into a try-with-resources statement, network connection permissions can be configured to apply to individual parts of the fuzz test only:

      
       Image image = parseImage(bytes);
       Response response;
       try (SilentCloseable unused = BugDetectors.allowNetworkConnections(
           (host, port) -> host.equals("example.org"))) {
         response = uploadImage(image, "example.org");
       }
       handleResponse(response);
       
      Parameters:
      connectionPermitted - a predicate that evaluate to true if network connections to the provided combination of host and port are permitted
      Returns:
      a SilentCloseable that restores the previously set predicate when closed
    • setFilePathTraversalTarget

      public static SilentCloseable setFilePathTraversalTarget(Supplier<Path> pathTraversalTarget)
      Sets the target for file path traversal sanitization. If the target is reached, a finding is thrown. The target is also used to guide the fuzzer to intentionally trigger file path traversal.

      By default, the file path traversal target is set to return "../jazzer-traversal".

      Setting the path traversal target supplier to return null will disable the guidance.

      By wrapping the call into a try-with-resources statement, the target can be configured to apply to individual parts of the fuzz test only:

      
       try (SilentCloseable unused = BugDetectors.setFilePathTraversalTarget(() -> Paths.get("/root"))) {
         // Perform operations that require file path traversal sanitization
       }
       
      Parameters:
      pathTraversalTarget - a supplier that provides the target directory for file path traversal sanitization
      Returns:
      a SilentCloseable that restores the previously set target when closed
    • setFilePathTraversalAllowPath

      public static SilentCloseable setFilePathTraversalAllowPath(Predicate<Path> checkPath)
      Sets the predicate that determines if a file path is allowed to be accessed. Paths that are not allowed will trigger a file path traversal finding. If you use this method, don't forget to set the fuzzing target with setFilePathTraversalTarget that aligns with this predicate, because both target and checkPath can trigger a finding independently.

      By default, all file paths are allowed. Setting the predicate to false will trigger a file path traversal finding for any file path access.

      By wrapping the call into a try-with-resources statement, the predicate can be configured to apply to individual parts of the fuzz test only:

      
       try (SilentCloseable unused = BugDetectors.setFilePathTraversalAllowPath(
           (Path p) -> p.toString().contains("secret"))) {
         // Perform operations that require file path traversal sanitization
       }
       
      Parameters:
      checkPath - a predicate that evaluates to true if the file path is allowed
      Returns:
      a SilentCloseable that restores the previously set predicate when closed