Fuzz-introspector fails for projects in oss-fuzz with "'c' flag requires manifest or input files to be specified!"

[centic9]

The java frontend currently fails for a number of projects in oss-fuzz with a message 'c' flag requires manifest or input files to be specified!.

See the recent introspection builds at e.g. https://oss-fuzz-build-logs.storage.googleapis.com/index.html#apache-commons-bcel or https://oss-fuzz-build-logs.storage.googleapis.com/index.html#apache-poi (among likely other projects with similar errors).

Step #6 - "compile-libfuzzer-introspector-x86_64": Finding fuzz targets in /workspace/out/libfuzzer-introspector-x86_64
Step #6 - "compile-libfuzzer-introspector-x86_64": Checking target textcov_reports
Step #6 - "compile-libfuzzer-introspector-x86_64": Checking target jazzer_driver_with_sanitizer
Step #6 - "compile-libfuzzer-introspector-x86_64": Checking target poi-fuzzer-5.2.4-SNAPSHOT.jar
Step #6 - "compile-libfuzzer-introspector-x86_64": Checking target XLSX2CSVFuzzer
Step #6 - "compile-libfuzzer-introspector-x86_64": Checking target llvm-symbolizer
Step #6 - "compile-libfuzzer-introspector-x86_64": Checking target jazzer_driver
Step #6 - "compile-libfuzzer-introspector-x86_64": Checking target jazzer_agent_deploy.jar
Step #6 - "compile-libfuzzer-introspector-x86_64": 'c' flag requires manifest or input files to be specified!
Step #6 - "compile-libfuzzer-introspector-x86_64": Try `jar --help' for more information.
Step #6 - "compile-libfuzzer-introspector-x86_64": Traceback (most recent call last):
Step #6 - "compile-libfuzzer-introspector-x86_64":   File "/fuzz-introspector/frontends/java/oss-fuzz-main.py", line 168, in <module>
Step #6 - "compile-libfuzzer-introspector-x86_64":     run_analysis(os.environ['OUT'])
Step #6 - "compile-libfuzzer-introspector-x86_64":   File "/fuzz-introspector/frontends/java/oss-fuzz-main.py", line 154, in run_analysis
Step #6 - "compile-libfuzzer-introspector-x86_64":     targets = find_fuzz_targets(path)
Step #6 - "compile-libfuzzer-introspector-x86_64":   File "/fuzz-introspector/frontends/java/oss-fuzz-main.py", line 91, in find_fuzz_targets
Step #6 - "compile-libfuzzer-introspector-x86_64":     subprocess.check_call("jar cvf package.jar %s" %  " ".join(class_file_list), shell=True, cwd=path)
Step #6 - "compile-libfuzzer-introspector-x86_64":   File "/usr/local/lib/python3.8/subprocess.py", line 364, in check_call
Step #6 - "compile-libfuzzer-introspector-x86_64":     raise CalledProcessError(retcode, cmd)
Step #6 - "compile-libfuzzer-introspector-x86_64": subprocess.CalledProcessError: Command 'jar cvf package.jar ' returned non-zero exit status 1.

It seems the code at https://github.com/ossf/fuzz-introspector/blob/main/frontends/java/oss-fuzz-main.py#L74 fails to find the class-files for these projects and thus the invocation of the "jar"-tool at https://github.com/ossf/fuzz-introspector/blob/main/frontends/java/oss-fuzz-main.py#L91 is incorrect as there are no class-files provided.

Initial analysis indicates that these projects store the .java code for fuzz-targets under a "src/main/java" sub-directory and use Maven for building the fuzz-target via a pom.xml, meaning that no .class files are available in the "out" directory, the code is only included in the .jar-file poi-fuzzer-5.2.4-SNAPSHOT.jar.

It seems fuzz-introspector does not support this project-setup currently as it is looking for .class-files in the directory structure, but in this case they are only available inside the shaded jar-file.

Not sure what the best option is, adjusting projects in oss-fuzz seems hard and error-prone, ideally fuzz-introspector would support this type of setup out of the box.

It could e.g. extract the fuzz-target from the .jar file in this case.

Also a check with a better error message would be nice as currently the root-cause is not very clear from the error-message.

I'd be willing to work on a PR if I can get some guidance as to what a good approach would be.

[centic9]

One strange thing: Running fuzz-introspector locally for one of the projects as follows seems to somehow proivde the .class files and thus makes introspection work, but when run as part of oss-fuzz builds, it is missing.

cd oss-fuzz
python3 infra/helper.py introspector apache-poi

[DavidKorczynski]

@arthurscchan could you take a look at this?

[centic9]

Another finding:

• As the code at https://github.com/ossf/fuzz-introspector/blob/main/frontends/java/oss-fuzz-main.py#L156 includes any .jar-file anyway, we may even make it work by just not doing the packaging if no class-files are found

[centic9]

Latest runs in oss-fuzz have this fixed now, e.g. commons-bcel in https://oss-fuzz-build-logs.storage.googleapis.com/log-65c3c6ab-9375-4512-b0d2-a1867c2ac5d4.txt (apache-poi now times out, but this is likely a different issue: https://oss-fuzz-build-logs.storage.googleapis.com/log-27ba5608-2d21-46dc-9411-9c07ba3bd9a6.txt).