[Extensions] Fix the Extension manifest fuzzer.
This fuzzer has been broken for a long time. I attempted a bisect to
find the culprit CL, but it wasn't possible to build at the older
commits and it also would have meant testing too many of them.
Instead, I just added to code to address the missing
URL scheme registry entries. There is prior art for this here:
https://source.chromium.org/chromium/chromium/src/+/main:extensions/test/extensions_unittests_main.cc;l=49;drc=9b045da738d6f6f5218604f66ad5c2c2ca6657a8
Bug: 392725743
Change-Id: Ie4cbc3e342d5bb681998472e53104672373477fe
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6244480
Commit-Queue: David Bertoni <dbertoni@chromium.org>
Reviewed-by: Devlin Cronin <rdevlin.cronin@chromium.org>
Auto-Submit: David Bertoni <dbertoni@chromium.org>
Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1418428}
diff --git a/extensions/common/BUILD.gn b/extensions/common/BUILD.gn
index 118c7255..b04c9b66 100644
--- a/extensions/common/BUILD.gn
+++ b/extensions/common/BUILD.gn
@@ -744,6 +744,8 @@
deps = [
":common",
"//base",
+ "//content/public/common",
+ "//content/test:test_support",
"//extensions:test_support",
]
diff --git a/extensions/common/DEPS b/extensions/common/DEPS
index cff3228..4e20027b 100644
--- a/extensions/common/DEPS
+++ b/extensions/common/DEPS
@@ -26,4 +26,7 @@
".*fuzzer\.cc$": [
"+third_party/icu",
],
+ "manifest_fuzzer.cc": [
+ "+content/public",
+ ]
}
diff --git a/extensions/common/manifest_fuzzer.cc b/extensions/common/manifest_fuzzer.cc
index 9b959916..adf84bb 100644
--- a/extensions/common/manifest_fuzzer.cc
+++ b/extensions/common/manifest_fuzzer.cc
@@ -8,6 +8,7 @@
#include <stddef.h>
#include <stdint.h>
+#include <memory>
#include <optional>
#include <string>
#include <utility>
@@ -18,6 +19,8 @@
#include "base/command_line.h"
#include "base/json/json_reader.h"
#include "base/values.h"
+#include "content/public/common/content_client.h"
+#include "content/public/test/content_test_suite_base.h"
#include "extensions/common/extensions_client.h"
#include "extensions/common/install_warning.h"
#include "extensions/common/mojom/manifest.mojom-shared.h"
@@ -43,13 +46,28 @@
mojom::ManifestLocation::kExternalComponent,
};
-// Holds state shared across all fuzzer calls.
-struct Environment {
- Environment() { ExtensionsClient::Set(&extensions_client); }
+class FakeContentClient : public content::ContentClient {
+ public:
+ FakeContentClient() = default;
+ FakeContentClient(const FakeContentClient&) = delete;
+ FakeContentClient& operator=(const FakeContentClient&) = delete;
+ ~FakeContentClient() override = default;
+};
+
+// Holds state shared across all fuzzer calls. The base class supports
+// registering URL schemes required to load manifest features.
+struct Environment : public content::ContentTestSuiteBase {
+ Environment() : ContentTestSuiteBase(0, nullptr) {
+ RegisterContentSchemes(&content_client);
+ extensions_client = std::make_unique<TestExtensionsClient>();
+ ExtensionsClient::Set(extensions_client.get());
+ }
// Singleton objects needed for the tested code.
base::AtExitManager at_exit;
- TestExtensionsClient extensions_client;
+ FakeContentClient content_client;
+ // This must be created after content schemes are registered.
+ std::unique_ptr<TestExtensionsClient> extensions_client;
};
bool InitFuzzedCommandLine(FuzzedDataProvider& fuzzed_data_provider) {
