diff options
Diffstat (limited to '')
-rw-r--r-- | dom/security/fuzztest/csp_fuzzer.cpp | 41 | ||||
-rw-r--r-- | dom/security/fuzztest/csp_fuzzer.dict | 95 | ||||
-rw-r--r-- | dom/security/fuzztest/moz.build | 18 |
3 files changed, 154 insertions, 0 deletions
diff --git a/dom/security/fuzztest/csp_fuzzer.cpp b/dom/security/fuzztest/csp_fuzzer.cpp new file mode 100644 index 0000000000..24f938cb1f --- /dev/null +++ b/dom/security/fuzztest/csp_fuzzer.cpp @@ -0,0 +1,41 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ + +#include "FuzzingInterface.h" +#include "mozilla/BasePrincipal.h" +#include "nsComponentManagerUtils.h" +#include "nsCSPContext.h" +#include "nsNetUtil.h" +#include "nsStringFwd.h" + +static int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + nsresult ret; + nsCOMPtr<nsIURI> selfURI; + ret = NS_NewURI(getter_AddRefs(selfURI), "http://selfuri.com"); + if (ret != NS_OK) return 0; + + mozilla::OriginAttributes attrs; + nsCOMPtr<nsIPrincipal> selfURIPrincipal = + mozilla::BasePrincipal::CreateContentPrincipal(selfURI, attrs); + if (!selfURIPrincipal) return 0; + + nsCOMPtr<nsIContentSecurityPolicy> csp = + do_CreateInstance(NS_CSPCONTEXT_CONTRACTID, &ret); + if (ret != NS_OK) return 0; + + ret = + csp->SetRequestContextWithPrincipal(selfURIPrincipal, selfURI, u""_ns, 0); + if (ret != NS_OK) return 0; + + NS_ConvertASCIItoUTF16 policy(reinterpret_cast<const char*>(data), size); + if (!policy.get()) return 0; + csp->AppendPolicy(policy, false, false); + + return 0; +} + +MOZ_FUZZING_INTERFACE_RAW(nullptr, LLVMFuzzerTestOneInput, + ContentSecurityPolicyParser); diff --git a/dom/security/fuzztest/csp_fuzzer.dict b/dom/security/fuzztest/csp_fuzzer.dict new file mode 100644 index 0000000000..480165d929 --- /dev/null +++ b/dom/security/fuzztest/csp_fuzzer.dict @@ -0,0 +1,95 @@ +### dom/security/nsCSPParser.cpp +# tokens +":" +";" +"/" +"+" +"-" +"." +"_" +"~" +"*" +"'" +"#" +"?" +"%" +"!" +"$" +"&" +"(" +")" +"=" +"@" + +### https://www.w3.org/TR/{CSP,CSP2,CSP3}/ +# directive names +"default-src" +"script-src" +"object-src" +"style-src" +"img-src" +"media-src" +"frame-src" +"font-src" +"connect-src" +"report-uri" +"frame-ancestors" +"reflected-xss" +"base-uri" +"form-action" +"manifest-src" +"upgrade-insecure-requests" +"child-src" +"block-all-mixed-content" +"sandbox" +"worker-src" +"plugin-types" +"disown-opener" +"report-to" + +# directive values +"'self'" +"'unsafe-inline'" +"'unsafe-eval'" +"'none'" +"'strict-dynamic'" +"'unsafe-hashed-attributes'" +"'nonce-AA=='" +"'sha256-fw=='" +"'sha384-/w=='" +"'sha512-//8='" + +# subresources +"a" +"audio" +"embed" +"iframe" +"img" +"link" +"object" +"script" +"source" +"style" +"track" +"video" + +# sandboxing flags +"allow-forms" +"allow-pointer-lock" +"allow-popups" +"allow-same-origin" +"allow-scripts" +"allow-top-navigation" +"allow-top-navigation-by-user-activation" + +# URI components +"https:" +"ws:" +"blob:" +"data:" +"filesystem:" +"javascript:" +"http://" +"selfuri.com" +"127.0.0.1" +"::1" diff --git a/dom/security/fuzztest/moz.build b/dom/security/fuzztest/moz.build new file mode 100644 index 0000000000..3a1f3f4396 --- /dev/null +++ b/dom/security/fuzztest/moz.build @@ -0,0 +1,18 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +Library("FuzzingDOMSecurity") + +LOCAL_INCLUDES += [ + "/dom/security", + "/netwerk/base", +] + +include("/tools/fuzzing/libfuzzer-config.mozbuild") + +SOURCES += ["csp_fuzzer.cpp"] + +FINAL_LIBRARY = "xul-gtest" |