1 /* 2 * Copyright 2022 Code Intelligence GmbH 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.example; 18 19 import com.code_intelligence.jazzer.junit.FuzzTest; 20 import java.util.regex.Pattern; 21 import org.junit.jupiter.api.Test; 22 import org.junit.jupiter.api.parallel.Execution; 23 import org.junit.jupiter.api.parallel.ExecutionMode; 24 25 @SuppressWarnings("InvalidPatternSyntax") 26 @Execution(ExecutionMode.CONCURRENT) 27 class HermeticInstrumentationFuzzTest { 28 class VulnerableFuzzClass { vulnerableMethod(String input)29 public void vulnerableMethod(String input) { 30 Pattern.compile(input); 31 } 32 } 33 34 class VulnerableUnitClass { vulnerableMethod(String input)35 public void vulnerableMethod(String input) { 36 Pattern.compile(input); 37 } 38 } 39 40 @FuzzTest 41 @Execution(ExecutionMode.CONCURRENT) fuzzTest1(byte[] data)42 void fuzzTest1(byte[] data) { 43 new VulnerableFuzzClass().vulnerableMethod("["); 44 } 45 46 @Test 47 @Execution(ExecutionMode.CONCURRENT) unitTest1()48 void unitTest1() { 49 new VulnerableUnitClass().vulnerableMethod("["); 50 } 51 52 @FuzzTest 53 @Execution(ExecutionMode.CONCURRENT) fuzzTest2(byte[] data)54 void fuzzTest2(byte[] data) { 55 Pattern.compile("["); 56 } 57 58 @Test 59 @Execution(ExecutionMode.CONCURRENT) unitTest2()60 void unitTest2() { 61 Pattern.compile("["); 62 } 63 } 64