Add content_settings_pattern_parser_fuzzer.

The new fuzzer exercises content_settings::PatternParser::Parse and ToString, which previously had no fuzzer coverage. In addition to exercising the code, the fuzzer checks the "recanonicalization is idempotent" property. Coverage report: https://chromium-coverage.appspot.com/reports/789509_fuzzers_only/linux/chromium/src/components/content_settings/core/common/content_settings_pattern_parser.cc.html Change-Id: Id4c62f3851257b678f102f63cf4b80c63fe53a8b Bug: 1108821 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2308232 Commit-Queue: Dan McArdle <dmcardle@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Cr-Commit-Position: refs/heads/master@{#791660}

Add content_settings_pattern_parser_fuzzer.
The new fuzzer exercises content_settings::PatternParser::Parse and ToString, which previously had no fuzzer coverage. In addition to exercising the code, the fuzzer checks the "recanonicalization is idempotent" property. Coverage report: https://chromium-coverage.appspot.com/reports/789509_fuzzers_only/linux/chromium/src/components/content_settings/core/common/content_settings_pattern_parser.cc.html Change-Id: Id4c62f3851257b678f102f63cf4b80c63fe53a8b Bug: 1108821 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2308232 Commit-Queue: Dan McArdle <dmcardle@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Cr-Commit-Position: refs/heads/master@{#791660}
952f580d · Daniel McArdle · Commit Bot · 988ad379 · 952f580d · 952f580d
Commit 952f580d authored Jul 26, 2020 by Daniel McArdle Committed by Commit Bot Jul 26, 2020
4 changed files
--- a/components/content_settings/core/common/BUILD.gn
+++ b/components/content_settings/core/common/BUILD.gn
@@ -4,6 +4,7 @@

 import("//build/config/jumbo.gni")
 import("//mojo/public/tools/bindings/mojom.gni")
+import("//testing/libfuzzer/fuzzer_test.gni")

 jumbo_static_library("common") {
  sources = [
@@ -77,3 +78,15 @@ component("features") {

  deps = [ "//base" ]
 }
+
+fuzzer_test("content_settings_pattern_parser_fuzzer") {
+  sources = [ "content_settings_pattern_parser_fuzzer.cc" ]
+  deps = [
+    ":common",
+    "//base",
+    "//base:i18n",
+    "//third_party/icu",
+    "//third_party/icu/fuzzers:fuzzer_support",
+  ]
+  dict = "content_settings_pattern_parser_fuzzer.dict"
+}
--- a/components/content_settings/core/common/DEPS
+++ b/components/content_settings/core/common/DEPS
@@ -7,5 +7,6 @@ include_rules = [
  "+net/cookies/cookie_constants.h",
  "+net/cookies/static_cookie_policy.h",
  "+testing",
+  "+third_party/icu/fuzzers/fuzzer_utils.h",
  "+url",
 ]
--- a/components/content_settings/core/common/content_settings_pattern_parser_fuzzer.cc
+++ b/components/content_settings/core/common/content_settings_pattern_parser_fuzzer.cc
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <memory>
+
+#include "base/strings/string_piece.h"
+#include "components/content_settings/core/common/content_settings_pattern.h"
+#include "components/content_settings/core/common/content_settings_pattern_parser.h"
+#include "third_party/icu/fuzzers/fuzzer_utils.h"
+
+IcuEnvironment* env = new IcuEnvironment();
+
+namespace content_settings {
+
+namespace {
+ContentSettingsPattern Parse(base::StringPiece pattern_spec) {
+  std::unique_ptr<ContentSettingsPattern::BuilderInterface> builder =
+      ContentSettingsPattern::CreateBuilder();
+  PatternParser::Parse(pattern_spec, builder.get());
+  return builder->Build();
+}
+}  // namespace
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  base::StringPiece pattern_spec(reinterpret_cast<const char*>(data), size);
+
+  // Parse the fuzzer-generated |pattern_spec| to obtain |canonical_pattern|.
+  ContentSettingsPattern canonical_pattern = Parse(pattern_spec);
+  if (!canonical_pattern.IsValid())
+    return 0;
+  const std::string canonical_pattern_spec = canonical_pattern.ToString();
+
+  // Recanonicalizing |canonical_pattern| should be idempotent.
+  ContentSettingsPattern recanonicalized_pattern =
+      Parse(canonical_pattern_spec);
+  CHECK(recanonicalized_pattern.IsValid())
+      << "Could not recanonicalize\n  '" << canonical_pattern_spec
+      << "' (originally '" << pattern_spec << "')";
+  CHECK_EQ(recanonicalized_pattern.ToString(), canonical_pattern_spec)
+      << "\n  (originally '" << pattern_spec << "')";
+  CHECK_EQ(recanonicalized_pattern.Compare(canonical_pattern),
+           ContentSettingsPattern::Relation::IDENTITY);
+  return 0;
+}
+
+}  // namespace content_settings
--- a/components/content_settings/core/common/content_settings_pattern_parser_fuzzer.dict
+++ b/components/content_settings/core/common/content_settings_pattern_parser_fuzzer.dict
+"*"
+"/"
+"[::1]"
+"127.0.0.1"
+"80"
+"8080"
+"chrome-extension"
+"chrome-extension://peoadpeiejnhkmpaakpnompolbglelel/"
+"chrome-not-search"
+"chrome-not-search://local-ntp/local-ntp.html"
+"chrome-search"
+"chrome-search://local-ntp/"
+"chrome-search://local-ntp:65535/local-ntp.html"
+"chrome-search://*/local-ntp.html"
+"chrome-search://*local-ntp/local-ntp.html"
+"chrome-search://local-ntp/local-ntp.html"
+"chrome-search://local-ntp:*/local-ntp.html"
+"file"
+"file://*"
+"file://**"
+"file://*/"
+"file://*/*"
+"file:///*"
+"file:///foo/bar/test.html"
+"/foo/bar/test.html"
+"[*.]foo.com/*"
+"google.com"
+"http"
+"http://*"
+"http://127.0.0.1:8080"
+"http://foo.com/*"
+"http://[*.]google.com:80"
+"https"
+"https://[::1]:8080"
+"https://*:443"
+"https://bar.com/*"
+"https://www.foo.com/"
+"http://www.gmail.com:*"
+"http://www.youtube.com:8080"
+"local-ntp"
+"/local-ntp.html"
+"peoadpeiejnhkmpaakpnompolbglelel"
+"*://www.foo.com"
+"www.foo.com:*"
+"www.gmail.com"
+"*://www.gmail.com:80"
+"www.youtube.com"
+"www.youtube.com*"
+"www.youtube.com:8080"
+"*.youtube.com"
+"*youtube.com"
+"[*.].youtube.com"
+"[*.]youtube.com"
+"youtube.com"