diff options
author | eroman <eroman@chromium.org> | 2016-03-02 14:46:30 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-03-02 22:48:45 +0000 |
commit | e6264fd9d125c729b60aad95924a6464e6d1b071 (patch) | |
tree | 5597e1066ad9f3cfb6320bd22e928368118acdde /net | |
parent | 2160ae0126d1adc88ec8abe5f97291119cb42d68 (diff) | |
download | chromium_src-e6264fd9d125c729b60aad95924a6464e6d1b071.zip chromium_src-e6264fd9d125c729b60aad95924a6464e6d1b071.tar.gz chromium_src-e6264fd9d125c729b60aad95924a6464e6d1b071.tar.bz2 |
Add fuzz testers to //net for some functions with simple parsing APIs.
TBR=jshin@chromium.org
Review URL: https://codereview.chromium.org/1735043004
Cr-Commit-Position: refs/heads/master@{#378865}
Diffstat (limited to 'net')
-rw-r--r-- | net/BUILD.gn | 86 | ||||
-rw-r--r-- | net/DEPS | 4 | ||||
-rw-r--r-- | net/base/data_url.cc | 3 | ||||
-rw-r--r-- | net/base/parse_data_url_fuzzer.cc | 19 | ||||
-rw-r--r-- | net/base/parse_ip_pattern_fuzzer.cc | 16 | ||||
-rw-r--r-- | net/base/registry_controlled_domains/get_domain_and_registry_fuzzer.cc | 35 | ||||
-rw-r--r-- | net/base/sniff_mime_type_fuzzer.cc | 18 | ||||
-rw-r--r-- | net/cookies/parse_cookie_line_fuzzer.cc | 15 | ||||
-rw-r--r-- | net/proxy/parse_proxy_bypass_rules_fuzzer.cc | 16 | ||||
-rw-r--r-- | net/proxy/parse_proxy_list_fuzzer.cc | 16 | ||||
-rw-r--r-- | net/proxy/parse_proxy_list_pac_fuzzer.cc | 16 | ||||
-rw-r--r-- | net/proxy/parse_proxy_rules_fuzzer.cc | 16 | ||||
-rw-r--r-- | net/proxy/proxy_bypass_rules.cc | 5 |
13 files changed, 265 insertions, 0 deletions
diff --git a/net/BUILD.gn b/net/BUILD.gn index 064ea28..d5bbb06 100644 --- a/net/BUILD.gn +++ b/net/BUILD.gn @@ -9,6 +9,7 @@ import("//build/config/crypto.gni") import("//build/config/features.gni") import("//build/config/ui.gni") import("//build_overrides/v8.gni") +import("//testing/libfuzzer/fuzzer_test.gni") import("//testing/test.gni") import("//third_party/icu/config.gni") import("//third_party/protobuf/proto_library.gni") @@ -1741,6 +1742,91 @@ executable("net_perftests") { } } +fuzzer_test("parse_proxy_list_pac_fuzzer") { + sources = [ + "proxy/parse_proxy_list_pac_fuzzer.cc", + ] + deps = [ + "//net", + ] +} + +fuzzer_test("parse_proxy_list_fuzzer") { + sources = [ + "proxy/parse_proxy_list_fuzzer.cc", + ] + deps = [ + "//net", + ] +} + +fuzzer_test("parse_proxy_bypass_rules_fuzzer") { + sources = [ + "proxy/parse_proxy_bypass_rules_fuzzer.cc", + ] + deps = [ + "//net", + ] +} + +fuzzer_test("parse_proxy_rules_fuzzer") { + sources = [ + "proxy/parse_proxy_rules_fuzzer.cc", + ] + deps = [ + "//net", + ] +} + +fuzzer_test("parse_data_url_fuzzer") { + sources = [ + "base/parse_data_url_fuzzer.cc", + ] + deps = [ + "//base", + "//net", + ] +} + +fuzzer_test("sniff_mime_type_fuzzer") { + sources = [ + "base/sniff_mime_type_fuzzer.cc", + ] + deps = [ + "//base", + "//net", + ] +} + +fuzzer_test("parse_ip_pattern_fuzzer") { + sources = [ + "base/parse_ip_pattern_fuzzer.cc", + ] + deps = [ + "//net", + ] +} + +fuzzer_test("get_domain_and_registry_fuzzer") { + sources = [ + "base/registry_controlled_domains/get_domain_and_registry_fuzzer.cc", + ] + deps = [ + "//base", + "//base:i18n", + "//net", + ] +} + +fuzzer_test("parse_cookie_line_fuzzer") { + sources = [ + "cookies/parse_cookie_line_fuzzer.cc", + ] + deps = [ + "//net", + ] +} + buildflag_header("features") { header = "net_features.h" @@ -60,6 +60,10 @@ specific_include_rules = { "brotli_filter\.cc": [ "+third_party/brotli", ], + + "get_domain_and_registry_fuzzer.cc": [ + "+base/i18n", + ], } skip_child_includes = [ diff --git a/net/base/data_url.cc b/net/base/data_url.cc index 07b8fb0..4d29bf6 100644 --- a/net/base/data_url.cc +++ b/net/base/data_url.cc @@ -21,6 +21,9 @@ namespace net { // static bool DataURL::Parse(const GURL& url, std::string* mime_type, std::string* charset, std::string* data) { + if (!url.is_valid()) + return false; + DCHECK(mime_type->empty()); DCHECK(charset->empty()); std::string::const_iterator begin = url.spec().begin(); diff --git a/net/base/parse_data_url_fuzzer.cc b/net/base/parse_data_url_fuzzer.cc new file mode 100644 index 0000000..f91b691 --- /dev/null +++ b/net/base/parse_data_url_fuzzer.cc @@ -0,0 +1,19 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "net/base/data_url.h" +#include "url/gurl.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + std::string input(data, data + size); + std::string mime_type; + std::string charset; + std::string urldata; + net::DataURL::Parse(GURL(input), &mime_type, &charset, &urldata); + return 0; +} diff --git a/net/base/parse_ip_pattern_fuzzer.cc b/net/base/parse_ip_pattern_fuzzer.cc new file mode 100644 index 0000000..67044e1 --- /dev/null +++ b/net/base/parse_ip_pattern_fuzzer.cc @@ -0,0 +1,16 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "net/base/ip_pattern.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + std::string input(data, data + size); + net::IPPattern pattern; + pattern.ParsePattern(input); + return 0; +} diff --git a/net/base/registry_controlled_domains/get_domain_and_registry_fuzzer.cc b/net/base/registry_controlled_domains/get_domain_and_registry_fuzzer.cc new file mode 100644 index 0000000..8b749c1 --- /dev/null +++ b/net/base/registry_controlled_domains/get_domain_and_registry_fuzzer.cc @@ -0,0 +1,35 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "base/at_exit.h" +#include "base/i18n/icu_util.h" +#include "base/strings/string_piece.h" +#include "net/base/registry_controlled_domains/registry_controlled_domain.h" +#include "url/gurl.h" + +// Initialize ICU. +struct InitICU { + InitICU() { CHECK(base::i18n::InitializeICU()); } + base::AtExitManager at_exit_manager; +}; + +InitICU* init_icu = new InitICU(); + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Call GetDomainAndRegistry() twice - once with each filter type to ensure + // both code paths are exercised. + net::registry_controlled_domains::GetDomainAndRegistry( + base::StringPiece(reinterpret_cast<const char*>(data), size), + net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES); + + net::registry_controlled_domains::GetDomainAndRegistry( + base::StringPiece(reinterpret_cast<const char*>(data), size), + net::registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); + + return 0; +} diff --git a/net/base/sniff_mime_type_fuzzer.cc b/net/base/sniff_mime_type_fuzzer.cc new file mode 100644 index 0000000..02fbc15 --- /dev/null +++ b/net/base/sniff_mime_type_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "net/base/mime_sniffer.h" +#include "url/gurl.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + std::string result; + net::SniffMimeType(reinterpret_cast<const char*>(data), size, + GURL("http://www.example-url.com/xyz"), "", &result); + + return 0; +} diff --git a/net/cookies/parse_cookie_line_fuzzer.cc b/net/cookies/parse_cookie_line_fuzzer.cc new file mode 100644 index 0000000..9978398 --- /dev/null +++ b/net/cookies/parse_cookie_line_fuzzer.cc @@ -0,0 +1,15 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "net/cookies/parsed_cookie.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + std::string input(data, data + size); + net::ParsedCookie parsed_cookie(input); + return 0; +} diff --git a/net/proxy/parse_proxy_bypass_rules_fuzzer.cc b/net/proxy/parse_proxy_bypass_rules_fuzzer.cc new file mode 100644 index 0000000..1a9c63c --- /dev/null +++ b/net/proxy/parse_proxy_bypass_rules_fuzzer.cc @@ -0,0 +1,16 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "net/proxy/proxy_bypass_rules.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + net::ProxyBypassRules rules; + std::string input(data, data + size); + rules.ParseFromString(input); + return 0; +} diff --git a/net/proxy/parse_proxy_list_fuzzer.cc b/net/proxy/parse_proxy_list_fuzzer.cc new file mode 100644 index 0000000..0488549 --- /dev/null +++ b/net/proxy/parse_proxy_list_fuzzer.cc @@ -0,0 +1,16 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "net/proxy/proxy_list.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + net::ProxyList list; + std::string input(data, data + size); + list.Set(input); + return 0; +} diff --git a/net/proxy/parse_proxy_list_pac_fuzzer.cc b/net/proxy/parse_proxy_list_pac_fuzzer.cc new file mode 100644 index 0000000..556773c --- /dev/null +++ b/net/proxy/parse_proxy_list_pac_fuzzer.cc @@ -0,0 +1,16 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "net/proxy/proxy_list.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + net::ProxyList list; + std::string input(data, data + size); + list.SetFromPacString(input); + return 0; +} diff --git a/net/proxy/parse_proxy_rules_fuzzer.cc b/net/proxy/parse_proxy_rules_fuzzer.cc new file mode 100644 index 0000000..cd88cdd --- /dev/null +++ b/net/proxy/parse_proxy_rules_fuzzer.cc @@ -0,0 +1,16 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "net/proxy/proxy_config.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + net::ProxyConfig::ProxyRules rules; + std::string input(data, data + size); + rules.ParseFromString(input); + return 0; +} diff --git a/net/proxy/proxy_bypass_rules.cc b/net/proxy/proxy_bypass_rules.cc index f31fa7b..e74d9e6 100644 --- a/net/proxy/proxy_bypass_rules.cc +++ b/net/proxy/proxy_bypass_rules.cc @@ -301,6 +301,11 @@ bool ProxyBypassRules::AddRuleFromStringInternal( std::string host; int port; if (ParseHostAndPort(raw, &host, &port)) { + // TODO(eroman): HostForURL() below DCHECKs() when |host| contains an + // embedded NULL. + if (host.find('\0') != std::string::npos) + return false; + // Note that HostPortPair is used to merely to convert any IPv6 literals to // a URL-safe format that can be used by canonicalization below. std::string bracketed_host = HostPortPair(host, 80).HostForURL(); |