net/cookies/parse_cookie_line_fuzzer.cc - chromium/src - Git at Google

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include <stddef.h>
 #include <stdint.h>

 #include "base/logging.h"
 #include "base/test/fuzzed_data_provider.h"
 #include "net/cookies/parsed_cookie.h"

 const std::string GetArbitraryString(base::FuzzedDataProvider* data_provider) {
   // Adding a fudge factor to kMaxCookieSize so that both branches of the bounds
   // detection code will be tested.
   return data_provider->ConsumeRandomLengthString(
       net::ParsedCookie::kMaxCookieSize + 10);
 }

 // Entry point for LibFuzzer.
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   base::FuzzedDataProvider data_provider(data, size);
   const std::string cookie_line = GetArbitraryString(&data_provider);
   net::ParsedCookie parsed_cookie(cookie_line);

   // Call zero or one of ParsedCookie's mutator methods.
   switch (data_provider.ConsumeIntegralInRange(0, 10)) {
     case 0:
       break;
     case 1:
       parsed_cookie.SetName(GetArbitraryString(&data_provider));
       break;
     case 2:
       parsed_cookie.SetValue(GetArbitraryString(&data_provider));
       break;
     case 3:
       parsed_cookie.SetPath(GetArbitraryString(&data_provider));
       break;
     case 4:
       parsed_cookie.SetDomain(GetArbitraryString(&data_provider));
       break;
     case 5:
       parsed_cookie.SetExpires(GetArbitraryString(&data_provider));
       break;
     case 6:
       parsed_cookie.SetMaxAge(GetArbitraryString(&data_provider));
       break;
     case 7:
       parsed_cookie.SetIsSecure(data_provider.ConsumeBool());
       break;
     case 8:
       parsed_cookie.SetIsHttpOnly(data_provider.ConsumeBool());
       break;
     case 9:
       parsed_cookie.SetSameSite(GetArbitraryString(&data_provider));
       break;
     case 10:
       parsed_cookie.SetPriority(GetArbitraryString(&data_provider));
       break;
   }

   // Check that serialize/deserialize inverse property holds for valid cookies.
   if (parsed_cookie.IsValid()) {
     const std::string serialized = parsed_cookie.ToCookieLine();
     net::ParsedCookie reparsed_cookie(serialized);
     const std::string reserialized = reparsed_cookie.ToCookieLine();
     CHECK(reparsed_cookie.IsValid());
     CHECK_EQ(serialized, reserialized);
   }

   return 0;
 }
	// Copyright 2016 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include <stddef.h>
	#include <stdint.h>

	#include "base/logging.h"
	#include "base/test/fuzzed_data_provider.h"
	#include "net/cookies/parsed_cookie.h"

	const std::string GetArbitraryString(base::FuzzedDataProvider* data_provider) {
	// Adding a fudge factor to kMaxCookieSize so that both branches of the bounds
	// detection code will be tested.
	return data_provider->ConsumeRandomLengthString(
	net::ParsedCookie::kMaxCookieSize + 10);
	}

	// Entry point for LibFuzzer.
	extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
	base::FuzzedDataProvider data_provider(data, size);
	const std::string cookie_line = GetArbitraryString(&data_provider);
	net::ParsedCookie parsed_cookie(cookie_line);

	// Call zero or one of ParsedCookie's mutator methods.
	switch (data_provider.ConsumeIntegralInRange(0, 10)) {
	case 0:
	break;
	case 1:
	parsed_cookie.SetName(GetArbitraryString(&data_provider));
	break;
	case 2:
	parsed_cookie.SetValue(GetArbitraryString(&data_provider));
	break;
	case 3:
	parsed_cookie.SetPath(GetArbitraryString(&data_provider));
	break;
	case 4:
	parsed_cookie.SetDomain(GetArbitraryString(&data_provider));
	break;
	case 5:
	parsed_cookie.SetExpires(GetArbitraryString(&data_provider));
	break;
	case 6:
	parsed_cookie.SetMaxAge(GetArbitraryString(&data_provider));
	break;
	case 7:
	parsed_cookie.SetIsSecure(data_provider.ConsumeBool());
	break;
	case 8:
	parsed_cookie.SetIsHttpOnly(data_provider.ConsumeBool());
	break;
	case 9:
	parsed_cookie.SetSameSite(GetArbitraryString(&data_provider));
	break;
	case 10:
	parsed_cookie.SetPriority(GetArbitraryString(&data_provider));
	break;
	}

	// Check that serialize/deserialize inverse property holds for valid cookies.
	if (parsed_cookie.IsValid()) {
	const std::string serialized = parsed_cookie.ToCookieLine();
	net::ParsedCookie reparsed_cookie(serialized);
	const std::string reserialized = reparsed_cookie.ToCookieLine();
	CHECK(reparsed_cookie.IsValid());
	CHECK_EQ(serialized, reserialized);
	}

	return 0;
	}