net/data/fuzzer_dictionaries/net_http_stream_parser_fuzzer.dict

# Copyright 2016 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

# Fuzzer dictionary targetting HTTP/1.x responses.

# Entries that are generally useful in headers
":"
"\x0A"
"\x0D"
"0"
"50"
"500"
# Horizontal whitespace. Matters mostly in status line.
" "
"\x09"
# Header continuation
"\x0D\x0A\x09"
# Used in a lot of individual headers
";"
"="
","
"\""
"-"

# Status line components
"HTTP"
"/1.1"
"/1.0"
# More interesting status codes.  Leading space so can be inserted into
# other status lines.
" 100"
" 200"
" 206"
" 301"
" 302"
" 303"
" 304"
" 307"
" 308"
" 401"
" 403"
" 404"
" 500"
" 501"
" 403"

# Full status lines (Some with relevant following headers)
"HTTP/1.1 200 OK\x0A\x0A"
"HTTP/1.1 100 Continue\x0A\x0A"
"HTTP/1.1 401 Unauthorized\x0AWWW-Authenticate: Basic realm=\"Middle-Earth\"\x0A\xA0"
"HTTP/1.1 407 Proxy Authentication Required\x0AProxy-Authenticate: Digest realm=\"Middle-Earth\", nonce=\"aaaaaaaaaa\"\x0A\x0A"
"HTTP/1.0 301 Moved Permanently\x0ALocation: /a\x0A\x0A"
"HTTP/1.1 302 Found\x0ALocation: http://lost/\x0A\x0A"

# Proxy authentication headers. Note that fuzzers don't support NTLM or
# negotiate.
"WWW-Authenticate:"
"Proxy-Authenticate:"
"Basic"
"Digest"
"realm"
"nonce"

"Connection:"
"Proxy-Connection:"
"Keep-Alive"
"Close"
"Upgrade"
"\x0AConnection: Keep-Alive"
"\x0AConnection: Close"
"\x0AProxy-Connection: Keep-Alive"
"\x0AProxy-Connection: Close"

"Content-Length:"
"Transfer-Encoding:"
"chunked"
"\x0AContent-Length: 0"
"\x0AContent-Length: 500"
"\x0ATransfer-Encoding: chunked\x0A\x0A5\x0A12345\x0A0\x0A\x0A"

"Location:"
"\x0ALocation: http://foo/"
"\x0ALocation: http://bar/"
"\x0ALocation: https://foo/"
"\x0ALocation: https://bar/"

"Accept-Ranges:"
"bytes"
"\x0AAccept-Ranges: bytes"

"Content-Range:"

"Age:"
"\x0AAge: 0"
"\x0AAge: 3153600000"

"Cache-Control:"
"max-age"
"no-cache"
"no-store"
"must-revalidate"
"\x0ACache-Control: max-age=3153600000"
"\x0ACache-Control: max-age=0"
"\x0ACache-Control: no-cache"
"\x0ACache-Control: no-store"
"\x0ACache-Control: must-revalidate"

"Content-Disposition:"
"attachment"
"filename"

"Content-Encoding:"
"gzip"
"deflate"
"sdch"
"br"
"\x0AContent-Encoding: gzip"
"\x0AContent-Encoding: deflate"
"\x0AContent-Encoding: sdch"
"\x0AContent-Encoding: br"

"Date:"
"Fri, 01 Apr, 2050 14:14:14 GMT"
"Mon, 28 Mar, 2016 04:04:04 GMT"
"\x0ADate: Fri, 01 Apr, 2050 14:14:14 GMT"
"\x0ADate: Mon, 28 Mar, 2016 04:04:04 GMT"

"Last-Modified:"
"\x0ALast-Modified: Fri, 01 Apr, 2050 14:14:14 GMT"
"\x0ALast-Modified: Mon, 28 Mar, 2016 04:04:04 GMT"

"Expires:"
"\x0AExpires: Fri, 01 Apr, 2050 14:14:14 GMT"
"\x0AExpires: Mon, 28 Mar, 2016 04:04:04 GMT"

"Set-Cookie:"
"Expires"
"Max-Age"
"Domain"
"Path"
"Secure"
"HttpOnly"
"Priority"
"Low"
"Medium"
"High"
"SameSite"
"Strict"
"Lax"
"\x0ASet-Cookie: foo=bar"
"\x0ASet-Cookie: foo2=bar2;HttpOnly;Priority=Low;SameSite=Strict;Path=/"
"\x0ASet-Cookie: foo=chicken;SameSite=Lax"

"Strict-Transport-Security:"
"includeSubDomains"

"Vary:"
"\x0AVary: Cookie"
"\x0AVary: Age"

"ETag:"
"\x0AETag: jumboshrimp"


# This part has been generated with testing/libfuzzer/dictionary_generator.py
# using net_http_stream_parser_fuzzer binary and RFC 2616.
"all"
"code"
"maximum"
"Transfer-Encoding"
"D.,"
"results"
"follow"
"(LZW)."
"provided."
"(which"
"ISDN"
"\"TE\""
"LF>"
"FORCE"
"calculate"
"\"IETF"
"UNIX,"
"ARPA"
"\"OPTIONAL\""
"environment"
"ENGINEERING"
"program"
"USENET"
"TEXT"
"Not"
"Nov"
"include"
"resources"
"(STD"
"labels"
"string"
"returning"
"HTTP/1.1;"
"SP,"
"SP."
"entries"
"HTTP/1.1,"
"HTTP/1.1."
"difference"
"(URI):"
"did"
"[CRLF]"
"EXPRESS"
"list"
"HTTP/1.0\","
"(RFC"
"large"
"ONLY"
"Tag"
"(LWS"
"(URL)\","
"\"A\"..\"Z\">"
"unexpected"
"GET)"
"direct"
"Failed"
"second"
"Version"
"\"A\""
"allowed."
"GET,"
"tag."
"implemented"
"\"HTTP/1.0\""
"errors"
"ISO-8859-4,"
"appear"
"incompatible"
"section"
"CPU"
"current"
"waiting"
"version"
"above"
"TTL"
"new"
"CRLF)"
"public"
"FTP"
"NNTP."
"WWW-"
"never"
"equals"
"\"HTTP/1.1"
"reported"
"objects"
"address"
"active"
"\"HEAD\""
"["
"\"POST\""
"HTTP."
"change"
"MA"
"\"AS"
"last-modified"
"BACK)"
"NOT"
"NNTP"
"named"
"useful"
"secure"
"case."
"detected."
"\"HTTP\""
"private"
"CERN/3.0"
"CTE"
"(CTE)"
"Too"
"CTL"
"PUT,"
"user-agent"
"PUT)"
"POST"
"select"
"use"
"TASK"
"from"
"exception."
"working"
"to"
"positive"
"two"
"URI;"
"properties"
"few"
"--THIS_STRING_SEPARATES"
"POST,"
"call"
"memory"
"MUST,"
"scope"
"type"
"authorization"
"more"
"ISO-8859-9,"
"(GMT),"
"(TE)"
"name."
"LF,"
"RFC-850"
"warn"
"bytes,"
"Found"
"cases"
"MHTML"
"name:"
"must"
"Content"
"ALL"
"MHTML,"
"RIGHTS"
"this"
"NTP"
"work"
"--THIS_STRING_SEPARATES--"
"Syntax"
"can"
"of"
"following"
"\"I"
"closing"
"root"
"example"
"requested,"
"J.,"
"type."
"reserved"
"stream"
"process"
"attribute"
"allowed"
"high"
"currency"
"numbers"
"want"
"type:"
"native"
"LF"
"class,"
"end"
"Missing"
"HTTP-"
"HTTP,"
"links"
"1"
"line."
"2*N"
"H."
"1XX"
"WARRANTIES,"
"HTTP:"
"A"
"badly"
"HEAD"
"may"
"insecure"
"after"
"containing"
"tracking"
"wrong"
"[SP"
"ANSI,"
"date"
"such"
"data"
"parallel"
"repeat"
"a"
"FTP,"
"All"
"short"
"Y."
"UA"
"(2**N),"
"element"
"so"
"cases."
"File"
"(LWS)"
"\"DEFLATE"
"order"
"charset"
"\"SHOULD"
"don't"
"MIC"
"move"
"vary"
"satisfied"
"CD-ROM,"
"HTTP-WG."
"LINK,"
"pointer"
"its"
"digest"
"before"
"HTML"
"(OK)"
"Rules"
"MAY,"
"fix"
"ISO-3166"
"actually"
"407"
"(GNU"
"\"HTTP/1.1\","
"P.,"
"401"
"MERCHANTABILITY"
"DNS."
"into"
"\"HTTP"
"it."
"it,"
"return"
"URL"
"URI"
"number"
"Bad"
"not"
"However,"
"SSL"
"name"
"always"
"expectation."
"--"
"ISO-639"
"]URI,"
"found"
"trailer"
"mean"
"breakdown"
"From"
"UTC"
"(via"
"(URI)"
"UNLINK"
"expect"
"exceeded"
"(MIC)"
"event"
"out"
"is:"
"E."
"space"
"\"MUST/MAY/SHOULD\""
"REQUIRED"
"ALPHA"
"HTTP/2.4"
"4DIGIT"
"increase"
"L."
"time."
"PATCH,"
"supports"
"2DIGIT"
"K.,"
"(A,"
"This"
"free"
"\"B\""
"RFC"
"base"
"IMPLIED,"
"byte"
"received."
"generate"
"text/plain"
"ISO-8859-7,"
"\"HTTP/1.1\""
"Partial"
"could"
"transition"
"DISCLAIMS"
"times"
"filter"
"HTML\","
"length"
"HEAD."
"HEAD,"
"S.,"
"first"
"origin"
"\"E\""
"already"
"UPALPHA"
"3DIGIT"
"Cache"
"Please"
"token."
"one"
"CHAR"
"ISI"
"another"
"FITNESS"
"message"
"CSS1,"
"open"
"size"
"doesn't"
"\""
"script"
"unknown"
"top"
"header)"
"system"
"construct"
"image/gif"
"2"
"ignored."
"listed"
"Date"
"LOALPHA"
"scheme"
"store"
"too"
"M."
"Success"
"that"
"completed"
"OPTIONAL;"
"R"
"pragma"
"(IANA"
"WAIS"
"F.,"
"than"
"K."
"target"
"Content-Type:"
"require"
"Only"
"HTTP/2.13,"
"headers"
"See"
"GMT."
"HTTP/2.0,"
"were"
"1)"
"IS\""
"1*8ALPHA"
"are"
"and"
"IRC/6.9,"
"false"
"turned"
"ANSI"
"B"
"(IANA)"
"tables"
"have"
"MIME,"
"need"
"HTTP/1.1.)"
"null"
"any"
"contents"
"data)"
"(LZ77)"
"(MIME"
"mechanism"
"internal"
"(C)"
"take"
"which"
"With"
"UCI"
"HTTP/0.9,"
"content-"
"200"
"begin"
"multiple"
"TCP/IP"
"Content-Disposition"
"206"
"buffer"
"object"
"\"MUST\","
"regular"
"entry"
"The"
"]"
"model"
"D."
"US-ASCII"
"L.,"
"(URL)"
"If"
"+"
"\"MIME"
"Note:"
"particularly"
"WA"
"text"
"supported"
"\"C\""
"Unrecognized"
"CRLF."
"CRLF,"
"SP"
"find"
"MUST"
"true,"
"cache."
"upgrade"
"cache)"
"implementation"
"("
"[RFC"
"cache"
"outside"
"should"
"failed"
"only"
"URL)."
"LDAP)"
"USA"
"WARRANTIES"
"(UA)"
"get"
"there"
"HEREIN"
"\"HTTP\"."
"cannot"
"shared"
"THE"
"BNF"
"DIGIT,"
"closure"
"PUT"
"reading"
"resource"
"A.,"
"W."
"16"
"ISO-8859."
"calling"
"J."
"INCLUDING"
"common"
"INTERNET"
"release"
"ISI/RR-98-463,"
"\"CONNECT\""
"where"
"set"
"IANA"
"For"
"\"F\""
"configured"
"C"
"this,"
"multipart"
"close"
"E.,"
"end."
"detect"
"GET"
"WWW\","
"1*DIGIT"
"BUT"
"MIT"
"3"
"unable"
"between"
"probably"
"boundary"
"0)"
"\"SHALL"
"\"RECOMMENDED\","
"available"
"we"
"FOR"
"missing"
"importance"
"screen"
"connection."
"PARTICULAR"
"UNIX"
"STD"
"ISO-8859-1"
"key"
"(MIME)"
"P."
"\"HTTP/1.1\"."
"HTTP/1.0),"
"AND"
"received"
"WWW"
"TRACE"
"\"MAY\","
"many"
"*TEXT"
"Unsupported"
"using:"
"connection"
"Unicode"
"*OCTET"
"exceeds"
"(URN)"
"safely"
"ANY"
"can't"
"WARRANTY"
"ISO-8859-8,"
"Content-Length"
"consume"
"simple"
"header"
"DNS)"
"colon"
"\"GET\""
"spans"
"1*HEX"
"table"
"allocated"
"BCP"
"application/pdf"
"LWS:"
"save"
"\"REQUIRED\","
"Wed,"
"C."
"C,"
"encryption"
"create"
"(MHTML)\","
"been"
"."
"HTTP/12.3."
"\"PUT\""
"context."
"LWS,"
"basic"
"expected"
"prototype"
"GMT,"
"empty"
"define"
"PNG,\""
"\"D\""
"with"
"CA"
"HEX"
"N"
"0*3DIGIT"
"\"W/\""
"CR"
"\"DELETE\""
"unnecessarily"
"case"
"exception"
"(A"
"(HTTP)"
"value"
"INFRINGE"
"while"
"\"GZIP"
"\"SHALL\","
"error"
"\"GMT\""
"(LWS)."
"resident"
"is"
"thus"
"it"
"encountered"
"parse"
"MIME"
"in"
"SIGCOMM"
"You"
"if"
"result"
"binary"
"different"
"\"A"
")"
"CREATE"
"expired"
"1DIGIT"
"same"
"OPTIONS"
"transfer-encoding"
"BNF,"
"unrecognized"
"units"
"UST"
"status"
"\"%"
"used"
"http"
"context"
"I"
"IP"
"(O)."
"allocation"
"running"
"*LWS"
"user"
"SMTP"
"\"SHOULD\","
"stack"
"task"
"CR."
"failing"
"IETF"
"M.,"
"Names"
"In"
"position"
"the"
"audio"
"left"
"US-ASCII."
"MAY"
"THAT"
"being"
"(OK)."
"actions"
"invalid"
"HTTP/1.0)"
"CRC."
"previous"
"adding"
"TO"
"<US-ASCII"
"source"
"ISO-8859-2,"
"\"OPTIONS\""
"location"
"HTTP/1.0"
"HTTP/1.1"
"size,"
"has"
"match"
"build"
"URI."
"tests"
"format"
"read"
"H.,"
"T"
"using"
"LIMITED"
"OK"
"text/html"
"success"
"ISO-8859-5,"
"B,"
"signal"
"MIME:"
"(HTCPCP/1.0)\","
"server"
"ignore"
"OF"
"output"
"page"
"S."
"because"
"old"
"sequence"
"HT."
"B.,"
"some"
"back"
"HT"
"Last-Modified"
"growth"
"DEL"
"specified"
"unless"
"H.F.,"
"HTTP/1.0."
"(BNF)"
"happens"
"discarded"
"PUT."
"INDEX."
"trace"
"for"
"avoid"
"CR,"
"does"
"CONNECT"
"assuming"
"be"
"run"
"GET."
"deleted"
"equivalent"
"X3.4-1986"
"<URL:"
"O"
"ISO-8859-1."
"broken"
"host"
"HTTP/1.0,"
"LWS>"
"INFORMATION"
"X3.4-1986,"
"by"
"ALPHA,"
"Location"
"on"
"DIGIT"
"actual"
"extension"
"tracing"
"R.,"
"\"UTF-8,"
"*<TEXT,"
"OR"
"range"
"3ALPHA"
"URI,"
"value."
"Message"
"DELETE"
"content-type"
"or"
"UC"
"No"
"ISO-"
"image"
"ACM"
"HEX\""
"URL,"
"ISO-8859-6,"
"T.,"
"operator"
"T/TCP"
"file."
"GET\""
"transfer"
"support"
"*"
"long"
"class"
"start"
"forward"
"was"
"function"
"HT,"
"N."
"HTTP/1.1\","
"OCTET"
"but"
"failure"
"TE:"
"IMPLIED"
"CRLF"
"DNS"
"Error"
"\"ZLIB"
"line"
"trying"
"true"
"GMT"
"count"
"default"
"B."
"ISO-8859-1,"
"up"
"ISO-8859-1)"
"SHOULD"
"PURPOSE."
"used."
"WILL"
">"
"called"
"delete"
"DELETE,"
"storing"
"USE"
"image/jpeg"
"defined"
"LWS"
"URL."
"unsafe"
"an"
"To"
"as"
"warning"
"exist"
"at"
"file"
"NOT\""
"NOT,"
"W3C/MIT"
"ISO-8859-1:1987."
"SHTTP/1.3,"
"no"
"when"
"A,"
"virtual"
"A."
"details."
"application"
"valid"
"OPTIONAL"
"\"TRACE\""
"test"
"MD5"
"you"
"TE"
"ISO-8859-3,"
"requested"
"elements"
"C)"
"symbol"
"T."
"code)"
"variable"
"SOCIETY"
"\"MUST"
"TCP"
"ISO-10646\","
"NOT\","
"R."
"audio/basic"
"IANA."
"\"WAIS"
"persistent"
"Its"
"As"
"time"
"failures"
"\"ISO-8859-1\""
"once"