[yajl-ruby] Add yajl-ruby fuzzer (#1119)

* [yajl-ruby] Add yajl-ruby fuzzer

* Add dictionary

* Update build.sh

5 files changed, 184 insertions, 0 deletions

diff --git a/projects/yajl-ruby/Dockerfile b/projects/yajl-ruby/Dockerfile
new file mode 100644
index 00000000..9cd5f99b
--- /dev/null
+++ b/projects/yajl-ruby/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER jonathan@titanous.com
+RUN git clone --depth 1 https://github.com/brianmario/yajl-ruby
+WORKDIR yajl-ruby
+COPY json_fuzzer.c $SRC/yajl-ruby/fuzz/
+COPY json_fuzzer.dict $SRC/
+COPY build.sh $SRC/
diff --git a/projects/yajl-ruby/build.sh b/projects/yajl-ruby/build.sh
new file mode 100755
index 00000000..1f293a2b
--- /dev/null
+++ b/projects/yajl-ruby/build.sh
@@ -0,0 +1,28 @@
+#!/bin/bash -eu
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd ext/yajl
+
+echo '{"a":"\u00f8C","b":1.2,"c":{"d":["foo",{"bar":"baz"}]},"e":null,"f":true,"t":false}' > $WORK/seed.json
+zip -q $OUT/json_fuzzer_seed_corpus.zip $WORK/seed.json
+
+mv $SRC/*.dict $OUT/
+
+$CXX $CXXFLAGS -I. \
+    -x c yajl.c yajl_alloc.c yajl_buf.c yajl_lex.c yajl_parser.c yajl_encode.c \
+    ../../fuzz/json_fuzzer.c -o $OUT/json_fuzzer \
+    -lFuzzingEngine
diff --git a/projects/yajl-ruby/json_fuzzer.c b/projects/yajl-ruby/json_fuzzer.c
new file mode 100644
index 00000000..55c90bf0
--- /dev/null
+++ b/projects/yajl-ruby/json_fuzzer.c
@@ -0,0 +1,104 @@
+/*
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+
+#include <assert.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "api/yajl_parse.h"
+
+typedef struct {
+    int arrayLevel;
+    int objectLevel;
+} context;
+
+static int yajl_found_null(void* ctx) { 
+    return 1;
+}
+
+static int yajl_found_boolean(void* ctx, int boolean) {
+    return 1;
+};
+
+static int yajl_found_number(void* ctx, const char* v, unsigned int l) {
+    assert(l > 0);
+    return 1;
+}
+
+static int yajl_found_string(void* ctx, const unsigned char* s, unsigned int l) {
+    return 1;
+}
+
+static int yajl_found_object_key(void* ctx, const unsigned char* v, unsigned int l) {
+    assert(((context*)ctx)->objectLevel > 0);
+    return 1;
+}
+
+static int yajl_found_start_object(void* ctx) {
+    ((context*)ctx)->objectLevel++;
+    return 1;
+}
+
+static int yajl_found_end_object(void* ctx) {
+    assert(((context*)ctx)->objectLevel > 0);
+    ((context*)ctx)->objectLevel--;
+    return 1;
+}
+
+static int yajl_found_start_array(void* ctx) {
+    ((context*)ctx)->arrayLevel++;
+    return 1;
+}
+
+static int yajl_found_end_array(void* ctx) {
+    assert(((context*)ctx)->arrayLevel > 0);
+    ((context*)ctx)->arrayLevel--;
+    return 1;
+}
+
+static yajl_callbacks callbacks = {
+    yajl_found_null,
+    yajl_found_boolean,
+    NULL,
+    NULL,
+    yajl_found_number,
+    yajl_found_string,
+    yajl_found_start_object,
+    yajl_found_object_key,
+    yajl_found_end_object,
+    yajl_found_start_array,
+    yajl_found_end_array
+};
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+    context ctx = {
+        .arrayLevel = 0,
+        .objectLevel = 0,
+    };
+    yajl_parser_config cfg = {
+        .allowComments = 1,
+        .checkUTF8 = 1,
+    };
+    yajl_handle parser = yajl_alloc(&callbacks, &cfg, NULL, (void*)&ctx);
+
+    (void)yajl_parse(parser, data, size);
+    yajl_free(parser);
+
+    return 0;
+}
diff --git a/projects/yajl-ruby/json_fuzzer.dict b/projects/yajl-ruby/json_fuzzer.dict
new file mode 100644
index 00000000..ca0e0ee8
--- /dev/null
+++ b/projects/yajl-ruby/json_fuzzer.dict
@@ -0,0 +1,20 @@
+"{"
+"}"
+","
+"["
+"]"
+","
+":"
+"e"
+"e+"
+"e-"
+"E"
+"E+"
+"E-"
+"\""
+"\\"
+" "
+"null"
+"1"
+"1.234"
+"3e4"
diff --git a/projects/yajl-ruby/project.yaml b/projects/yajl-ruby/project.yaml
new file mode 100644
index 00000000..2fe4188b
--- /dev/null
+++ b/projects/yajl-ruby/project.yaml
@@ -0,0 +1,9 @@
+homepage: https://github.com/brianmario/yajl-ruby
+primary_contact: seniorlopez@gmail.com
+sanitizers:
+  - address
+  - undefined
+  - memory
+auto_ccs:
+  - aaron.patterson@gmail.com
+  - jonathan@titanous.com