summaryrefslogtreecommitdiffstats
path: root/dom/security/featurepolicy/fuzztest
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/security/featurepolicy/fuzztest
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/featurepolicy/fuzztest')
-rw-r--r--dom/security/featurepolicy/fuzztest/fp_fuzzer.cpp67
-rw-r--r--dom/security/featurepolicy/fuzztest/fp_fuzzer.dict54
-rw-r--r--dom/security/featurepolicy/fuzztest/moz.build18
3 files changed, 139 insertions, 0 deletions
diff --git a/dom/security/featurepolicy/fuzztest/fp_fuzzer.cpp b/dom/security/featurepolicy/fuzztest/fp_fuzzer.cpp
new file mode 100644
index 0000000000..25f7dc8d41
--- /dev/null
+++ b/dom/security/featurepolicy/fuzztest/fp_fuzzer.cpp
@@ -0,0 +1,67 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
+
+#include "FuzzingInterface.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/dom/Feature.h"
+#include "mozilla/dom/FeaturePolicyParser.h"
+#include "nsNetUtil.h"
+#include "nsStringFwd.h"
+#include "nsTArray.h"
+
+using namespace mozilla;
+using namespace mozilla::dom;
+
+static nsCOMPtr<nsIPrincipal> selfURIPrincipal;
+static nsCOMPtr<nsIURI> selfURI;
+
+static int LVVMFuzzerInitTest(int* argc, char*** argv) {
+ nsresult ret;
+ ret = NS_NewURI(getter_AddRefs(selfURI), "http://selfuri.com");
+ if (ret != NS_OK) {
+ MOZ_CRASH("NS_NewURI failed.");
+ }
+
+ mozilla::OriginAttributes attrs;
+ selfURIPrincipal =
+ mozilla::BasePrincipal::CreateContentPrincipal(selfURI, attrs);
+ if (!selfURIPrincipal) {
+ MOZ_CRASH("CreateContentPrincipal failed.");
+ }
+ return 0;
+}
+
+static int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ if (!size) {
+ return 0;
+ }
+ nsTArray<Feature> parsedFeatures;
+
+ NS_ConvertASCIItoUTF16 policy(reinterpret_cast<const char*>(data), size);
+ if (!policy.get()) return 0;
+
+ FeaturePolicyParser::ParseString(policy, nullptr, selfURIPrincipal,
+ selfURIPrincipal, parsedFeatures);
+
+ for (const Feature& feature : parsedFeatures) {
+ nsTArray<nsCOMPtr<nsIPrincipal>> list;
+ feature.GetAllowList(list);
+
+ for (nsIPrincipal* principal : list) {
+ nsAutoCString originNoSuffix;
+ nsresult rv = principal->GetOriginNoSuffix(originNoSuffix);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return 0;
+ }
+ printf("%s - %s\n", NS_ConvertUTF16toUTF8(feature.Name()).get(),
+ originNoSuffix.get());
+ }
+ }
+ return 0;
+}
+
+MOZ_FUZZING_INTERFACE_RAW(LVVMFuzzerInitTest, LLVMFuzzerTestOneInput,
+ FeaturePolicyParser);
diff --git a/dom/security/featurepolicy/fuzztest/fp_fuzzer.dict b/dom/security/featurepolicy/fuzztest/fp_fuzzer.dict
new file mode 100644
index 0000000000..e95508bf8e
--- /dev/null
+++ b/dom/security/featurepolicy/fuzztest/fp_fuzzer.dict
@@ -0,0 +1,54 @@
+# tokens
+"'"
+";"
+
+### https://www.w3.org/TR/{CSP,CSP2,CSP3}/
+# directive names
+"accelerometer"
+"ambient-light-sensor"
+"autoplay"
+"battery"
+"camera"
+"display-capture"
+"document-domain"
+"encrypted-media"
+"execution-while-not-rendered"
+"execution-while-out-of-viewport"
+"fullscreen
+"geolocation
+"gyroscope"
+"layout-animations"
+"legacy-image-formats"
+"magnetometer"
+"microphone"
+"midi"
+"navigation-override"
+"oversized-images"
+"payment"
+"picture-in-picture"
+"publickey-credentials"
+"sync-xhr"
+"usb"
+"vr"
+"wake-lock"
+"xr-spatial-tracking"
+
+# directive values
+"'self'"
+"'none'"
+"'src''"
+*
+
+
+# URI components
+"https:"
+"ws:"
+"blob:"
+"data:"
+"filesystem:"
+"javascript:"
+"http://"
+"selfuri.com"
+"127.0.0.1"
+"::1"
+https://example.com \ No newline at end of file
diff --git a/dom/security/featurepolicy/fuzztest/moz.build b/dom/security/featurepolicy/fuzztest/moz.build
new file mode 100644
index 0000000000..ea577e8339
--- /dev/null
+++ b/dom/security/featurepolicy/fuzztest/moz.build
@@ -0,0 +1,18 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+Library("FuzzingFeaturePolicy")
+
+LOCAL_INCLUDES += [
+ "/dom/security/featurepolicy",
+ "/netwerk/base",
+]
+
+include("/tools/fuzzing/libfuzzer-config.mozbuild")
+
+SOURCES += ["fp_fuzzer.cpp"]
+
+FINAL_LIBRARY = "xul-gtest"