diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/security/featurepolicy/fuzztest | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/featurepolicy/fuzztest')
-rw-r--r-- | dom/security/featurepolicy/fuzztest/fp_fuzzer.cpp | 67 | ||||
-rw-r--r-- | dom/security/featurepolicy/fuzztest/fp_fuzzer.dict | 54 | ||||
-rw-r--r-- | dom/security/featurepolicy/fuzztest/moz.build | 18 |
3 files changed, 139 insertions, 0 deletions
diff --git a/dom/security/featurepolicy/fuzztest/fp_fuzzer.cpp b/dom/security/featurepolicy/fuzztest/fp_fuzzer.cpp new file mode 100644 index 0000000000..25f7dc8d41 --- /dev/null +++ b/dom/security/featurepolicy/fuzztest/fp_fuzzer.cpp @@ -0,0 +1,67 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ + +#include "FuzzingInterface.h" +#include "mozilla/BasePrincipal.h" +#include "mozilla/dom/Feature.h" +#include "mozilla/dom/FeaturePolicyParser.h" +#include "nsNetUtil.h" +#include "nsStringFwd.h" +#include "nsTArray.h" + +using namespace mozilla; +using namespace mozilla::dom; + +static nsCOMPtr<nsIPrincipal> selfURIPrincipal; +static nsCOMPtr<nsIURI> selfURI; + +static int LVVMFuzzerInitTest(int* argc, char*** argv) { + nsresult ret; + ret = NS_NewURI(getter_AddRefs(selfURI), "http://selfuri.com"); + if (ret != NS_OK) { + MOZ_CRASH("NS_NewURI failed."); + } + + mozilla::OriginAttributes attrs; + selfURIPrincipal = + mozilla::BasePrincipal::CreateContentPrincipal(selfURI, attrs); + if (!selfURIPrincipal) { + MOZ_CRASH("CreateContentPrincipal failed."); + } + return 0; +} + +static int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + if (!size) { + return 0; + } + nsTArray<Feature> parsedFeatures; + + NS_ConvertASCIItoUTF16 policy(reinterpret_cast<const char*>(data), size); + if (!policy.get()) return 0; + + FeaturePolicyParser::ParseString(policy, nullptr, selfURIPrincipal, + selfURIPrincipal, parsedFeatures); + + for (const Feature& feature : parsedFeatures) { + nsTArray<nsCOMPtr<nsIPrincipal>> list; + feature.GetAllowList(list); + + for (nsIPrincipal* principal : list) { + nsAutoCString originNoSuffix; + nsresult rv = principal->GetOriginNoSuffix(originNoSuffix); + if (NS_WARN_IF(NS_FAILED(rv))) { + return 0; + } + printf("%s - %s\n", NS_ConvertUTF16toUTF8(feature.Name()).get(), + originNoSuffix.get()); + } + } + return 0; +} + +MOZ_FUZZING_INTERFACE_RAW(LVVMFuzzerInitTest, LLVMFuzzerTestOneInput, + FeaturePolicyParser); diff --git a/dom/security/featurepolicy/fuzztest/fp_fuzzer.dict b/dom/security/featurepolicy/fuzztest/fp_fuzzer.dict new file mode 100644 index 0000000000..e95508bf8e --- /dev/null +++ b/dom/security/featurepolicy/fuzztest/fp_fuzzer.dict @@ -0,0 +1,54 @@ +# tokens +"'" +";" + +### https://www.w3.org/TR/{CSP,CSP2,CSP3}/ +# directive names +"accelerometer" +"ambient-light-sensor" +"autoplay" +"battery" +"camera" +"display-capture" +"document-domain" +"encrypted-media" +"execution-while-not-rendered" +"execution-while-out-of-viewport" +"fullscreen +"geolocation +"gyroscope" +"layout-animations" +"legacy-image-formats" +"magnetometer" +"microphone" +"midi" +"navigation-override" +"oversized-images" +"payment" +"picture-in-picture" +"publickey-credentials" +"sync-xhr" +"usb" +"vr" +"wake-lock" +"xr-spatial-tracking" + +# directive values +"'self'" +"'none'" +"'src''" +* + + +# URI components +"https:" +"ws:" +"blob:" +"data:" +"filesystem:" +"javascript:" +"http://" +"selfuri.com" +"127.0.0.1" +"::1" +https://example.com
\ No newline at end of file diff --git a/dom/security/featurepolicy/fuzztest/moz.build b/dom/security/featurepolicy/fuzztest/moz.build new file mode 100644 index 0000000000..ea577e8339 --- /dev/null +++ b/dom/security/featurepolicy/fuzztest/moz.build @@ -0,0 +1,18 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +Library("FuzzingFeaturePolicy") + +LOCAL_INCLUDES += [ + "/dom/security/featurepolicy", + "/netwerk/base", +] + +include("/tools/fuzzing/libfuzzer-config.mozbuild") + +SOURCES += ["fp_fuzzer.cpp"] + +FINAL_LIBRARY = "xul-gtest" |