chore: add more tests for the path traversal sanitizer

Author: oetr

sanitizers/src/test/java/com/example/BUILD.bazel

@@ -88,6 +88,58 @@ java_fuzz_target_test(
     ],
 )
 
+java_fuzz_target_test(
+    name = "FilePathTraversalPass",
+    srcs = [
+        "FilePathTraversalPass.java",
+    ],
+    allowed_findings = [],
+    fuzzer_args = [
+        # Test does not depend on fuzzing input; just run it once
+        "-runs=1",
+    ],
+    target_class = "com.example.FilePathTraversalPass",
+    runtime_deps = [
+        "@maven//:org_junit_jupiter_junit_jupiter_engine",
+    ],
+    deps = [
+        "//deploy:jazzer-junit",
+        "@maven//:org_junit_jupiter_junit_jupiter_api",
+    ],
+)
+
+[java_fuzz_target_test(
+    name = "FilePathTraversalCrash_" + method,
+    srcs = [
+        "FilePathTraversalCrash.java",
+    ],
+    allowed_findings = [
+        "com.code_intelligence.jazzer.api.FuzzerSecurityIssueCritical",
+    ],
+    env = {
+        "JAZZER_FUZZ": "1",
+    },
+    expect_number_of_findings = 1,
+    fuzzer_args = [
+        "-runs=0",
+    ],
+    target_class = "com.example.FilePathTraversalCrash",
+    target_method = method,
+    verify_crash_reproducer = False,
+    runtime_deps = [
+        "@maven//:org_junit_jupiter_junit_jupiter_engine",
+    ],
+    deps = [
+        "//deploy:jazzer-junit",
+        "@maven//:org_junit_jupiter_junit_jupiter_api",
+    ],
+) for method in [
+    "beforeEachWorks",
+    "overwritingBeforeEachWorks",
+    "crashWhenAllowIsFalse",
+    "crashWhenDefaultTarget",
+]]
+
 java_fuzz_target_test(
     name = "OsCommandInjectionProcessBuilder",
     srcs = [

sanitizers/src/test/java/com/example/FilePathTraversalCrash.java

@@ -0,0 +1,73 @@
+/*
+ * Copyright 2025 Code Intelligence GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.example;
+
+import com.code_intelligence.jazzer.api.BugDetectors;
+import com.code_intelligence.jazzer.api.SilentCloseable;
+import com.code_intelligence.jazzer.junit.FuzzTest;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import org.junit.jupiter.api.BeforeEach;
+
+public class FilePathTraversalCrash {
+  @BeforeEach
+  public void setUp() {
+    BugDetectors.setFilePathTraversalTarget(() -> Paths.get("../../hello"));
+  }
+
+  @FuzzTest
+  void beforeEachWorks(boolean ignore) throws Exception {
+    try (FileInputStream fis = new FileInputStream("../../hello")) {
+      fis.read();
+    } catch (FileNotFoundException ignored) {
+    }
+  }
+
+  @FuzzTest
+  void overwritingBeforeEachWorks(boolean ignore) {
+    try (SilentCloseable unused =
+        BugDetectors.setFilePathTraversalTarget(() -> Paths.get("../../jazzer-hey"))) {
+      try (FileInputStream fis = new FileInputStream("../../jazzer-hey")) {
+        fis.read();
+      } catch (NullPointerException | IOException ignored) {
+      }
+    }
+  }
+
+  @FuzzTest
+  void crashWhenAllowIsFalse(boolean ignore) {
+    try (SilentCloseable unused = BugDetectors.setFilePathTraversalAllowPath((Path p) -> false)) {
+      try (FileInputStream fis = new FileInputStream("whatever")) {
+        fis.read();
+      } catch (NullPointerException | IOException ignored) {
+      }
+    }
+  }
+
+  @FuzzTest
+  void crashWhenDefaultTarget(boolean ignore) {
+    try (SilentCloseable unused = BugDetectors.setFilePathTraversalAllowPath((Path p) -> true)) {
+      try (FileInputStream fis = new FileInputStream("../../hello")) {
+        fis.read();
+      } catch (NullPointerException | IOException ignored) {
+      }
+    }
+  }
+}

sanitizers/src/test/java/com/example/FilePathTraversalPass.java

@@ -0,0 +1,75 @@
+/*
+ * Copyright 2025 Code Intelligence GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.example;
+
+import com.code_intelligence.jazzer.api.BugDetectors;
+import com.code_intelligence.jazzer.api.SilentCloseable;
+import com.code_intelligence.jazzer.junit.FuzzTest;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import org.junit.jupiter.api.BeforeEach;
+
+public class FilePathTraversalPass {
+  @BeforeEach
+  public void setUp() {
+    BugDetectors.setFilePathTraversalTarget(() -> Paths.get("../../hello"));
+  }
+
+  @FuzzTest
+  void beforeEachWorks(boolean ignore) throws Exception {
+    try (FileInputStream fis = new FileInputStream("test")) {
+      fis.read();
+    } catch (FileNotFoundException ignored) {
+    }
+  }
+
+  @FuzzTest
+  void overwritingBeforeEachWorks(boolean ignore) {
+    try (SilentCloseable unused =
+        BugDetectors.setFilePathTraversalTarget(() -> Paths.get("../../jazzer-hey"))) {
+      try (FileInputStream fis = new FileInputStream("../../hello")) {
+        fis.read();
+      } catch (NullPointerException | IOException ignored) {
+      }
+    }
+  }
+
+  @FuzzTest
+  void allow(boolean ignore) {
+    try (SilentCloseable unused =
+        BugDetectors.setFilePathTraversalAllowPath((Path p) -> p.toString().contains("secret"))) {
+      try (FileInputStream fis = new FileInputStream("my-secret-file")) {
+        fis.read();
+      } catch (NullPointerException | IOException ignored) {
+      }
+    }
+  }
+
+  @FuzzTest
+  void targetMissed(boolean ignore) {
+    try (SilentCloseable ignored =
+        BugDetectors.setFilePathTraversalAllowPath((Path ignoredAgain) -> true)) {
+      try (FileInputStream fis = new FileInputStream("../../hello-world")) {
+        fis.read();
+      } catch (NullPointerException | IOException ignoredEvenMore) {
+      }
+    }
+  }
+}