chromium/src/third_party/blink/renderer/core/html/parser/html_preload_scanner_fuzzer.cc - manifest_repos/chromium_src - Git at Google

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "third_party/blink/public/mojom/webpreferences/web_preferences.mojom-blink.h"
 #include "third_party/blink/renderer/core/css/media_values_cached.h"
 #include "third_party/blink/renderer/core/html/html_document.h"
 #include "third_party/blink/renderer/core/html/parser/html_document_parser.h"
 #include "third_party/blink/renderer/core/html/parser/resource_preloader.h"
 #include "third_party/blink/renderer/core/html/parser/text_resource_decoder_for_fuzzing.h"
 #include "third_party/blink/renderer/core/media_type_names.h"
 #include "third_party/blink/renderer/platform/loader/subresource_integrity.h"
 #include "third_party/blink/renderer/platform/testing/blink_fuzzer_test_support.h"
 #include "third_party/blink/renderer/platform/testing/fuzzed_data_provider.h"

 namespace blink {

 std::unique_ptr<CachedDocumentParameters> CachedDocumentParametersForFuzzing(
     FuzzedDataProvider& fuzzed_data) {
   std::unique_ptr<CachedDocumentParameters> document_parameters =
       std::make_unique<CachedDocumentParameters>();
   document_parameters->do_html_preload_scanning = fuzzed_data.ConsumeBool();
   // TODO(csharrison): How should this be fuzzed?
   document_parameters->default_viewport_min_width = Length();
   document_parameters->viewport_meta_zero_values_quirk =
       fuzzed_data.ConsumeBool();
   document_parameters->viewport_meta_enabled = fuzzed_data.ConsumeBool();
   document_parameters->integrity_features =
       fuzzed_data.ConsumeBool()
           ? SubresourceIntegrity::IntegrityFeatures::kDefault
           : SubresourceIntegrity::IntegrityFeatures::kSignatures;
   return document_parameters;
 }

 class MockResourcePreloader : public ResourcePreloader {
   void Preload(std::unique_ptr<PreloadRequest>) override {}
 };

 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   static BlinkFuzzerTestSupport test_support = BlinkFuzzerTestSupport();
   FuzzedDataProvider fuzzed_data(data, size);

   HTMLParserOptions options;
   options.scripting_flag = fuzzed_data.ConsumeBool();

   std::unique_ptr<CachedDocumentParameters> document_parameters =
       CachedDocumentParametersForFuzzing(fuzzed_data);

   KURL document_url("http://whatever.test/");

   // Copied from HTMLPreloadScannerTest. May be worthwhile to fuzz.
   MediaValuesCached::MediaValuesCachedData media_data;
   media_data.viewport_width = 500;
   media_data.viewport_height = 600;
   media_data.device_width = 700;
   media_data.device_height = 800;
   media_data.device_pixel_ratio = 2.0;
   media_data.color_bits_per_component = 24;
   media_data.monochrome_bits_per_component = 0;
   media_data.primary_pointer_type = mojom::blink::PointerType::kPointerFineType;
   media_data.default_font_size = 16;
   media_data.three_d_enabled = true;
   media_data.media_type = media_type_names::kScreen;
   media_data.strict_mode = true;
   media_data.display_mode = blink::mojom::DisplayMode::kBrowser;

   MockResourcePreloader preloader;

   std::unique_ptr<HTMLPreloadScanner> scanner =
       std::make_unique<HTMLPreloadScanner>(
           options, document_url, std::move(document_parameters), media_data,
           TokenPreloadScanner::ScannerType::kMainDocument);

   TextResourceDecoderForFuzzing decoder(fuzzed_data);
   std::string bytes = fuzzed_data.ConsumeRemainingBytes();
   String decoded_bytes = decoder.Decode(bytes.data(), bytes.length());
   scanner->AppendToEnd(decoded_bytes);
   bool has_csp_meta_tag_unused = false;
   PreloadRequestStream requests =
       scanner->Scan(document_url, nullptr, has_csp_meta_tag_unused);
   preloader.TakeAndPreload(requests);
   return 0;
 }

 }  // namespace blink

 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   return blink::LLVMFuzzerTestOneInput(data, size);
 }
	// Copyright 2016 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "third_party/blink/public/mojom/webpreferences/web_preferences.mojom-blink.h"
	#include "third_party/blink/renderer/core/css/media_values_cached.h"
	#include "third_party/blink/renderer/core/html/html_document.h"
	#include "third_party/blink/renderer/core/html/parser/html_document_parser.h"
	#include "third_party/blink/renderer/core/html/parser/resource_preloader.h"
	#include "third_party/blink/renderer/core/html/parser/text_resource_decoder_for_fuzzing.h"
	#include "third_party/blink/renderer/core/media_type_names.h"
	#include "third_party/blink/renderer/platform/loader/subresource_integrity.h"
	#include "third_party/blink/renderer/platform/testing/blink_fuzzer_test_support.h"
	#include "third_party/blink/renderer/platform/testing/fuzzed_data_provider.h"

	namespace blink {

	std::unique_ptr<CachedDocumentParameters> CachedDocumentParametersForFuzzing(
	FuzzedDataProvider& fuzzed_data) {
	std::unique_ptr<CachedDocumentParameters> document_parameters =
	std::make_unique<CachedDocumentParameters>();
	document_parameters->do_html_preload_scanning = fuzzed_data.ConsumeBool();
	// TODO(csharrison): How should this be fuzzed?
	document_parameters->default_viewport_min_width = Length();
	document_parameters->viewport_meta_zero_values_quirk =
	fuzzed_data.ConsumeBool();
	document_parameters->viewport_meta_enabled = fuzzed_data.ConsumeBool();
	document_parameters->integrity_features =
	fuzzed_data.ConsumeBool()
	? SubresourceIntegrity::IntegrityFeatures::kDefault
	: SubresourceIntegrity::IntegrityFeatures::kSignatures;
	return document_parameters;
	}

	class MockResourcePreloader : public ResourcePreloader {
	void Preload(std::unique_ptr<PreloadRequest>) override {}
	};

	int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
	static BlinkFuzzerTestSupport test_support = BlinkFuzzerTestSupport();
	FuzzedDataProvider fuzzed_data(data, size);

	HTMLParserOptions options;
	options.scripting_flag = fuzzed_data.ConsumeBool();

	std::unique_ptr<CachedDocumentParameters> document_parameters =
	CachedDocumentParametersForFuzzing(fuzzed_data);

	KURL document_url("http://whatever.test/");

	// Copied from HTMLPreloadScannerTest. May be worthwhile to fuzz.
	MediaValuesCached::MediaValuesCachedData media_data;
	media_data.viewport_width = 500;
	media_data.viewport_height = 600;
	media_data.device_width = 700;
	media_data.device_height = 800;
	media_data.device_pixel_ratio = 2.0;
	media_data.color_bits_per_component = 24;
	media_data.monochrome_bits_per_component = 0;
	media_data.primary_pointer_type = mojom::blink::PointerType::kPointerFineType;
	media_data.default_font_size = 16;
	media_data.three_d_enabled = true;
	media_data.media_type = media_type_names::kScreen;
	media_data.strict_mode = true;
	media_data.display_mode = blink::mojom::DisplayMode::kBrowser;

	MockResourcePreloader preloader;

	std::unique_ptr<HTMLPreloadScanner> scanner =
	std::make_unique<HTMLPreloadScanner>(
	options, document_url, std::move(document_parameters), media_data,
	TokenPreloadScanner::ScannerType::kMainDocument);

	TextResourceDecoderForFuzzing decoder(fuzzed_data);
	std::string bytes = fuzzed_data.ConsumeRemainingBytes();
	String decoded_bytes = decoder.Decode(bytes.data(), bytes.length());
	scanner->AppendToEnd(decoded_bytes);
	bool has_csp_meta_tag_unused = false;
	PreloadRequestStream requests =
	scanner->Scan(document_url, nullptr, has_csp_meta_tag_unused);
	preloader.TakeAndPreload(requests);
	return 0;
	}

	} // namespace blink

	extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
	return blink::LLVMFuzzerTestOneInput(data, size);
	}