feat: add fuzz testing for Excel reading and improve error handling in XlsxSaxAnalyser and CSvReadExecutor (#555)

alaahong · web-flow · commit cadda72467c6 · 2025-08-30T13:06:54.000+08:00
* feat: add fuzz testing for Excel reading and improve error handling in XlsxSaxAnalyser

* feat: add fuzz testing for Excel reading and improve error handling in XlsxSaxAnalyser

* feat: add ignore setting to avoid additional input files

* feat: add tests for benign error tolerance in CSV reading
diff --git a/.gitignore b/.gitignore
@@ -40,3 +40,6 @@ website/versioned_sidebars
 website/versions.json
 website/pnpm-lock.yaml
 website/yarn.lock
+**/.cifuzz-corpus/
+**/fuzz_corpus/
+**/resources/**/fuzz/*Inputs/
diff --git a/fastexcel/pom.xml b/fastexcel/pom.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
@@ -132,6 +132,11 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>com.code-intelligence</groupId>
+            <artifactId>jazzer-junit</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/fastexcel/src/main/java/cn/idev/excel/analysis/csv/CsvExcelReadExecutor.java b/fastexcel/src/main/java/cn/idev/excel/analysis/csv/CsvExcelReadExecutor.java
@@ -17,6 +17,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.io.UncheckedIOException;
 import java.nio.file.Files;
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -93,6 +94,19 @@ public void execute() {
                 if (log.isDebugEnabled()) {
                     log.debug("Custom stop!", e);
                 }
+            } catch (UncheckedIOException e) {
+                // Apache Commons CSV may throw UncheckedIOException wrapping an IOException when the input
+                // contains truncated quoted fields or reaches EOF unexpectedly. Treat such cases as benign
+                // and end the current sheet gracefully; otherwise, rethrow as analysis exception.
+                if (isBenignCsvParseException(e)) {
+                    if (log.isDebugEnabled()) {
+                        log.debug("CSV parse finished early due to benign parse error: {}", e.getMessage());
+                    } else if (log.isWarnEnabled()) {
+                        log.warn("CSV parse finished early due to benign parse error.");
+                    }
+                } else {
+                    throw new ExcelAnalysisException(e);
+                }
             }
 
             // The last sheet is read
@@ -204,4 +218,29 @@ private void dealRecord(CSVRecord record, int rowIndex) {
         csvReadContext.csvReadSheetHolder().setRowIndex(rowIndex);
         csvReadContext.analysisEventProcessor().endRow(csvReadContext);
     }
+
+    /**
+     * Determine whether an UncheckedIOException from Commons CSV is benign, i.e., caused by
+     * truncated quoted fields or early EOF while parsing an encapsulated token. In such cases
+     * we should stop reading the current sheet gracefully rather than failing the whole read.
+     */
+    private static boolean isBenignCsvParseException(Throwable t) {
+        Throwable cur = t;
+        while (cur != null) {
+            if (cur instanceof IOException) {
+                String msg = cur.getMessage();
+                if (msg != null) {
+                    // Messages observed from Apache Commons CSV
+                    if (msg.contains("EOF reached before encapsulated token finished")
+                            || msg.contains("encapsulated token finished")
+                            || msg.contains("Unexpected EOF in quoted field")
+                            || msg.contains("Unclosed quoted field")) {
+                        return true;
+                    }
+                }
+            }
+            cur = cur.getCause();
+        }
+        return false;
+    }
 }
diff --git a/fastexcel/src/main/java/cn/idev/excel/analysis/v07/XlsxSaxAnalyser.java b/fastexcel/src/main/java/cn/idev/excel/analysis/v07/XlsxSaxAnalyser.java
@@ -8,6 +8,7 @@
 import cn.idev.excel.enums.CellExtraTypeEnum;
 import cn.idev.excel.exception.ExcelAnalysisException;
 import cn.idev.excel.exception.ExcelAnalysisStopSheetException;
+import cn.idev.excel.exception.ExcelCommonException;
 import cn.idev.excel.metadata.CellExtra;
 import cn.idev.excel.read.metadata.ReadSheet;
 import cn.idev.excel.read.metadata.holder.xlsx.XlsxReadWorkbookHolder;
@@ -30,6 +31,7 @@
 import javax.xml.parsers.SAXParserFactory;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
+import org.apache.poi.openxml4j.exceptions.NotOfficeXmlFileException;
 import org.apache.poi.openxml4j.opc.OPCPackage;
 import org.apache.poi.openxml4j.opc.PackageAccess;
 import org.apache.poi.openxml4j.opc.PackagePart;
@@ -210,26 +212,31 @@ private void analysisCtSheetMap(XSSFReader xssfReader, XlsxReadWorkbookHolder xl
 
     private OPCPackage readOpcPackage(XlsxReadWorkbookHolder xlsxReadWorkbookHolder, InputStream decryptedStream)
             throws Exception {
-        if (decryptedStream == null && xlsxReadWorkbookHolder.getFile() != null) {
-            return OPCPackage.open(xlsxReadWorkbookHolder.getFile());
-        }
-        if (xlsxReadWorkbookHolder.getMandatoryUseInputStream()) {
+        try {
+            if (decryptedStream == null && xlsxReadWorkbookHolder.getFile() != null) {
+                return OPCPackage.open(xlsxReadWorkbookHolder.getFile());
+            }
+            if (xlsxReadWorkbookHolder.getMandatoryUseInputStream()) {
+                if (decryptedStream != null) {
+                    return OPCPackage.open(decryptedStream);
+                } else {
+                    return OPCPackage.open(xlsxReadWorkbookHolder.getInputStream());
+                }
+            }
+            File readTempFile = FileUtils.createCacheTmpFile();
+            xlsxReadWorkbookHolder.setTempFile(readTempFile);
+            File tempFile = new File(readTempFile.getPath(), UUID.randomUUID() + ".xlsx");
             if (decryptedStream != null) {
-                return OPCPackage.open(decryptedStream);
+                FileUtils.writeToFile(tempFile, decryptedStream, false);
             } else {
-                return OPCPackage.open(xlsxReadWorkbookHolder.getInputStream());
+                FileUtils.writeToFile(
+                        tempFile, xlsxReadWorkbookHolder.getInputStream(), xlsxReadWorkbookHolder.getAutoCloseStream());
             }
+            return OPCPackage.open(tempFile, PackageAccess.READ);
+        } catch (NotOfficeXmlFileException | InvalidFormatException e) {
+            // Wrap as a common, expected format error for callers/tests to handle gracefully
+            throw new ExcelCommonException("Invalid OOXML/zip format: " + e.getMessage(), e);
         }
-        File readTempFile = FileUtils.createCacheTmpFile();
-        xlsxReadWorkbookHolder.setTempFile(readTempFile);
-        File tempFile = new File(readTempFile.getPath(), UUID.randomUUID() + ".xlsx");
-        if (decryptedStream != null) {
-            FileUtils.writeToFile(tempFile, decryptedStream, false);
-        } else {
-            FileUtils.writeToFile(
-                    tempFile, xlsxReadWorkbookHolder.getInputStream(), xlsxReadWorkbookHolder.getAutoCloseStream());
-        }
-        return OPCPackage.open(tempFile, PackageAccess.READ);
     }
 
     @Override
diff --git a/fastexcel/src/test/java/cn/idev/excel/csv/CsvBenignErrorToleranceTest.java b/fastexcel/src/test/java/cn/idev/excel/csv/CsvBenignErrorToleranceTest.java
@@ -0,0 +1,84 @@
+package cn.idev.excel.csv;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import cn.idev.excel.FastExcelFactory;
+import cn.idev.excel.exception.ExcelCommonException;
+import cn.idev.excel.read.builder.CsvReaderBuilder;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.List;
+import org.junit.jupiter.api.Test;
+
+/**
+ * Tests that truncated/unfinished quoted fields in CSV are treated as benign and
+ * end the current sheet gracefully without throwing to the caller.
+ */
+class CsvBenignErrorToleranceTest {
+
+    @Test
+    void shouldNotThrowOnUnclosedQuotedField_EOFBenign() {
+        // Given: a CSV with an unclosed quoted field that triggers Commons CSV EOF inside quotes
+        String csv = "col1,col2\n\"unfinished,2"; // second line has an unclosed quoted field
+        ByteArrayInputStream in = new ByteArrayInputStream(csv.getBytes(StandardCharsets.UTF_8));
+
+        // When / Then: reading should complete without throwing any exception
+        assertDoesNotThrow(() -> {
+            CsvReaderBuilder builder = FastExcelFactory.read(in).csv();
+            // Use sync read to drive the pipeline end-to-end
+            List<Object> rows = builder.doReadSync();
+            // No strict assertion on content; important is no exception is thrown
+            // and the reader finishes gracefully.
+        });
+    }
+
+    @Test
+    void shouldRethrowOnNonBenignUncheckedIOException() {
+        // Given: a CSV stream that throws a non-benign IOException during read
+        String csv = "a,b\n1,2\n3,4\n";
+        byte[] data = csv.getBytes(StandardCharsets.UTF_8);
+        InputStream throwing = new InputStream() {
+            int idx = 0;
+
+            @Override
+            public int read() throws IOException {
+                if (idx >= data.length) {
+                    return -1;
+                }
+                // After consuming some bytes, simulate an IO failure with a non-benign message
+                if (idx > data.length / 2) {
+                    throw new IOException("Simulated IO failure");
+                }
+                return data[idx++];
+            }
+
+            @Override
+            public int read(byte[] b, int off, int len) throws IOException {
+                // Fallback to single-byte reads to trigger our error logic reliably
+                int i = read();
+                if (i == -1) {
+                    return -1;
+                }
+                b[off] = (byte) i;
+                return 1;
+            }
+        };
+
+        // When / Then: the pipeline should convert UncheckedIOException into ExcelAnalysisException
+        assertThrows(ExcelCommonException.class, () -> {
+            FastExcelFactory.read(throwing).csv().doReadSync();
+        });
+    }
+
+    @Test
+    void shouldReadWellFormedCsvNormally() {
+        String csv = "a,b\n1,2\n3,4\n";
+        ByteArrayInputStream in = new ByteArrayInputStream(csv.getBytes(StandardCharsets.UTF_8));
+        assertDoesNotThrow(() -> {
+            CsvReaderBuilder builder = FastExcelFactory.read(in).csv();
+            List<Object> rows = builder.doReadSync();
+        });
+    }
+}
diff --git a/fastexcel/src/test/java/cn/idev/excel/exception/XlsxSaxAnalyserReadOpcPackageTest.java b/fastexcel/src/test/java/cn/idev/excel/exception/XlsxSaxAnalyserReadOpcPackageTest.java
@@ -0,0 +1,98 @@
+package cn.idev.excel.exception;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import cn.idev.excel.analysis.v07.XlsxSaxAnalyser;
+import cn.idev.excel.context.xlsx.DefaultXlsxReadContext;
+import cn.idev.excel.context.xlsx.XlsxReadContext;
+import cn.idev.excel.read.metadata.ReadWorkbook;
+import cn.idev.excel.support.ExcelTypeEnum;
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.util.zip.ZipOutputStream;
+import org.junit.jupiter.api.Test;
+
+/**
+ * Tests for XlsxSaxAnalyser.readOpcPackage error handling: it should wrap
+ * POI's NotOfficeXmlFileException/InvalidFormatException into ExcelCommonException
+ * with a message containing "Invalid OOXML/zip format".
+ */
+public class XlsxSaxAnalyserReadOpcPackageTest {
+
+    @Test
+    void invalidInputStream_mandatoryUseInputStream_throwsExcelCommonException() {
+        ReadWorkbook rw = new ReadWorkbook();
+        rw.setInputStream(new ByteArrayInputStream("not-xlsx".getBytes(StandardCharsets.UTF_8)));
+        rw.setMandatoryUseInputStream(true);
+        XlsxReadContext ctx = new DefaultXlsxReadContext(rw, ExcelTypeEnum.XLSX);
+
+        ExcelCommonException ex = assertThrows(ExcelCommonException.class, () -> new XlsxSaxAnalyser(ctx, null));
+        assertTrue(ex.getMessage() != null && ex.getMessage().toLowerCase().contains("invalid ooxml/zip format"));
+    }
+
+    @Test
+    void invalidFile_throwsExcelCommonException() throws Exception {
+        File tmp = File.createTempFile("invalid-ooxml", ".xlsx");
+        try {
+            Files.write(tmp.toPath(), new byte[] {1, 2, 3, 4});
+            ReadWorkbook rw = new ReadWorkbook();
+            rw.setFile(tmp);
+            XlsxReadContext ctx = new DefaultXlsxReadContext(rw, ExcelTypeEnum.XLSX);
+
+            ExcelCommonException ex = assertThrows(ExcelCommonException.class, () -> new XlsxSaxAnalyser(ctx, null));
+            assertTrue(ex.getMessage() != null && ex.getMessage().toLowerCase().contains("invalid ooxml/zip format"));
+        } finally {
+            try {
+                Files.deleteIfExists(tmp.toPath());
+            } catch (Exception ignore) {
+            }
+        }
+    }
+
+    @Test
+    void decryptedStreamProvided_throwsExcelCommonException() {
+        ReadWorkbook rw = new ReadWorkbook();
+        // do not set file/inputStream; pass decryptedStream directly
+        XlsxReadContext ctx = new DefaultXlsxReadContext(rw, ExcelTypeEnum.XLSX);
+        ByteArrayInputStream decrypted = new ByteArrayInputStream("still-not-xlsx".getBytes(StandardCharsets.UTF_8));
+
+        ExcelCommonException ex = assertThrows(ExcelCommonException.class, () -> new XlsxSaxAnalyser(ctx, decrypted));
+        assertTrue(ex.getMessage() != null && ex.getMessage().toLowerCase().contains("invalid ooxml/zip format"));
+    }
+
+    @Test
+    void emptyZipFile_throwsExcelCommonException() throws Exception {
+        File tmp = File.createTempFile("empty-zip", ".xlsx");
+        try (FileOutputStream fos = new FileOutputStream(tmp);
+                ZipOutputStream zos = new ZipOutputStream(fos)) {
+            // write an empty zip with no entries
+        }
+        try {
+            ReadWorkbook rw = new ReadWorkbook();
+            rw.setFile(tmp);
+            XlsxReadContext ctx = new DefaultXlsxReadContext(rw, ExcelTypeEnum.XLSX);
+            ExcelCommonException ex = assertThrows(ExcelCommonException.class, () -> new XlsxSaxAnalyser(ctx, null));
+            assertTrue(ex.getMessage() != null && ex.getMessage().toLowerCase().contains("invalid ooxml/zip format"));
+        } finally {
+            try {
+                Files.deleteIfExists(tmp.toPath());
+            } catch (Exception ignore) {
+            }
+        }
+    }
+
+    @Test
+    void inputStream_nonMandatoryUseTempFileBranch_throwsExcelCommonException() {
+        ReadWorkbook rw = new ReadWorkbook();
+        rw.setInputStream(new ByteArrayInputStream("not-xlsx".getBytes(StandardCharsets.UTF_8)));
+        // mandatoryUseInputStream unset or false -> will write to temp file and then open
+        rw.setMandatoryUseInputStream(false);
+        XlsxReadContext ctx = new DefaultXlsxReadContext(rw, ExcelTypeEnum.XLSX);
+
+        ExcelCommonException ex = assertThrows(ExcelCommonException.class, () -> new XlsxSaxAnalyser(ctx, null));
+        assertTrue(ex.getMessage() != null && ex.getMessage().toLowerCase().contains("invalid ooxml/zip format"));
+    }
+}
diff --git a/fastexcel/src/test/java/cn/idev/excel/fuzz/ExcelReadFuzzTest.java b/fastexcel/src/test/java/cn/idev/excel/fuzz/ExcelReadFuzzTest.java
@@ -0,0 +1,44 @@
+package cn.idev.excel.fuzz;
+
+import cn.idev.excel.FastExcelFactory;
+import cn.idev.excel.read.builder.ExcelReaderBuilder;
+import com.code_intelligence.jazzer.junit.FuzzTest;
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import lombok.SneakyThrows;
+
+/**
+ * Fuzzes the generic read path with arbitrary bytes to discover parsing issues.
+ */
+public class ExcelReadFuzzTest {
+
+    private static final int MAX_SIZE = 1_000_000; // 1MB guard to avoid OOM / long loops
+
+    @SneakyThrows
+    @FuzzTest
+    void fuzzRead(byte[] data) {
+        if (data == null || data.length == 0 || data.length > MAX_SIZE) {
+            return; // Ignore trivial or oversized inputs
+        }
+        try (InputStream in = new ByteArrayInputStream(data)) {
+            ExcelReaderBuilder builder = FastExcelFactory.read(in);
+            // Always attempt to read first sheet synchronously if possible
+            builder.sheet().doReadSync();
+        } catch (Throwable t) {
+            // Jazzer treats uncaught exceptions as findings. We allow RuntimeExceptions that
+            // indicate expected format errors, but still surface anything else.
+            // Swallow common benign exceptions to reduce noise.
+            String msg = t.getMessage();
+            if (msg != null) {
+                String lower = msg.toLowerCase();
+                if (lower.contains("invalid")
+                        || lower.contains("zip")
+                        || lower.contains("format")
+                        || lower.contains("end of central directory")) {
+                    return; // expected parse/format issues
+                }
+            }
+            throw t;
+        }
+    }
+}
diff --git a/pom.xml b/pom.xml
