modules/fuzz/pom.xml - axis-axis2-java-core - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!--
   ~ Licensed to the Apache Software Foundation (ASF) under one
   ~ or more contributor license agreements. See the NOTICE file
   ~ distributed with this work for additional information
   ~ regarding copyright ownership. The ASF licenses this file
   ~ to you under the Apache License, Version 2.0 (the
   ~ "License"); you may not use this file except in compliance
   ~ with the License. You may obtain a copy of the License at
   ~
   ~ http://www.apache.org/licenses/LICENSE-2.0
   ~
   ~ Unless required by applicable law or agreed to in writing,
   ~ software distributed under the License is distributed on an
   ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
   ~ KIND, either express or implied. See the License for the
   ~ specific language governing permissions and limitations
   ~ under the License.
   -->
 <project xmlns="http://maven.apache.org/POM/4.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>

     <groupId>org.apache.axis2</groupId>
     <artifactId>axis2-fuzz</artifactId>
     <version>2.0.1-SNAPSHOT</version>
     <packaging>jar</packaging>
     <name>Apache Axis2 - Fuzz Testing</name>
     <description>
         Comprehensive fuzz testing for Axis2/Java parsers.
         Mirrors the Axis2/C OSS-Fuzz approach for finding security vulnerabilities.

         Fuzz targets:
         - XmlParserFuzzer: AXIOM/StAX XML parsing (XXE, XML bombs, buffer overflows)
         - JsonParserFuzzer: Gson JSON parsing (deep nesting, malformed JSON)
         - HttpHeaderFuzzer: HTTP header parsing (injection, overflows)
         - UrlParserFuzzer: URL/URI parsing (SSRF, malformed URLs)
     </description>

     <properties>
         <maven.compiler.source>11</maven.compiler.source>
         <maven.compiler.target>11</maven.compiler.target>
         <jazzer.version>0.22.1</jazzer.version>
         <!-- Use 2.0.0 release (March 2025) for standalone testing; change to ${project.version} when integrated -->
         <axis2.test.version>2.0.0</axis2.test.version>
     </properties>

     <dependencies>
         <!-- Jazzer fuzzing framework -->
         <dependency>
             <groupId>com.code-intelligence</groupId>
             <artifactId>jazzer-api</artifactId>
             <version>${jazzer.version}</version>
         </dependency>
         <dependency>
             <groupId>com.code-intelligence</groupId>
             <artifactId>jazzer-junit</artifactId>
             <version>${jazzer.version}</version>
             <scope>test</scope>
         </dependency>

         <!-- Axis2 modules to fuzz (using released version for standalone testing) -->
         <dependency>
             <groupId>org.apache.axis2</groupId>
             <artifactId>axis2-kernel</artifactId>
             <version>${axis2.test.version}</version>
         </dependency>
         <dependency>
             <groupId>org.apache.axis2</groupId>
             <artifactId>axis2-json</artifactId>
             <version>${axis2.test.version}</version>
         </dependency>
         <dependency>
             <groupId>org.apache.axis2</groupId>
             <artifactId>axis2-transport-http</artifactId>
             <version>${axis2.test.version}</version>
         </dependency>

         <!-- AXIOM for XML parsing (matches Axis2 2.0.0) -->
         <dependency>
             <groupId>org.apache.ws.commons.axiom</groupId>
             <artifactId>axiom-api</artifactId>
             <version>2.0.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache.ws.commons.axiom</groupId>
             <artifactId>axiom-impl</artifactId>
             <version>2.0.0</version>
         </dependency>

         <!-- Gson for JSON parsing -->
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
             <version>2.10.1</version>
         </dependency>

         <!-- Testing -->
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
             <version>4.13.2</version>
             <scope>test</scope>
         </dependency>
     </dependencies>

     <build>
         <plugins>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-shade-plugin</artifactId>
                 <version>3.5.1</version>
                 <executions>
                     <execution>
                         <phase>package</phase>
                         <goals>
                             <goal>shade</goal>
                         </goals>
                         <configuration>
                             <filters>
                                 <filter>
                                     <artifact>*:*</artifact>
                                     <excludes>
                                         <exclude>META-INF/*.SF</exclude>
                                         <exclude>META-INF/*.DSA</exclude>
                                         <exclude>META-INF/*.RSA</exclude>
                                     </excludes>
                                 </filter>
                             </filters>
                         </configuration>
                     </execution>
                 </executions>
             </plugin>
         </plugins>
     </build>
 </project>
	<?xml version="1.0" encoding="UTF-8"?>
	<!--
	~ Licensed to the Apache Software Foundation (ASF) under one
	~ or more contributor license agreements. See the NOTICE file
	~ distributed with this work for additional information
	~ regarding copyright ownership. The ASF licenses this file
	~ to you under the Apache License, Version 2.0 (the
	~ "License"); you may not use this file except in compliance
	~ with the License. You may obtain a copy of the License at
	~
	~ http://www.apache.org/licenses/LICENSE-2.0
	~
	~ Unless required by applicable law or agreed to in writing,
	~ software distributed under the License is distributed on an
	~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	~ KIND, either express or implied. See the License for the
	~ specific language governing permissions and limitations
	~ under the License.
	-->
	<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>

	<groupId>org.apache.axis2</groupId>
	<artifactId>axis2-fuzz</artifactId>
	<version>2.0.1-SNAPSHOT</version>
	<packaging>jar</packaging>
	<name>Apache Axis2 - Fuzz Testing</name>
	<description>
	Comprehensive fuzz testing for Axis2/Java parsers.
	Mirrors the Axis2/C OSS-Fuzz approach for finding security vulnerabilities.

	Fuzz targets:
	- XmlParserFuzzer: AXIOM/StAX XML parsing (XXE, XML bombs, buffer overflows)
	- JsonParserFuzzer: Gson JSON parsing (deep nesting, malformed JSON)
	- HttpHeaderFuzzer: HTTP header parsing (injection, overflows)
	- UrlParserFuzzer: URL/URI parsing (SSRF, malformed URLs)
	</description>

	<properties>
	<maven.compiler.source>11</maven.compiler.source>
	<maven.compiler.target>11</maven.compiler.target>
	<jazzer.version>0.22.1</jazzer.version>
	<!-- Use 2.0.0 release (March 2025) for standalone testing; change to ${project.version} when integrated -->
	<axis2.test.version>2.0.0</axis2.test.version>
	</properties>

	<dependencies>
	<!-- Jazzer fuzzing framework -->
	<dependency>
	<groupId>com.code-intelligence</groupId>
	<artifactId>jazzer-api</artifactId>
	<version>${jazzer.version}</version>
	</dependency>
	<dependency>
	<groupId>com.code-intelligence</groupId>
	<artifactId>jazzer-junit</artifactId>
	<version>${jazzer.version}</version>
	<scope>test</scope>
	</dependency>

	<!-- Axis2 modules to fuzz (using released version for standalone testing) -->
	<dependency>
	<groupId>org.apache.axis2</groupId>
	<artifactId>axis2-kernel</artifactId>
	<version>${axis2.test.version}</version>
	</dependency>
	<dependency>
	<groupId>org.apache.axis2</groupId>
	<artifactId>axis2-json</artifactId>
	<version>${axis2.test.version}</version>
	</dependency>
	<dependency>
	<groupId>org.apache.axis2</groupId>
	<artifactId>axis2-transport-http</artifactId>
	<version>${axis2.test.version}</version>
	</dependency>

	<!-- AXIOM for XML parsing (matches Axis2 2.0.0) -->
	<dependency>
	<groupId>org.apache.ws.commons.axiom</groupId>
	<artifactId>axiom-api</artifactId>
	<version>2.0.0</version>
	</dependency>
	<dependency>
	<groupId>org.apache.ws.commons.axiom</groupId>
	<artifactId>axiom-impl</artifactId>
	<version>2.0.0</version>
	</dependency>

	<!-- Gson for JSON parsing -->
	<dependency>
	<groupId>com.google.code.gson</groupId>
	<artifactId>gson</artifactId>
	<version>2.10.1</version>
	</dependency>

	<!-- Testing -->
	<dependency>
	<groupId>junit</groupId>
	<artifactId>junit</artifactId>
	<version>4.13.2</version>
	<scope>test</scope>
	</dependency>
	</dependencies>

	<build>
	<plugins>
	<plugin>
	<groupId>org.apache.maven.plugins</groupId>
	<artifactId>maven-shade-plugin</artifactId>
	<version>3.5.1</version>
	<executions>
	<execution>
	<phase>package</phase>
	<goals>
	<goal>shade</goal>
	</goals>
	<configuration>
	<filters>
	<filter>
	<artifact>:</artifact>
	<excludes>
	<exclude>META-INF/*.SF</exclude>
	<exclude>META-INF/*.DSA</exclude>
	<exclude>META-INF/*.RSA</exclude>
	</excludes>
	</filter>
	</filters>
	</configuration>
	</execution>
	</executions>
	</plugin>
	</plugins>
	</build>
	</project>