From 64515f26a9c66c2ab8283839b123450069ca2e17 Mon Sep 17 00:00:00 2001 From: Vishal S Date: Sun, 8 Mar 2026 17:01:25 +0530 Subject: [PATCH 1/4] [COMPRESS-720] Integrate OSS-Fuzz fuzzers and enable CIFuzz --- .github/workflows/cifuzz.yml | 27 ++++++++++ pom.xml | 22 ++++++++ .../compress/fuzz/ArchiverArFuzzer.java | 32 +++++++++++ .../compress/fuzz/ArchiverArjFuzzer.java | 32 +++++++++++ .../compress/fuzz/ArchiverCpioFuzzer.java | 32 +++++++++++ .../compress/fuzz/ArchiverDumpFuzzer.java | 32 +++++++++++ .../fuzz/ArchiverTarStreamFuzzer.java | 32 +++++++++++ .../fuzz/ArchiverZipStreamFuzzer.java | 32 +++++++++++ .../commons/compress/fuzz/BaseTests.java | 53 +++++++++++++++++++ .../compress/fuzz/CompressSevenZFuzzer.java | 45 ++++++++++++++++ .../compress/fuzz/CompressTarFuzzer.java | 38 +++++++++++++ .../compress/fuzz/CompressZipFuzzer.java | 42 +++++++++++++++ .../compress/fuzz/CompressorBZip2Fuzzer.java | 32 +++++++++++ .../fuzz/CompressorDeflate64Fuzzer.java | 32 +++++++++++ .../compress/fuzz/CompressorGzipFuzzer.java | 32 +++++++++++ .../compress/fuzz/CompressorLZ4Fuzzer.java | 39 ++++++++++++++ .../fuzz/CompressorPack200Fuzzer.java | 32 +++++++++++ .../compress/fuzz/CompressorSnappyFuzzer.java | 39 ++++++++++++++ .../compress/fuzz/CompressorZFuzzer.java | 33 ++++++++++++ 19 files changed, 658 insertions(+) create mode 100644 .github/workflows/cifuzz.yml create mode 100644 src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/BaseTests.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java create mode 100644 src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml new file mode 100644 index 00000000000..94c03ed553c --- /dev/null +++ b/.github/workflows/cifuzz.yml @@ -0,0 +1,27 @@ +name: CIFuzz +on: [pull_request] +permissions: {} +jobs: + Fuzzing: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'apache-commons-compress' + dry-run: false + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'apache-commons-compress' + fuzz-seconds: 600 + dry-run: false + - name: Upload Crash + uses: actions/upload-artifact@v4 + if: failure() && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts diff --git a/pom.xml b/pom.xml index 8ed7db1da49..262ca04cdb5 100644 --- a/pom.xml +++ b/pom.xml @@ -219,6 +219,12 @@ Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj. junit-pioneer test + + com.code-intelligence + jazzer-junit + 0.24.0 + test + scm:git:https://gitbox.apache.org/repos/asf/commons-compress.git @@ -603,6 +609,22 @@ Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj. + + fuzz + + + + org.apache.maven.plugins + maven-surefire-plugin + + + **/*Fuzzer.java + + + + + + diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java new file mode 100644 index 00000000000..810f9e9a439 --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.archivers.ar.ArArchiveInputStream; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +public class ArchiverArFuzzer extends BaseTests { + public static void fuzzerTestOneInput(byte[] data) { + try { + fuzzArchiveInputStream(new ArArchiveInputStream(new ByteArrayInputStream(data))); + } catch (IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java new file mode 100644 index 00000000000..ef75b16c098 --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.archivers.arj.ArjArchiveInputStream; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +public class ArchiverArjFuzzer extends BaseTests { + public static void fuzzerTestOneInput(byte[] data) { + try { + fuzzArchiveInputStream(new ArjArchiveInputStream(new ByteArrayInputStream(data))); + } catch (IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java new file mode 100644 index 00000000000..23bbe61d254 --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +public class ArchiverCpioFuzzer extends BaseTests { + public static void fuzzerTestOneInput(byte[] data) { + try { + fuzzArchiveInputStream(new CpioArchiveInputStream(new ByteArrayInputStream(data))); + } catch (IllegalArgumentException | IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java new file mode 100644 index 00000000000..fb6d6b847c1 --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.archivers.dump.DumpArchiveInputStream; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +public class ArchiverDumpFuzzer extends BaseTests { + public static void fuzzerTestOneInput(byte[] data) { + try { + fuzzArchiveInputStream(new DumpArchiveInputStream(new ByteArrayInputStream(data))); + } catch (IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java new file mode 100644 index 00000000000..535d6b6ccb4 --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.archivers.tar.TarArchiveInputStream; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +public class ArchiverTarStreamFuzzer extends BaseTests { + public static void fuzzerTestOneInput(byte[] data) { + try { + fuzzArchiveInputStream(new TarArchiveInputStream(new ByteArrayInputStream(data))); + } catch (IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java new file mode 100644 index 00000000000..3a87acad874 --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +public class ArchiverZipStreamFuzzer extends BaseTests { + public static void fuzzerTestOneInput(byte[] data) { + try { + fuzzArchiveInputStream(new ZipArchiveInputStream(new ByteArrayInputStream(data))); + } catch (IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/BaseTests.java b/src/test/java/org/apache/commons/compress/fuzz/BaseTests.java new file mode 100644 index 00000000000..89058e84d0c --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/BaseTests.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.archivers.ArchiveEntry; +import org.apache.commons.compress.archivers.ArchiveInputStream; +import org.apache.commons.compress.compressors.CompressorInputStream; + +import java.io.IOException; +import java.util.logging.LogManager; + +/** + * Class with common functionality shared among fuzzing harnesses. + */ +public class BaseTests { + public static void fuzzerInitialize() { + LogManager.getLogManager().reset(); + } + + /** + * Fuzz archiver streams by reading every entry. + */ + public static void fuzzArchiveInputStream(ArchiveInputStream is) throws IOException { + ArchiveEntry entry; + while ((entry = is.getNextEntry()) != null) { + is.read(new byte[1024]); + } + is.close(); + } + + /** + * Fuzz compressor streams by reading them. + */ + public static void fuzzCompressorInputStream(CompressorInputStream is) throws IOException { + is.read(new byte[1024]); + is.close(); + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java new file mode 100644 index 00000000000..aa22e3c44eb --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry; +import org.apache.commons.compress.archivers.sevenz.SevenZFile; +import org.apache.commons.compress.archivers.sevenz.SevenZFileOptions; +import org.apache.commons.compress.utils.SeekableInMemoryByteChannel; + +import java.io.InputStream; +import java.io.IOException; + +public class CompressSevenZFuzzer extends BaseTests { + private static final SevenZFileOptions options = new SevenZFileOptions.Builder() + .withMaxMemoryLimitInKb(1_000_000) + .build(); + + public static void fuzzerTestOneInput(byte[] data) { + try { + SevenZFile sf = new SevenZFile(new SeekableInMemoryByteChannel(data), options); + SevenZArchiveEntry entry; + while((entry = sf.getNextEntry()) != null) { + InputStream is = sf.getInputStream(entry); + is.read(new byte[1024]); + } + sf.close(); + } catch (IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java new file mode 100644 index 00000000000..858c2b3bfac --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.archivers.tar.TarArchiveEntry; +import org.apache.commons.compress.archivers.tar.TarFile; + +import java.io.InputStream; +import java.io.IOException; + +public class CompressTarFuzzer extends BaseTests { + public static void fuzzerTestOneInput(byte[] data) { + try { + TarFile tf = new TarFile(data); + for (TarArchiveEntry entry : tf.getEntries()) { + InputStream is = tf.getInputStream(entry); + is.read(new byte[1024]); + } + tf.close(); + } catch (IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java new file mode 100644 index 00000000000..b5db37f5baa --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.archivers.zip.ZipArchiveEntry; +import org.apache.commons.compress.archivers.zip.ZipFile; +import org.apache.commons.compress.utils.SeekableInMemoryByteChannel; + +import java.io.InputStream; +import java.io.IOException; +import java.util.Enumeration; + +public class CompressZipFuzzer extends BaseTests { + public static void fuzzerTestOneInput(byte[] data) { + try { + ZipFile zf = new ZipFile(new SeekableInMemoryByteChannel(data)); + Enumeration entries = zf.getEntries(); + while(entries.hasMoreElements()) { + ZipArchiveEntry entry = entries.nextElement(); + InputStream is = zf.getInputStream(entry); + is.read(new byte[1024]); + } + zf.close(); + } catch (IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java new file mode 100644 index 00000000000..e739db534ac --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +public class CompressorBZip2Fuzzer extends BaseTests { + public static void fuzzerTestOneInput(byte[] data) { + try { + fuzzCompressorInputStream(new BZip2CompressorInputStream(new ByteArrayInputStream(data))); + } catch (IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java new file mode 100644 index 00000000000..24a051880f4 --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.compressors.deflate64.Deflate64CompressorInputStream; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +public class CompressorDeflate64Fuzzer extends BaseTests { + public static void fuzzerTestOneInput(byte[] data) { + try { + fuzzCompressorInputStream(new Deflate64CompressorInputStream(new ByteArrayInputStream(data))); + } catch (IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java new file mode 100644 index 00000000000..c5b9f852deb --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +public class CompressorGzipFuzzer extends BaseTests { + public static void fuzzerTestOneInput(byte[] data) { + try { + fuzzCompressorInputStream(new GzipCompressorInputStream(new ByteArrayInputStream(data))); + } catch (IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java new file mode 100644 index 00000000000..9d112656127 --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorInputStream; +import org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +public class CompressorLZ4Fuzzer extends BaseTests { + // Test both LZ4 classes + public static void fuzzerTestOneInput(byte[] data) { + try { + fuzzCompressorInputStream(new BlockLZ4CompressorInputStream(new ByteArrayInputStream(data))); + } catch (IOException ignored) { + } + + try { + fuzzCompressorInputStream(new FramedLZ4CompressorInputStream(new ByteArrayInputStream(data))); + } catch (IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java new file mode 100644 index 00000000000..575dfd91f13 --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +public class CompressorPack200Fuzzer extends BaseTests { + public static void fuzzerTestOneInput(byte[] data) { + try { + fuzzCompressorInputStream(new Pack200CompressorInputStream(new ByteArrayInputStream(data))); + } catch (IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java new file mode 100644 index 00000000000..5f4df62c6c9 --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream; +import org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +public class CompressorSnappyFuzzer extends BaseTests { + // Test both Snappy classes + public static void fuzzerTestOneInput(byte[] data) { + try { + fuzzCompressorInputStream(new FramedSnappyCompressorInputStream(new ByteArrayInputStream(data))); + } catch (IOException ignored) { + } + + try { + fuzzCompressorInputStream(new SnappyCompressorInputStream(new ByteArrayInputStream(data))); + } catch (IOException ignored) { + } + } +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java new file mode 100644 index 00000000000..61a1b3ac55a --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.commons.compress.fuzz; + +import org.apache.commons.compress.compressors.z.ZCompressorInputStream; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +public class CompressorZFuzzer extends BaseTests { + public static void fuzzerTestOneInput(byte[] data) { + try { + // Setting limit to avoid out of memory errors + fuzzCompressorInputStream(new ZCompressorInputStream(new ByteArrayInputStream(data), 1024*1024)); + } catch (IllegalArgumentException | IOException ignored) { + } + } +} From 8b37b7f039ae7249e753dab1947dada62a5c2b41 Mon Sep 17 00:00:00 2001 From: Vishal S Date: Tue, 10 Mar 2026 22:34:00 +0530 Subject: [PATCH 2/4] Address COMPRESS-720: Remove jazzer-junit dependency and isolate fuzzer classes --- pom.xml | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/pom.xml b/pom.xml index 262ca04cdb5..0392868a596 100644 --- a/pom.xml +++ b/pom.xml @@ -219,12 +219,6 @@ Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj. junit-pioneer test - - com.code-intelligence - jazzer-junit - 0.24.0 - test - scm:git:https://gitbox.apache.org/repos/asf/commons-compress.git @@ -412,6 +406,15 @@ Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj. org.apache.maven.plugins maven-checkstyle-plugin + + org.apache.maven.plugins + maven-compiler-plugin + + + org/apache/commons/compress/fuzz/** + + + @@ -615,6 +618,14 @@ Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj. org.apache.maven.plugins + maven-compiler-plugin + + + none + + + + maven-surefire-plugin From 32d36f0e3473d326a2eb59a07542c0a6ea231549 Mon Sep 17 00:00:00 2001 From: Vishal S Date: Wed, 11 Mar 2026 01:28:36 +0530 Subject: [PATCH 3/4] COMPRESS-720: Refactor BaseTests to AbstractTests and make it abstract --- .../compress/fuzz/{BaseTests.java => AbstractTests.java} | 2 +- .../java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java | 2 +- .../org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java | 2 +- .../org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java | 2 +- .../org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java | 2 +- .../apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java | 2 +- .../apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java | 2 +- .../org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java | 2 +- .../org/apache/commons/compress/fuzz/CompressTarFuzzer.java | 2 +- .../org/apache/commons/compress/fuzz/CompressZipFuzzer.java | 2 +- .../org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java | 2 +- .../apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java | 2 +- .../org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java | 2 +- .../org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java | 2 +- .../apache/commons/compress/fuzz/CompressorPack200Fuzzer.java | 2 +- .../apache/commons/compress/fuzz/CompressorSnappyFuzzer.java | 2 +- .../org/apache/commons/compress/fuzz/CompressorZFuzzer.java | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) rename src/test/java/org/apache/commons/compress/fuzz/{BaseTests.java => AbstractTests.java} (97%) diff --git a/src/test/java/org/apache/commons/compress/fuzz/BaseTests.java b/src/test/java/org/apache/commons/compress/fuzz/AbstractTests.java similarity index 97% rename from src/test/java/org/apache/commons/compress/fuzz/BaseTests.java rename to src/test/java/org/apache/commons/compress/fuzz/AbstractTests.java index 89058e84d0c..87e22333a64 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/BaseTests.java +++ b/src/test/java/org/apache/commons/compress/fuzz/AbstractTests.java @@ -27,7 +27,7 @@ /** * Class with common functionality shared among fuzzing harnesses. */ -public class BaseTests { +public abstract class AbstractTests { public static void fuzzerInitialize() { LogManager.getLogManager().reset(); } diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java index 810f9e9a439..49ff6126e32 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java @@ -22,7 +22,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; -public class ArchiverArFuzzer extends BaseTests { +public class ArchiverArFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { fuzzArchiveInputStream(new ArArchiveInputStream(new ByteArrayInputStream(data))); diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java index ef75b16c098..b4a7699bc13 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java @@ -22,7 +22,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; -public class ArchiverArjFuzzer extends BaseTests { +public class ArchiverArjFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { fuzzArchiveInputStream(new ArjArchiveInputStream(new ByteArrayInputStream(data))); diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java index 23bbe61d254..09622465963 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java @@ -22,7 +22,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; -public class ArchiverCpioFuzzer extends BaseTests { +public class ArchiverCpioFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { fuzzArchiveInputStream(new CpioArchiveInputStream(new ByteArrayInputStream(data))); diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java index fb6d6b847c1..d9274939910 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java @@ -22,7 +22,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; -public class ArchiverDumpFuzzer extends BaseTests { +public class ArchiverDumpFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { fuzzArchiveInputStream(new DumpArchiveInputStream(new ByteArrayInputStream(data))); diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java index 535d6b6ccb4..1d4a989eb48 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java @@ -22,7 +22,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; -public class ArchiverTarStreamFuzzer extends BaseTests { +public class ArchiverTarStreamFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { fuzzArchiveInputStream(new TarArchiveInputStream(new ByteArrayInputStream(data))); diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java index 3a87acad874..14ac98431cb 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java @@ -22,7 +22,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; -public class ArchiverZipStreamFuzzer extends BaseTests { +public class ArchiverZipStreamFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { fuzzArchiveInputStream(new ZipArchiveInputStream(new ByteArrayInputStream(data))); diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java index aa22e3c44eb..ee94b64054b 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java @@ -25,7 +25,7 @@ import java.io.InputStream; import java.io.IOException; -public class CompressSevenZFuzzer extends BaseTests { +public class CompressSevenZFuzzer extends AbstractTests { private static final SevenZFileOptions options = new SevenZFileOptions.Builder() .withMaxMemoryLimitInKb(1_000_000) .build(); diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java index 858c2b3bfac..7a43caafb90 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java @@ -23,7 +23,7 @@ import java.io.InputStream; import java.io.IOException; -public class CompressTarFuzzer extends BaseTests { +public class CompressTarFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { TarFile tf = new TarFile(data); diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java index b5db37f5baa..291d85dbcfd 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java @@ -25,7 +25,7 @@ import java.io.IOException; import java.util.Enumeration; -public class CompressZipFuzzer extends BaseTests { +public class CompressZipFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { ZipFile zf = new ZipFile(new SeekableInMemoryByteChannel(data)); diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java index e739db534ac..c3f621e8656 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java @@ -22,7 +22,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; -public class CompressorBZip2Fuzzer extends BaseTests { +public class CompressorBZip2Fuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { fuzzCompressorInputStream(new BZip2CompressorInputStream(new ByteArrayInputStream(data))); diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java index 24a051880f4..889d1030f6c 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java @@ -22,7 +22,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; -public class CompressorDeflate64Fuzzer extends BaseTests { +public class CompressorDeflate64Fuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { fuzzCompressorInputStream(new Deflate64CompressorInputStream(new ByteArrayInputStream(data))); diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java index c5b9f852deb..9d8615ef4b6 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java @@ -22,7 +22,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; -public class CompressorGzipFuzzer extends BaseTests { +public class CompressorGzipFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { fuzzCompressorInputStream(new GzipCompressorInputStream(new ByteArrayInputStream(data))); diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java index 9d112656127..1fd22cc8e20 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java @@ -23,7 +23,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; -public class CompressorLZ4Fuzzer extends BaseTests { +public class CompressorLZ4Fuzzer extends AbstractTests { // Test both LZ4 classes public static void fuzzerTestOneInput(byte[] data) { try { diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java index 575dfd91f13..79de365ba7f 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java @@ -22,7 +22,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; -public class CompressorPack200Fuzzer extends BaseTests { +public class CompressorPack200Fuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { fuzzCompressorInputStream(new Pack200CompressorInputStream(new ByteArrayInputStream(data))); diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java index 5f4df62c6c9..6feedafd5b2 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java @@ -23,7 +23,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; -public class CompressorSnappyFuzzer extends BaseTests { +public class CompressorSnappyFuzzer extends AbstractTests { // Test both Snappy classes public static void fuzzerTestOneInput(byte[] data) { try { diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java index 61a1b3ac55a..aac016a7514 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java @@ -22,7 +22,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; -public class CompressorZFuzzer extends BaseTests { +public class CompressorZFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { // Setting limit to avoid out of memory errors From d623369c284a93a996ed8aa201e5bb64dfd62471 Mon Sep 17 00:00:00 2001 From: Vishal S Date: Wed, 11 Mar 2026 11:45:32 +0530 Subject: [PATCH 4/4] Refactor fuzzer base class: Rename to AbstractTests and add BaseTests shim for CI compatibility --- .../commons/compress/fuzz/AbstractTests.java | 33 ++++++------- .../compress/fuzz/ArchiverArFuzzer.java | 30 ++++++------ .../compress/fuzz/ArchiverArjFuzzer.java | 30 ++++++------ .../compress/fuzz/ArchiverCpioFuzzer.java | 30 ++++++------ .../compress/fuzz/ArchiverDumpFuzzer.java | 30 ++++++------ .../fuzz/ArchiverTarStreamFuzzer.java | 30 ++++++------ .../fuzz/ArchiverZipStreamFuzzer.java | 30 ++++++------ .../commons/compress/fuzz/BaseTests.java | 30 ++++++++++++ .../compress/fuzz/CompressSevenZFuzzer.java | 42 ++++++++-------- .../compress/fuzz/CompressTarFuzzer.java | 42 ++++++++-------- .../compress/fuzz/CompressZipFuzzer.java | 48 +++++++++---------- .../compress/fuzz/CompressorBZip2Fuzzer.java | 30 ++++++------ .../fuzz/CompressorDeflate64Fuzzer.java | 30 ++++++------ .../compress/fuzz/CompressorGzipFuzzer.java | 30 ++++++------ .../compress/fuzz/CompressorLZ4Fuzzer.java | 32 +++++++------ .../fuzz/CompressorPack200Fuzzer.java | 30 ++++++------ .../compress/fuzz/CompressorSnappyFuzzer.java | 32 +++++++------ .../compress/fuzz/CompressorZFuzzer.java | 32 +++++++------ 18 files changed, 324 insertions(+), 267 deletions(-) create mode 100644 src/test/java/org/apache/commons/compress/fuzz/BaseTests.java diff --git a/src/test/java/org/apache/commons/compress/fuzz/AbstractTests.java b/src/test/java/org/apache/commons/compress/fuzz/AbstractTests.java index 87e22333a64..ff802fccb08 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/AbstractTests.java +++ b/src/test/java/org/apache/commons/compress/fuzz/AbstractTests.java @@ -1,29 +1,30 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ - package org.apache.commons.compress.fuzz; +import java.io.IOException; +import java.util.logging.LogManager; + import org.apache.commons.compress.archivers.ArchiveEntry; import org.apache.commons.compress.archivers.ArchiveInputStream; import org.apache.commons.compress.compressors.CompressorInputStream; -import java.io.IOException; -import java.util.logging.LogManager; - /** * Class with common functionality shared among fuzzing harnesses. */ diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java index 49ff6126e32..b01696e521c 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java @@ -1,27 +1,29 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; -import org.apache.commons.compress.archivers.ar.ArArchiveInputStream; - import java.io.ByteArrayInputStream; import java.io.IOException; +import org.apache.commons.compress.archivers.ar.ArArchiveInputStream; + public class ArchiverArFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java index b4a7699bc13..96f5346ddec 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java @@ -1,27 +1,29 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; -import org.apache.commons.compress.archivers.arj.ArjArchiveInputStream; - import java.io.ByteArrayInputStream; import java.io.IOException; +import org.apache.commons.compress.archivers.arj.ArjArchiveInputStream; + public class ArchiverArjFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java index 09622465963..8ae85442f90 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java @@ -1,27 +1,29 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; -import org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream; - import java.io.ByteArrayInputStream; import java.io.IOException; +import org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream; + public class ArchiverCpioFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java index d9274939910..992b67654ac 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java @@ -1,27 +1,29 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; -import org.apache.commons.compress.archivers.dump.DumpArchiveInputStream; - import java.io.ByteArrayInputStream; import java.io.IOException; +import org.apache.commons.compress.archivers.dump.DumpArchiveInputStream; + public class ArchiverDumpFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java index 1d4a989eb48..d0595197ec0 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java @@ -1,27 +1,29 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; -import org.apache.commons.compress.archivers.tar.TarArchiveInputStream; - import java.io.ByteArrayInputStream; import java.io.IOException; +import org.apache.commons.compress.archivers.tar.TarArchiveInputStream; + public class ArchiverTarStreamFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java index 14ac98431cb..0d53231f125 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java @@ -1,27 +1,29 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; -import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream; - import java.io.ByteArrayInputStream; import java.io.IOException; +import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream; + public class ArchiverZipStreamFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { diff --git a/src/test/java/org/apache/commons/compress/fuzz/BaseTests.java b/src/test/java/org/apache/commons/compress/fuzz/BaseTests.java new file mode 100644 index 00000000000..3bd3604f028 --- /dev/null +++ b/src/test/java/org/apache/commons/compress/fuzz/BaseTests.java @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.commons.compress.fuzz; + +/** + * Temporary shim to maintain compatibility with legacy OSS-Fuzz build scripts + * which hardcode the class name "BaseTests". + * + * TODO: Remove this class once the oss-fuzz project configuration is updated + * to use AbstractTests. + */ +public abstract class BaseTests extends AbstractTests { +} diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java index ee94b64054b..805df52aedc 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java @@ -1,45 +1,45 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; +import java.io.IOException; +import java.io.InputStream; + import org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry; import org.apache.commons.compress.archivers.sevenz.SevenZFile; import org.apache.commons.compress.archivers.sevenz.SevenZFileOptions; import org.apache.commons.compress.utils.SeekableInMemoryByteChannel; -import java.io.InputStream; -import java.io.IOException; - public class CompressSevenZFuzzer extends AbstractTests { private static final SevenZFileOptions options = new SevenZFileOptions.Builder() .withMaxMemoryLimitInKb(1_000_000) .build(); public static void fuzzerTestOneInput(byte[] data) { - try { - SevenZFile sf = new SevenZFile(new SeekableInMemoryByteChannel(data), options); + try (final SevenZFile sf = new SevenZFile(new SeekableInMemoryByteChannel(data), options)) { SevenZArchiveEntry entry; - while((entry = sf.getNextEntry()) != null) { - InputStream is = sf.getInputStream(entry); + while ((entry = sf.getNextEntry()) != null) { + final InputStream is = sf.getInputStream(entry); is.read(new byte[1024]); } - sf.close(); - } catch (IOException ignored) { + } catch (final IOException ignored) { } } } diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java index 7a43caafb90..2025b0c0c47 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java @@ -1,38 +1,38 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; +import java.io.IOException; +import java.io.InputStream; + import org.apache.commons.compress.archivers.tar.TarArchiveEntry; import org.apache.commons.compress.archivers.tar.TarFile; -import java.io.InputStream; -import java.io.IOException; - public class CompressTarFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { - try { - TarFile tf = new TarFile(data); - for (TarArchiveEntry entry : tf.getEntries()) { - InputStream is = tf.getInputStream(entry); + try (final TarFile tf = new TarFile(data)) { + for (final TarArchiveEntry entry : tf.getEntries()) { + final InputStream is = tf.getInputStream(entry); is.read(new byte[1024]); } - tf.close(); - } catch (IOException ignored) { + } catch (final IOException ignored) { } } } diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java index 291d85dbcfd..aa2e8f227a1 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java @@ -1,42 +1,42 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; +import java.io.IOException; +import java.io.InputStream; +import java.util.Enumeration; + import org.apache.commons.compress.archivers.zip.ZipArchiveEntry; import org.apache.commons.compress.archivers.zip.ZipFile; import org.apache.commons.compress.utils.SeekableInMemoryByteChannel; -import java.io.InputStream; -import java.io.IOException; -import java.util.Enumeration; - public class CompressZipFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { - try { - ZipFile zf = new ZipFile(new SeekableInMemoryByteChannel(data)); - Enumeration entries = zf.getEntries(); - while(entries.hasMoreElements()) { - ZipArchiveEntry entry = entries.nextElement(); - InputStream is = zf.getInputStream(entry); + try (final ZipFile zf = new ZipFile(new SeekableInMemoryByteChannel(data))) { + final Enumeration entries = zf.getEntries(); + while (entries.hasMoreElements()) { + final ZipArchiveEntry entry = entries.nextElement(); + final InputStream is = zf.getInputStream(entry); is.read(new byte[1024]); } - zf.close(); - } catch (IOException ignored) { + } catch (final IOException ignored) { } } } diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java index c3f621e8656..55e6677f38f 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java @@ -1,27 +1,29 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; -import org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream; - import java.io.ByteArrayInputStream; import java.io.IOException; +import org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream; + public class CompressorBZip2Fuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java index 889d1030f6c..1d5a7b4afe2 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java @@ -1,27 +1,29 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; -import org.apache.commons.compress.compressors.deflate64.Deflate64CompressorInputStream; - import java.io.ByteArrayInputStream; import java.io.IOException; +import org.apache.commons.compress.compressors.deflate64.Deflate64CompressorInputStream; + public class CompressorDeflate64Fuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java index 9d8615ef4b6..a56f4197b07 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java @@ -1,27 +1,29 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; -import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream; - import java.io.ByteArrayInputStream; import java.io.IOException; +import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream; + public class CompressorGzipFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java index 1fd22cc8e20..14419fc4d7e 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java @@ -1,28 +1,30 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; -import org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorInputStream; -import org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream; - import java.io.ByteArrayInputStream; import java.io.IOException; +import org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorInputStream; +import org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream; + public class CompressorLZ4Fuzzer extends AbstractTests { // Test both LZ4 classes public static void fuzzerTestOneInput(byte[] data) { diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java index 79de365ba7f..402b6c9647b 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java @@ -1,27 +1,29 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; -import org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream; - import java.io.ByteArrayInputStream; import java.io.IOException; +import org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream; + public class CompressorPack200Fuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java index 6feedafd5b2..ae7529698a9 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java @@ -1,28 +1,30 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; -import org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream; -import org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream; - import java.io.ByteArrayInputStream; import java.io.IOException; +import org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream; +import org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream; + public class CompressorSnappyFuzzer extends AbstractTests { // Test both Snappy classes public static void fuzzerTestOneInput(byte[] data) { diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java index aac016a7514..e71c090fc72 100644 --- a/src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java +++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java @@ -1,32 +1,34 @@ /* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. */ package org.apache.commons.compress.fuzz; -import org.apache.commons.compress.compressors.z.ZCompressorInputStream; - import java.io.ByteArrayInputStream; import java.io.IOException; +import org.apache.commons.compress.compressors.z.ZCompressorInputStream; + public class CompressorZFuzzer extends AbstractTests { public static void fuzzerTestOneInput(byte[] data) { try { // Setting limit to avoid out of memory errors - fuzzCompressorInputStream(new ZCompressorInputStream(new ByteArrayInputStream(data), 1024*1024)); + fuzzCompressorInputStream(new ZCompressorInputStream(new ByteArrayInputStream(data), 1024 * 1024)); } catch (IllegalArgumentException | IOException ignored) { } }