dockerfilefuzz-testing

cifuzz/jazzer docker image missing a jar?

First time trying out cifuzz/jazzer but I am unable to get the source code from github without circumventing my organisation's restrictions on downloading external code (and risking their wrath). Fortunately, I can download and use the cifuzz/jazzer docker image. However all roads lead this error:

ERROR: Could not find jazzer_standalone.jar. Please provide the pathname via the --agent_path flag.

Obviously, I'm no jazzer expert, nor am I too seasoned with docker beyond the (very) basics, however by overriding the entrypoint of the image with:

docker run -it --entrypoint /bin/sh cifuzz/jazzer

and navigating to the /app directory where these files exist:

/fuzzing # cd /app/
/app # ls -alrt
total 10192
-r-xr-xr-x    1 root     root       9764956 Oct 24 21:09 jazzer.jar
-r-xr-xr-x    1 root     root        658288 Oct 24 21:09 jazzer
drwxr-xr-x    2 root     root          4096 Oct 24 21:09 .
drwxr-xr-x    1 root     root          4096 Nov  6 16:54 ..

Running ./jazzer results in the same error seen when trying to start the app through the instructions on the github page.

ERROR: Could not find jazzer_standalone.jar. Please provide the pathname via the --agent_path flag.

Looking in the github repo online in the search facility for "jazzer_standalone.jar", it finds this code in the BUILD.bazel file on line 34:

remap_paths = {
        "driver/src/main/java/com/code_intelligence/jazzer/jazzer_standalone_deploy.jar": "jazzer_standalone.jar",
        "launcher/jazzer": "jazzer",
    },

Seems that jazzer_standalone_deploy.jar isn't remapped and/or included in the image?

From the github instructions at https://github.com/CodeIntelligenceTesting/jazzer it says:

The "distroless" Docker image cifuzz/jazzer includes Jazzer together with OpenJDK 11. Just mount a directory containing your compiled fuzz target into the container under /fuzzing by running:

docker run -v path/containing/the/application:/fuzzing cifuzz/jazzer <arguments>

I tried:

docker run -v path-to-my-applicatiuon-jar:/fuzzing cifuzz/jazzer

So I missed out the arguments, just to get some error output and see if I had got the volume path correct, etc.

The result is:

ERROR: Could not find jazzer_standalone.jar. Please provide the pathname via the --agent_path flag.
Solution

  • This has been fixed in Jazzer and new images have been pushed: https://github.com/CodeIntelligenceTesting/jazzer/issues/524