From 7d4df55a87f7d76dca37743b89f9a5ffd9b934fe Mon Sep 17 00:00:00 2001
From: Darya Parygina <pa_darochek@ispras.ru>
Date: Tue, 21 Nov 2023 12:57:06 +0300
Subject: [PATCH] Add usage example & update tests

---
 README.md                            |   5 ++
 casr/tests/casr_tests/js/crashes.zip | Bin 0 -> 460 bytes
 casr/tests/tests.rs                  |  73 ++++++---------------------
 docs/usage.md                        |   5 ++
 4 files changed, 25 insertions(+), 58 deletions(-)
 create mode 100644 casr/tests/casr_tests/js/crashes.zip

diff --git a/README.md b/README.md
index 252af975..e6334ce2 100644
--- a/README.md
+++ b/README.md
@@ -187,6 +187,11 @@ Triage Atheris crashes with casr-libfuzzer:
     $ cp casr/tests/casr_tests/python/yaml_fuzzer.py .
     $ casr-libfuzzer -i casr/tests/casr_tests/casrep/atheris_crashes_ruamel_yaml -o casr/tests/tmp_tests_casr/casr_libfuzzer_atheris_out -- ./yaml_fuzzer.py
 
+Triage Jazzer.js crashes with casr-libfuzzer:
+    $ unzip casr/tests/casr_tests/js/crashes.zip -d crashes
+    $ cp casr/tests/casr_tests/js/test_casr_libfuzzer_jazzer_js.js .
+    $ casr-libfuzzer -i ./crashes -o casr/tests/tmp_tests_casr/casr_libfuzzer_jazzer_js_out -- npx jazzer ./test_casr_libfuzzer_jazzer_js.js
+
 Upload new and unique CASR reports to
 [DefectDojo](https://github.com/DefectDojo/django-DefectDojo):
 
diff --git a/casr/tests/casr_tests/js/crashes.zip b/casr/tests/casr_tests/js/crashes.zip
new file mode 100644
index 0000000000000000000000000000000000000000..508652bcae99fba9af9614ee6483e76523826e70
GIT binary patch
literal 460
zcmWIWW@h1H0D<jsrQx=H?iDORHVCsb$S@=qB^GDs8is~&GB8UP#H30CacKoN10%}|
zW}qq%VPt5?6#zG68PJff`CBqD4KV^6@*_Vcl^fF#LnCBERs#(YD7x>6X^1h{5GJ4j
z*bFf=0=k5eNsbwpha^D$WMBm1EsY=++<UAL@1c1O*)U9xAsgljHw@@apkW|y;xP=<
hgUE(;!3_g?7ibvByBLPCvVlCn41~{t^m!160RV8QRNDXm

literal 0
HcmV?d00001

diff --git a/casr/tests/tests.rs b/casr/tests/tests.rs
index f86fcddf..3592e3d4 100644
--- a/casr/tests/tests.rs
+++ b/casr/tests/tests.rs
@@ -5168,7 +5168,6 @@ fn test_casr_js_native_jazzer() {
 // Launching jsfuzz on a simple example doesn't work correctly.
 // There are problems in updating jsfuzz to the newer version due to its moving
 // to gitlab (they have several open issues about it).
-// Do we need this fuzzer at all?
 #[test]
 #[cfg(target_arch = "x86_64")]
 fn test_casr_libfuzzer_jsfuzz() {
@@ -5194,18 +5193,13 @@ fn test_casr_libfuzzer_jsfuzz() {
         String::from_utf8_lossy(&output.stdout),
         String::from_utf8_lossy(&output.stderr)
     );
-    let mut crash = PathBuf::from(&paths[1]);
-    crash.push("crash-1");
-    let mut crash_file = fs::File::create(&crash).unwrap();
-    crash_file.write_all(b"211").unwrap();
-    crash.pop();
-    crash.push("crash-2");
-    let mut crash_file = fs::File::create(&crash).unwrap();
-    crash_file.write_all(b"121").unwrap();
-    crash.pop();
-    crash.push("crash-3");
-    let mut crash_file = fs::File::create(&crash).unwrap();
-    crash_file.write_all(b"112").unwrap();
+
+    Command::new("unzip")
+        .arg(abs_path("tests/casr_tests/js/crashes.zip"))
+        .args(["-d", &paths[1]])
+        .stdout(Stdio::null())
+        .status()
+        .expect("failed to unzip crashes.zip");
 
     let bins = Path::new(*EXE_CASR_LIBFUZZER.read().unwrap())
         .parent()
@@ -5235,6 +5229,7 @@ fn test_casr_libfuzzer_jsfuzz() {
     let err = String::from_utf8_lossy(&output.stderr);
 
     assert!(!err.is_empty());
+    println!("Test STDERR: {err}");
 
     assert!(err.contains("NOT_EXPLOITABLE"));
     // assert!(err.contains("TypeError"));
@@ -5254,39 +5249,6 @@ fn test_casr_libfuzzer_jsfuzz() {
 
     assert_eq!(unique_cnt, 1, "Invalid number of deduplicated reports");
 
-    // let re = Regex::new(r"Number of clusters: (?P<clusters>\d+)").unwrap();
-    // let clusters_cnt = re
-    //     .captures(&err)
-    //     .unwrap()
-    //     .name("clusters")
-    //     .map(|x| x.as_str())
-    //     .unwrap()
-    //     .parse::<u32>()
-    //     .unwrap();
-
-    // assert_eq!(clusters_cnt, 1, "Invalid number of clusters");
-
-    // let mut storage: HashMap<String, u32> = HashMap::new();
-    // for entry in fs::read_dir(&paths[2]).unwrap() {
-    //     let e = entry.unwrap().path();
-    //     let fname = e.file_name().unwrap().to_str().unwrap();
-    //     if fname.starts_with("cl") && e.is_dir() {
-    //         for file in fs::read_dir(e).unwrap() {
-    //             let mut e = file.unwrap().path();
-    //             if e.is_file() && e.extension().is_some() && e.extension().unwrap() == "casrep" {
-    //                 e = e.with_extension("");
-    //             }
-    //             let fname = e.file_name().unwrap().to_str().unwrap();
-    //             if let Some(v) = storage.get_mut(fname) {
-    //                 *v += 1;
-    //             } else {
-    //                 storage.insert(fname.to_string(), 1);
-    //             }
-    //         }
-    //     }
-    // }
-
-    // assert!(storage.values().all(|x| *x > 1));
     let _ = std::fs::remove_dir_all(test_dir);
 }
 
@@ -5317,18 +5279,13 @@ fn test_casr_libfuzzer_jazzer_js() {
         String::from_utf8_lossy(&output.stdout),
         String::from_utf8_lossy(&output.stderr)
     );
-    let mut crash = PathBuf::from(&paths[1]);
-    crash.push("crash-1");
-    let mut crash_file = fs::File::create(&crash).unwrap();
-    crash_file.write_all(b"211").unwrap();
-    crash.pop();
-    crash.push("crash-2");
-    let mut crash_file = fs::File::create(&crash).unwrap();
-    crash_file.write_all(b"121").unwrap();
-    crash.pop();
-    crash.push("crash-3");
-    let mut crash_file = fs::File::create(&crash).unwrap();
-    crash_file.write_all(b"112").unwrap();
+
+    Command::new("unzip")
+        .arg(abs_path("tests/casr_tests/js/crashes.zip"))
+        .args(["-d", &paths[1]])
+        .stdout(Stdio::null())
+        .status()
+        .expect("failed to unzip crashes.zip");
 
     let bins = Path::new(*EXE_CASR_LIBFUZZER.read().unwrap())
         .parent()
diff --git a/docs/usage.md b/docs/usage.md
index 052d185a..aa809ae9 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -546,6 +546,11 @@ Atheris example:
     $ cp casr/tests/casr_tests/python/yaml_fuzzer.py .
     $ casr-libfuzzer -i casr/tests/casr_tests/casrep/atheris_crashes_ruamel_yaml -o casr/tests/tmp_tests_casr/casr_libfuzzer_atheris_out -- ./yaml_fuzzer.py
 
+Jazzer.js example:
+    $ unzip casr/tests/casr_tests/js/crashes.zip -d crashes
+    $ cp casr/tests/casr_tests/js/test_casr_libfuzzer_jazzer_js.js .
+    $ casr-libfuzzer -i ./crashes -o casr/tests/tmp_tests_casr/casr_libfuzzer_jazzer_js_out -- npx jazzer ./test_casr_libfuzzer_jazzer_js.js
+
 You can set environment variable `RUST_BACKTRACE=(1|full)` for `casr-libfuzzer`. This
 variable may be used by [casr-san](#casr-san).