forked from google/oss-fuzz-gen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathjvm_problem.txt
58 lines (45 loc) · 2.97 KB
/
jvm_problem.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<steps>
Follow these steps to write a fuzzing harness for the provided method signature.
Step 1. Analyse the structure and source code of the target method.
* Here is the source code of the target {METHOD_OR_CONSTRUCTOR} for reference.
<code>
{SELF_SOURCE}
</code>
* Additional information that you may need to consider.
* **Purpose and functionality** of the method.
* **Input processing** and internal logic.
Step 2. Analyse the signature and other properties of the target methods.
* Understand the target methods signature and its properties given below:
* **<target>** tag contains the methods signature and basic properties
* **<arguments>** tag contains the description of all arguments of the target method.
{TARGET}
{ARGUMENTS}
Step 3. Understand initialization requirements.
* Identify what is needed to properly initialize the object for invoking the target method: * **<constructors>** is an optional tag contains the description of constructors that could create the needed objects if the target method is non static methods.
{CONSTRUCTORS}
Step 4. Understand exception handling requirements.
* Indentify what exceptions is thrown from the target method and explicitly handle them if necessary.
* **<exceptions>** is an optional tag contains all the exceptions directly thrown from the target methods that you MUST handle in your written fuzzing harness.
{EXCEPTIONS}
Step 5. Understand how to correctly invoke the target method.
* Here is a list of source codes of methods/constructors that directly invoke the target {METHOD_OR_CONSTRUCTOR} for reference. Please be reminded that this section maybe empty if non of those source codes are found.
{CROSS_SOURCE}
Step 6. Understand general requirements for Java fuzzing harness writing.
* **<requirements>** tag contains a list of additional requirements for the fuzzing harness generation that you MUST follow.
{REQUIREMENTS}
Step 7. Understand Constraints and edge cases.
For each input parameter, understand:
* Valid ranges and data types.
* Invalid or edge-case values (e.g., zero, NULL, predefined constants, maximum values).
* Special values that trigger different code paths.
Step 8: Plan Fuzz Target Implementation.
Decide how to implement the fuzz target:
* **Extract parameters** from the `FuzzedDataProvider` class by following the mapping table and additional description wrapped in the **<data_mapping>** tag.
{DATA_MAPPING}
Step 9: **Write** the fuzz target code.
* Implement the fuzzing harness following all the analysis result from previous steps:
* Must follow Jazzer framework and the given fuzzing harness template.
* Create the necessary objects and initialise necessary arguments.
* Make sure the code can be compiled successfully with correctly built and retrieved dependencies.
* Make sure to handle the exceptions generated in additional to those directly thrown from invoking the target methods.
* Make sure to close resources and add clean up logic in the fuzzerTearDown.