| # Copyright 2016 The Chromium Authors |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # Fuzzers for content/ components. |
| |
| import("//build/config/chromeos/ui_mode.gni") |
| import("//mojo/public/tools/bindings/mojom.gni") |
| import("//mojo/public/tools/fuzzers/mojolpm.gni") |
| import("//testing/libfuzzer/fuzzer_test.gni") |
| import("//third_party/libprotobuf-mutator/fuzzable_proto_library.gni") |
| import("//third_party/protobuf/proto_library.gni") |
| |
| # Empty group for package discovery. |
| group("fuzzer") { |
| } |
| |
| source_set("fuzzer_support") { |
| sources = [ |
| "fuzzer_support.cc", |
| "fuzzer_support.h", |
| ] |
| public_deps = [ |
| "//base", |
| "//base/test:test_support", |
| "//content/renderer:for_content_tests", |
| "//content/shell:content_shell_lib", |
| "//content/test:test_support", |
| "//gin", |
| "//tools/v8_context_snapshot", |
| ] |
| deps = [ "//tools/v8_context_snapshot:buildflags" ] |
| testonly = true |
| } |
| |
| fuzzer_test("ad_auction_headers_util_fuzzer") { |
| sources = [ "ad_auction_headers_util_fuzzer.cc" ] |
| deps = [ |
| ":fuzzer_support", |
| "//content/browser", |
| "//content/browser:for_content_tests", |
| "//content/public/browser:browser_sources", |
| ] |
| seed_corpus = "//content/test/data/fuzzer_corpus/ad_auction_headers_data/" |
| } |
| |
| fuzzer_test("color_parser_fuzzer") { |
| sources = [ "color_parser_fuzzer.cc" ] |
| deps = [ ":fuzzer_support" ] |
| seed_corpus = "//content/test/data/fuzzer_corpus/color_parser_data/" |
| |
| # Increase the memory limit, since the fuzzer exceeds it in Debug builds. |
| libfuzzer_options = [ "rss_limit_mb=4096" ] |
| } |
| |
| fuzzer_test("origin_trial_token_fuzzer") { |
| sources = [ "origin_trial_token_fuzzer.cc" ] |
| deps = [ "//content/test:test_support" ] |
| dict = |
| "//content/test/data/fuzzer_dictionaries/origin_trial_token_fuzzer.dict" |
| seed_corpus = "//content/test/data/fuzzer_corpus/origin_trial_token_data/" |
| } |
| |
| fuzzer_test("renderer_tree_fuzzer") { |
| sources = [ "renderer_tree_fuzzer.cc" ] |
| deps = [ ":fuzzer_support" ] |
| } |
| |
| fuzzer_test("renderer_proto_tree_fuzzer") { |
| sources = [ "renderer_proto_tree_fuzzer.cc" ] |
| deps = [ |
| ":fuzzer_support", |
| ":html_tree_proto", |
| "//third_party/libprotobuf-mutator", |
| ] |
| |
| # Increase the memory limit, since the fuzzer exceeds it in Debug builds. |
| libfuzzer_options = [ "rss_limit_mb=4096" ] |
| } |
| |
| proto_library("html_tree_proto") { |
| sources = [ "html_tree.proto" ] |
| testonly = true |
| } |
| |
| fuzzer_test("signed_exchange_envelope_fuzzer") { |
| sources = [ "signed_exchange_envelope_fuzzer.cc" ] |
| deps = [ |
| "//base:i18n", |
| "//content/test:test_support", |
| ] |
| seed_corpus = "//content/test/data/sxg/" |
| } |
| |
| fuzzer_test("devtools_protocol_encoding_cbor_fuzzer") { |
| sources = |
| [ "../../browser/devtools/devtools_protocol_encoding_cbor_fuzzer.cc" ] |
| deps = [ |
| "//base", |
| "//third_party/inspector_protocol:crdtp", |
| ] |
| seed_corpus = |
| "../../browser/devtools/devtools_protocol_encoding_cbor_fuzzer_corpus/" |
| } |
| |
| fuzzer_test("inspector_fuzzer") { |
| sources = [ "../../browser/devtools/inspector_fuzzer.cc" ] |
| deps = [ "//third_party/inspector_protocol:crdtp" ] |
| seed_corpus = "//components/cbor/reader_fuzzer_corpus/" |
| } |
| |
| fuzzer_test("signed_exchange_certificate_chain_fuzzer") { |
| sources = [ |
| "../../browser/web_package/signed_exchange_certificate_chain_fuzzer.cc", |
| ] |
| deps = [ "//content/test:test_support" ] |
| seed_corpus = "//content/test/data/fuzzer_corpus/signed_exchange_certificate_chain_data/" |
| } |
| |
| fuzzer_test("merkle_integrity_source_stream_fuzzer") { |
| sources = [ "merkle_integrity_source_stream_fuzzer.cc" ] |
| |
| # This fuzzer depends on net::FuzzedSourceStream, in net_fuzzer_test_support, |
| # but both it and //content:test_support set up similar globals. As |
| # MerkleIntegritySourceStream does not depend on anything in //content and |
| # will ultimately live in //net, use the //net one instead of the //content |
| # one. |
| deps = [ |
| "//content/browser:for_content_tests", |
| "//content/renderer:for_content_tests", |
| "//content/shell:content_shell_lib", |
| "//content/test:test_support", |
| "//net:net_fuzzer_test_support", |
| "//net:test_support", |
| ] |
| dict = "//content/test/data/fuzzer_dictionaries/merkle_integrity_source_stream_fuzzer.dict" |
| environment_variables = [ "AFL_DRIVER_DONT_DEFER=1" ] |
| } |
| |
| if (enable_mojom_fuzzer) { |
| source_set("mojolpm_fuzzer_support") { |
| testonly = true |
| |
| sources = [ |
| "mojolpm_fuzzer_support.cc", |
| "mojolpm_fuzzer_support.h", |
| ] |
| |
| deps = [ "//mojo/core/embedder" ] |
| |
| public_deps = [ |
| "//base/test:test_support", |
| "//content/browser:for_content_tests", |
| "//content/test:test_support", |
| "//services/network:test_support", |
| "//storage/browser:test_support", |
| "//third_party/icu:icudata", |
| ] |
| } |
| } |
| |
| source_set("content_mojolpm_fuzzer_test_support") { |
| sources = [ "content_mojolpm_fuzzer_test_main.cc" ] |
| testonly = true |
| deps = [ "//base/test:test_support" ] |
| } |
| |
| # A bit of explanation is necessary here. Basically, some new features to setup |
| # the RendererHost process is calling `CHECK_IS_TEST`, which requires |
| # AllowCheckIsTestForTesting to be called in the test initialization setup, so |
| # that the runtime knowns when we're running in a test. |
| # Unfortunately, those fuzzers are not being setup by our internal test setup |
| # mechanism, and thus we're never calling AllowCheckIsTestForTesting. Besides, |
| # this function must be called at most once per process, which prevents the |
| # fuzzers from calling it in their setup method (called at every fuzzing |
| # iteration). |
| template("content_mojolpm_fuzzer_test") { |
| mojolpm_fuzzer_test(target_name) { |
| forward_variables_from(invoker, |
| "*", |
| [ |
| "exclude_main", |
| "deps", |
| ]) |
| deps = [ ":content_mojolpm_fuzzer_test_support" ] |
| if (defined(invoker.deps)) { |
| deps += invoker.deps |
| } |
| exclude_main = true |
| } |
| } |
| |
| content_mojolpm_fuzzer_test("code_cache_host_mojolpm_fuzzer") { |
| sources = [ "code_cache_host_mojolpm_fuzzer.cc" ] |
| |
| proto_source = "code_cache_host_mojolpm_fuzzer.proto" |
| testcase_proto_kind = "content.fuzzing.code_cache_host.proto.Testcase" |
| |
| deps = [ |
| ":mojolpm_fuzzer_support", |
| "//content/browser:for_content_tests", |
| "//content/public/browser:browser_sources", |
| "//third_party/blink/public/mojom:mojom_platform_mojolpm", |
| ] |
| |
| proto_deps = [ "//third_party/blink/public/mojom:mojom_platform_mojolpm" ] |
| |
| seed_corpus_sources = [ |
| "//content/test/data/fuzzer_corpus/code_cache_host_mojolpm_fuzzer/did_generate_cacheable_metadata_origin_a.textproto", |
| "//content/test/data/fuzzer_corpus/code_cache_host_mojolpm_fuzzer/did_generate_cacheable_metadata_origin_b.textproto", |
| ] |
| } |
| |
| content_mojolpm_fuzzer_test("idb_factory_mojolpm_fuzzer") { |
| sources = [ "idb_factory_mojolpm_fuzzer.cc" ] |
| |
| proto_source = "idb_factory_mojolpm_fuzzer.proto" |
| testcase_proto_kind = "content.fuzzing.idb_factory.proto.Testcase" |
| |
| deps = [ |
| ":mojolpm_fuzzer_support", |
| "//content/browser:for_content_tests", |
| "//content/browser/indexed_db", |
| "//content/browser/indexed_db:unit_tests", |
| "//content/public/browser:browser_sources", |
| "//third_party/blink/public/mojom:mojom_modules_mojolpm", |
| ] |
| |
| proto_deps = [ "//third_party/blink/public/mojom:mojom_modules_mojolpm" ] |
| |
| seed_corpus_sources = [ "//content/test/data/fuzzer_corpus/idb_factory_mojolpm_fuzzer/idb_factory.textproto" ] |
| } |
| |
| content_mojolpm_fuzzer_test("file_system_manager_mojolpm_fuzzer") { |
| sources = [ "file_system_manager_mojolpm_fuzzer.cc" ] |
| |
| proto_source = "file_system_manager_mojolpm_fuzzer.proto" |
| |
| deps = [ |
| ":mojolpm_fuzzer_support", |
| "//testing/libfuzzer/proto:url_proto_converter", |
| "//third_party/blink/public/common:storage_key_proto_converter", |
| "//third_party/blink/public/mojom:mojom_platform_mojolpm", |
| ] |
| |
| proto_deps = [ |
| "//third_party/blink/public/common:storage_key", |
| "//third_party/blink/public/mojom:mojom_platform_mojolpm", |
| ] |
| } |
| |
| content_mojolpm_fuzzer_test("audio_context_manager_mojolpm_fuzzer") { |
| sources = [ "audio_context_manager_mojolpm_fuzzer.cc" ] |
| |
| proto_source = "audio_context_manager_mojolpm_fuzzer.proto" |
| |
| deps = [ |
| ":mojolpm_fuzzer_support", |
| "//content/browser:for_content_tests", |
| "//content/public/browser:browser_sources", |
| "//third_party/blink/public/mojom:mojom_platform_mojolpm", |
| ] |
| |
| proto_deps = [ "//third_party/blink/public/mojom:mojom_platform_mojolpm" ] |
| } |
| |
| fuzzer_test("speech_audio_encoder_fuzzer") { |
| sources = [ |
| "../../browser/speech/audio_encoder_fuzzer.cc", |
| "//components/speech/audio_buffer.cc", |
| "//components/speech/audio_buffer.h", |
| "//components/speech/audio_encoder.cc", |
| "//components/speech/audio_encoder.h", |
| "//content/common/content_export.h", |
| ] |
| |
| deps = [ |
| "//base", |
| "//third_party/flac", |
| ] |
| } |
| |
| fuzzer_test("browser_accessibility_fuzzer") { |
| sources = [ "browser_accessibility_fuzzer.cc" ] |
| deps = [ |
| "//content/app:for_content_tests", |
| "//content/browser", |
| "//content/public/browser:browser_sources", |
| "//content/test:test_support", |
| "//mojo/core/embedder", |
| "//services/network:test_support", |
| "//storage/browser:test_support", |
| "//ui/accessibility:test_support", |
| ] |
| } |
| |
| source_set("indexed_db_fuzzer_support") { |
| public_deps = [ |
| "//base", |
| "//components/services/storage", |
| "//content/browser/indexed_db", |
| "//content/public/browser:browser_sources", |
| "//content/test:test_support", |
| "//third_party/blink/public/common:headers", |
| ] |
| testonly = true |
| } |
| |
| fuzzer_test("indexed_db_leveldb_coding_encodeidbkey_fuzzer") { |
| sources = [ |
| "../../browser/indexed_db/indexed_db_leveldb_coding_encodeidbkey_fuzzer.cc", |
| ] |
| deps = [ ":indexed_db_fuzzer_support" ] |
| seed_corpus = "../../browser/indexed_db/fuzzer_corpus/indexed_db_key" |
| } |
| |
| fuzzer_test("indexed_db_leveldb_coding_encodeidbkeypath_fuzzer") { |
| sources = [ "../../browser/indexed_db/indexed_db_leveldb_coding_encodeidbkeypath_fuzzer.cc" ] |
| deps = [ ":indexed_db_fuzzer_support" ] |
| seed_corpus = "../../browser/indexed_db/fuzzer_corpus/indexed_db_key_path" |
| } |
| |
| fuzzer_test("indexed_db_leveldb_coding_decodeidbkey_fuzzer") { |
| sources = [ |
| "../../browser/indexed_db/indexed_db_leveldb_coding_decodeidbkey_fuzzer.cc", |
| ] |
| deps = [ ":indexed_db_fuzzer_support" ] |
| seed_corpus = "../../browser/indexed_db/fuzzer_corpus/encoded_indexed_db_key" |
| } |
| |
| fuzzer_test("indexed_db_leveldb_coding_decodeidbkeypath_fuzzer") { |
| sources = [ "../../browser/indexed_db/indexed_db_leveldb_coding_decodeidbkeypath_fuzzer.cc" ] |
| deps = [ ":indexed_db_fuzzer_support" ] |
| seed_corpus = |
| "../../browser/indexed_db/fuzzer_corpus/encoded_indexed_db_key_path" |
| } |
| |
| if (use_fuzzing_engine) { |
| source_set("first_party_set_parser_fuzzer_support") { |
| public_deps = [ |
| "//base", |
| "//base/test:test_support", |
| "//content/browser", |
| "//content/public/browser:browser_sources", |
| "//content/test:test_support", |
| "//net", |
| "//net:net_fuzzer_test_support", |
| ] |
| testonly = true |
| } |
| } |
| |
| fuzzer_test("first_party_set_parser_json_fuzzer") { |
| sources = [ |
| "../../browser/first_party_sets/test/first_party_set_parser_json_fuzzer.cc", |
| ] |
| deps = [ |
| ":first_party_set_parser_fuzzer_support", |
| "//testing/libfuzzer/proto:json_proto", |
| "//testing/libfuzzer/proto:json_proto_converter", |
| "//third_party/libprotobuf-mutator", |
| ] |
| } |
| |
| if (use_fuzzing_engine_with_lpm) { |
| fuzzer_test("first_party_set_parser_value_fuzzer") { |
| sources = [ "../../browser/first_party_sets/test/first_party_set_parser_value_fuzzer.cc" ] |
| deps = [ |
| ":first_party_set_parser_fuzzer_support", |
| ":related_website_sets_proto", |
| "//third_party/libprotobuf-mutator", |
| ] |
| } |
| |
| fuzzable_proto_library("related_website_sets_proto") { |
| sources = |
| [ "../../browser/first_party_sets/test/related_website_sets.proto" ] |
| } |
| } |
| |
| content_mojolpm_fuzzer_test("media_stream_dispatcher_host_mojolpm_fuzzer") { |
| sources = [ "media_stream_dispatcher_host_mojolpm_fuzzer.cc" ] |
| |
| proto_source = "media_stream_dispatcher_host_mojolpm_fuzzer.proto" |
| |
| deps = [ |
| ":mojolpm_fuzzer_support", |
| "//content/browser", |
| "//content/browser:for_content_tests", |
| "//content/public/browser:browser_sources", |
| "//third_party/blink/public/mojom:mojom_platform_mojolpm", |
| ] |
| |
| proto_deps = [ "//third_party/blink/public/mojom:mojom_platform_mojolpm" ] |
| } |
| |
| # Fuzzer only supports linux. As we use a `V4L2CaptureDevice`, which is only |
| # usable on linux through `VideoCaptureDeviceFactoryV4L2`. |
| if (is_linux) { |
| content_mojolpm_fuzzer_test("video_capture_host_mojolpm_fuzzer") { |
| sources = [ "video_capture_host_mojolpm_fuzzer.cc" ] |
| |
| proto_source = "video_capture_host_mojolpm_fuzzer.proto" |
| |
| deps = [ |
| ":mojolpm_fuzzer_support", |
| "//content/browser:for_content_tests", |
| "//content/public/browser:browser_sources", |
| "//content/test:content_unittests", |
| "//media:test_support", |
| "//media/capture:capture_lib", |
| "//media/capture:test_support", |
| "//media/capture/mojom:video_capture_mojolpm", |
| "//third_party/blink/public/common", |
| ] |
| |
| proto_deps = [ "//media/capture/mojom:video_capture_mojolpm" ] |
| } |
| } |
| |
| content_mojolpm_fuzzer_test("image_capture_mojolpm_fuzzer") { |
| sources = [ "image_capture_mojolpm_fuzzer.cc" ] |
| |
| proto_source = "image_capture_mojolpm_fuzzer.proto" |
| |
| deps = [ |
| ":mojolpm_fuzzer_support", |
| "//content/browser:for_content_tests", |
| "//content/public/browser:browser_sources", |
| "//media/capture:capture_lib", |
| "//media/capture/mojom:image_capture_mojolpm", |
| ] |
| |
| proto_deps = [ "//media/capture/mojom:image_capture_mojolpm" ] |
| } |
| |
| content_mojolpm_fuzzer_test("presentation_service_mojolpm_fuzzer") { |
| sources = [ "presentation_service_mojolpm_fuzzer.cc" ] |
| |
| proto_source = "presentation_service_mojolpm_fuzzer.proto" |
| |
| deps = [ |
| ":controller_presentation_service_delegate_for_fuzzing", |
| ":mojolpm_fuzzer_support", |
| "//content/browser:for_content_tests", |
| "//third_party/blink/public/mojom:mojom_platform_mojolpm", |
| "//ui/events/devices", |
| ] |
| |
| proto_deps = [ |
| ":controller_presentation_service_delegate_for_fuzzing", |
| "//third_party/blink/public/mojom:mojom_platform_mojolpm", |
| ] |
| } |
| |
| content_mojolpm_fuzzer_test("clipboard_host_mojolpm_fuzzer") { |
| sources = [ "clipboard_host_mojolpm_fuzzer.cc" ] |
| |
| proto_source = "clipboard_host_mojolpm_fuzzer.proto" |
| |
| deps = [ |
| ":mojolpm_fuzzer_support", |
| "//content/browser", |
| "//content/browser:for_content_tests", |
| "//content/public/browser:browser_sources", |
| "//third_party/blink/public/mojom:mojom_platform_mojolpm", |
| ] |
| |
| proto_deps = [ "//third_party/blink/public/mojom:mojom_platform_mojolpm" ] |
| } |
| |
| proto_library("ad_auction_service_mojolpm_fuzzer_stringifiers_proto") { |
| proto_in_dir = "//" |
| |
| sources = [ "../../browser/interest_group/ad_auction_service_mojolpm_fuzzer_stringifiers.proto" ] |
| } |
| |
| content_mojolpm_fuzzer_test("ad_auction_service_mojolpm_fuzzer") { |
| sources = [ |
| "../../browser/interest_group/ad_auction_service_mojolpm_fuzzer.cc", |
| "../../browser/interest_group/ad_auction_service_mojolpm_fuzzer_stringifiers.cc", |
| "../../browser/interest_group/ad_auction_service_mojolpm_fuzzer_stringifiers.h", |
| ] |
| |
| proto_source = |
| "../../browser/interest_group/ad_auction_service_mojolpm_fuzzer.proto" |
| testcase_proto_kind = "content.fuzzing.ad_auction_service.proto.Testcase" |
| |
| deps = [ |
| ":ad_auction_service_mojolpm_fuzzer_stringifiers_proto", |
| ":mojolpm_fuzzer_support", |
| "//content/browser", |
| "//content/browser:for_content_tests", |
| "//content/public/browser:browser_sources", |
| "//content/test:test_support", |
| "//services/data_decoder/public/cpp:test_support", |
| "//third_party/blink/public/mojom:mojom_platform_mojolpm", |
| "//third_party/metrics_proto", |
| ] |
| |
| proto_deps = [ |
| ":ad_auction_service_mojolpm_fuzzer_stringifiers", |
| "//third_party/blink/public/mojom:mojom_platform_mojolpm", |
| ] |
| |
| seed_corpus_sources = [ |
| "//content/test/data/fuzzer_corpus/ad_auction_service_mojolpm_fuzzer/basic_auction.textproto", |
| "//content/test/data/fuzzer_corpus/ad_auction_service_mojolpm_fuzzer/basic_join.textproto", |
| "//content/test/data/fuzzer_corpus/ad_auction_service_mojolpm_fuzzer/basic_update.textproto", |
| ] |
| } |
| |
| if (enable_mojom_fuzzer) { |
| static_library("controller_presentation_service_delegate_for_fuzzing") { |
| # Should only be used in the fuzzer this was made for |
| visibility = [ ":presentation_service_mojolpm_fuzzer" ] |
| |
| sources = [ |
| "controller_presentation_service_delegate_for_fuzzing.cc", |
| "controller_presentation_service_delegate_for_fuzzing.h", |
| ] |
| |
| deps = [ |
| ":controller_presentation_service_delegate_for_fuzzing_proto", |
| "//base", |
| "//content/public/browser", |
| "//media:test_support", |
| "//third_party/blink/public/mojom:mojom_platform_mojolpm", |
| "//url/mojom:url_mojom_gurl_mojolpm", |
| ] |
| |
| testonly = true |
| } |
| |
| proto_library("controller_presentation_service_delegate_for_fuzzing_proto") { |
| # Should only be used in the fuzzer this was made for, and its |
| # generated rules |
| visibility = [ "//content/test/fuzzer:*" ] |
| |
| proto_in_dir = "//" |
| |
| sources = [ "controller_presentation_service_delegate_for_fuzzing.proto" ] |
| generate_python = false |
| |
| deps = [ "//third_party/blink/public/mojom:mojom_platform_mojolpm_proto" ] |
| |
| import_dirs = [ root_gen_dir ] |
| testonly = true |
| } |
| } |
| |
| if (use_fuzzing_engine) { |
| test("cookie_readiness_list_parser_fuzzer") { |
| sources = [ "../../browser/cookie_insight_list/cookie_readiness_list/cookie_readiness_list_parser_fuzztest.cc" ] |
| |
| fuzztests = [ "CookieReadinessListParserFuzzTest.ParseReadinessListSuccessfullyParsesAnyString" ] |
| |
| testonly = true |
| deps = [ |
| "//base", |
| "//base:i18n", |
| "//content/browser", |
| "//content/public/browser:browser_sources", |
| "//third_party/fuzztest:fuzztest_gtest_main", |
| ] |
| } |
| } |
| |
| test("devtools_protocol_encoding_json_fuzzer") { |
| sources = |
| [ "../../browser/devtools/devtools_protocol_encoding_json_fuzzer.cc" ] |
| fuzztests = [ "DevToolsProtocolFuzzer.ConvertsJSONToCBORCorrectly" ] |
| deps = [ |
| "//base", |
| "//base/test:fuzztest_support", |
| "//third_party/fuzztest:fuzztest_gtest_main", |
| "//third_party/inspector_protocol:crdtp", |
| ] |
| } |
