Google Git
Sign in
chromium / chromium / src.git / 682f0aca27bfd4545959c245d20a7bbd6c891ac2 / . / net / url_request / url_request_fuzzer.cc
blob: 81832805f63c99b1ea10c85419e598154b1a3ae5 [file] [log] [blame]
Avi Drissman64595482022-09-14 20:52:29[diff] [blame]1// Copyright 2016 The Chromium Authors
mmenkec951d412016-04-28 19:05:22[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "net/url_request/url_request.h"
6
7#include <stddef.h>
8#include <stdint.h>
9
Max Moroza1707f42019-08-28 21:10:28[diff] [blame]10#include <fuzzer/FuzzedDataProvider.h>
11
mmenkec951d412016-04-28 19:05:22[diff] [blame]12#include <memory>
13
14#include "base/run_loop.h"
mmenkec951d412016-04-28 19:05:22[diff] [blame]15#include "net/base/request_priority.h"
16#include "net/socket/fuzzed_socket_factory.h"
rhalavatib7bd7c792017-04-27 05:25:16[diff] [blame]17#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
mmenkec951d412016-04-28 19:05:22[diff] [blame]18#include "net/url_request/url_request.h"
19#include "net/url_request/url_request_context.h"
Yutaka Hirano65113272022-03-18 08:31:08[diff] [blame]20#include "net/url_request/url_request_context_builder.h"
mmenkec951d412016-04-28 19:05:22[diff] [blame]21#include "net/url_request/url_request_test_util.h"
22#include "url/gurl.h"
23
Max Moroz9da1efc2019-01-12 02:23:07[diff] [blame]24
25// Restrict max input length to reject too long inputs that can be too slow to
26// process and may lead to an unbounded corpus growth.
27const size_t kMaxInputSize = 65536 + 257;
28
mmenkec951d412016-04-28 19:05:22[diff] [blame]29// Integration fuzzer for URLRequest's handling of HTTP requests. Can follow
30// redirects, both on the same server (using a new socket or the old one) and
31// across servers.
mmenkea7da0712016-11-21 21:12:31[diff] [blame]32// TODO(mmenke): Add support for testing HTTPS, auth, proxies, uploading,
mmenkec951d412016-04-28 19:05:22[diff] [blame]33// cancelation, deferring reads / redirects, using preconnected sockets, SPDY,
34// QUIC, DNS failures (they all currently resolve to localhost), IPv6 DNS
35// results, URLs with IPs instead of hostnames (v4 and v6), etc.
36extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
Max Moroz9da1efc2019-01-12 02:23:07[diff] [blame]37 if (size > kMaxInputSize)
38 return 0;
39
Max Morozcfbe47cc2019-06-24 17:45:02[diff] [blame]40 FuzzedDataProvider data_provider(data, size);
Yutaka Hirano65113272022-03-18 08:31:08[diff] [blame]41 auto context_builder = net::CreateTestURLRequestContextBuilder();
mmenkec951d412016-04-28 19:05:22[diff] [blame]42 net::FuzzedSocketFactory fuzzed_socket_factory(&data_provider);
Yutaka Hirano65113272022-03-18 08:31:08[diff] [blame]43 context_builder->set_client_socket_factory_for_testing(
44 &fuzzed_socket_factory);
45 auto url_request_context = context_builder->Build();
mmenkec951d412016-04-28 19:05:22[diff] [blame]46
47 net::TestDelegate delegate;
Helmut Januschka8501fbd2024-01-16 22:21:33[diff] [blame]48 base::RunLoop loop;
49 delegate.set_on_complete(loop.QuitWhenIdleClosure());
mmenkec951d412016-04-28 19:05:22[diff] [blame]50
51 std::unique_ptr<net::URLRequest> url_request(
Yutaka Hirano65113272022-03-18 08:31:08[diff] [blame]52 url_request_context->CreateRequest(GURL("http://foo/"),
53 net::DEFAULT_PRIORITY, &delegate,
54 TRAFFIC_ANNOTATION_FOR_TESTS));
mmenkec951d412016-04-28 19:05:22[diff] [blame]55 url_request->Start();
56 // TestDelegate quits the message loop on completion.
Helmut Januschka8501fbd2024-01-16 22:21:33[diff] [blame]57 loop.Run();
mmenkec951d412016-04-28 19:05:22[diff] [blame]58 return 0;
59}