Class BugDetectors
-
Method Summary
Modifier and TypeMethodDescriptionstatic SilentCloseableAllows all network connections.static SilentCloseableallowNetworkConnections(BiPredicate<String, Integer> connectionPermitted) Allows all network connections for which the provided predicate returnstrue.static SilentCloseablesetFilePathTraversalAllowPath(Predicate<Path> checkPath) Sets the predicate that determines if a file path is allowed to be accessed.static SilentCloseablesetFilePathTraversalTarget(Supplier<Path> pathTraversalTarget) Sets the target for file path traversal sanitization.
-
Method Details
-
allowNetworkConnections
Allows all network connections.See
allowNetworkConnections(BiPredicate)for an alternative that provides fine-grained control over which network connections are expected.By default, all attempted network connections are considered unexpected and result in a finding being reported.
By wrapping the call into a try-with-resources statement, network connection permissions can be configured to apply to individual parts of the fuzz test only:
Image image = parseImage(bytes); Response response; try (SilentCloseable unused = BugDetectors.allowNetworkConnections()) { response = uploadImage(image); } handleResponse(response);- Returns:
- a
SilentCloseablethat restores the previously set permissions when closed
-
allowNetworkConnections
public static SilentCloseable allowNetworkConnections(BiPredicate<String, Integer> connectionPermitted) Allows all network connections for which the provided predicate returnstrue.By default, all attempted network connections are considered unexpected and result in a finding being reported.
By wrapping the call into a try-with-resources statement, network connection permissions can be configured to apply to individual parts of the fuzz test only:
Image image = parseImage(bytes); Response response; try (SilentCloseable unused = BugDetectors.allowNetworkConnections( (host, port) -> host.equals("example.org"))) { response = uploadImage(image, "example.org"); } handleResponse(response);- Parameters:
connectionPermitted- a predicate that evaluate totrueif network connections to the provided combination of host and port are permitted- Returns:
- a
SilentCloseablethat restores the previously set predicate when closed
-
setFilePathTraversalTarget
Sets the target for file path traversal sanitization. If the target is reached, a finding is thrown. The target is also used to guide the fuzzer to intentionally trigger file path traversal.By default, the file path traversal target is set to return
"../jazzer-traversal".Setting the path traversal target supplier to return
nullwill disable the guidance.By wrapping the call into a try-with-resources statement, the target can be configured to apply to individual parts of the fuzz test only:
try (SilentCloseable unused = BugDetectors.setFilePathTraversalTarget(() -> Paths.get("/root"))) { // Perform operations that require file path traversal sanitization }- Parameters:
pathTraversalTarget- a supplier that provides the target directory for file path traversal sanitization- Returns:
- a
SilentCloseablethat restores the previously set target when closed
-
setFilePathTraversalAllowPath
Sets the predicate that determines if a file path is allowed to be accessed. Paths that are not allowed will trigger a file path traversal finding. If you use this method, don't forget to set the fuzzing target withsetFilePathTraversalTargetthat aligns with this predicate, because bothtargetandcheckPathcan trigger a finding independently.By default, all file paths are allowed. Setting the predicate to
falsewill trigger a file path traversal finding for any file path access.By wrapping the call into a try-with-resources statement, the predicate can be configured to apply to individual parts of the fuzz test only:
try (SilentCloseable unused = BugDetectors.setFilePathTraversalAllowPath( (Path p) -> p.toString().contains("secret"))) { // Perform operations that require file path traversal sanitization }- Parameters:
checkPath- a predicate that evaluates totrueif the file path is allowed- Returns:
- a
SilentCloseablethat restores the previously set predicate when closed
-