JwkParserFuzzer.java

// Copyright 2023 the cncf-fuzzing authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
import com.fasterxml.jackson.core.JsonProcessingException;
import org.keycloak.jose.jwk.JWKParser;

/**
 * This fuzzer targets the methods in JWKParser. It passes random string to the JWKParser object and
 * call other methods that rely on the parsing result randomly.
 */
public class JwkParserFuzzer {
  public static void fuzzerTestOneInput(FuzzedDataProvider data) {
    try {
      // Create a new JWKParser instance
      JWKParser parser = JWKParser.create();

      // Call the parse method with random string
      parser.parse(data.consumeString(data.consumeInt(0, 10000)));

      // Randomly executing methods in JWKParser
      // which rely on the parsing result
      if (data.consumeBoolean()) {
        parser.toPublicKey();
      } else {
        parser.isKeyTypeSupported(data.consumeString(data.consumeInt(0, 10000)));
      }
    } catch (IllegalArgumentException | IllegalStateException e) {
      // Known exception
    } catch (RuntimeException e) {
      if (!isExpectedException(e)) {
        throw e;
      }
    }
  }

  private static Boolean isExpectedException(Throwable exc) {
    Class[] expectedExceptions = {JsonProcessingException.class};

    // Check if it is an expected RuntimeException
    if (exc.getMessage().contains("Unsupported keyType")) {
      return true;
    }

    // Check if the exceptions wrapped are expected exceptions
    Throwable cause = exc.getCause();
    if (cause == null) {
      return false;
    } else {
      for (Class cls:expectedExceptions) {
        if (cls.isInstance(cause)) {
          return true;
        }
      }
      return isExpectedException(cause);
    }
  }
}