forked from google/oss-fuzz
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathEncryptionIntegrationFuzzer.java
37 lines (31 loc) · 1.33 KB
/
EncryptionIntegrationFuzzer.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
import org.springframework.cloud.context.encrypt.EncryptorFactory;
import org.springframework.security.crypto.encrypt.TextEncryptor;
import java.nio.charset.Charset;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import com.code_intelligence.jazzer.api.FuzzerSecurityIssueHigh;
import java.math.BigInteger;
import org.springframework.security.crypto.encrypt.Encryptors;
import org.springframework.cloud.context.encrypt.KeyFormatException;
public class EncryptionIntegrationFuzzer {
public static void fuzzerTestOneInput(FuzzedDataProvider data) {
String keyStr = data.consumeString(100);
String salt = data.consumeString(50);
if (keyStr.isEmpty() || salt.isEmpty()) {
return;
}
String content = data.consumeRemainingAsString();
TextEncryptor encryptor;
try {
encryptor = new EncryptorFactory(salt).create(keyStr);
} catch (KeyFormatException | IllegalArgumentException e) {
return;
}
String encrypted = encryptor.encrypt(content);
String decrypted = encryptor.decrypt(encrypted);
if (!decrypted.equals(content)) {
throw new FuzzerSecurityIssueHigh("Different result when encrypting & decrypting: " + decrypted + " != " + content);
}
}
}