mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-16 23:05:42 +00:00
Bug 1475448 - Add ContentSecurityPolicyParser fuzzing target. r=ckerschb, sr=decoder
This commit is contained in:
parent
160fe540b3
commit
9a8512dd92
45
dom/security/fuzztest/csp_fuzzer.cpp
Normal file
45
dom/security/fuzztest/csp_fuzzer.cpp
Normal file
@ -0,0 +1,45 @@
|
||||
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#include "FuzzingInterface.h"
|
||||
#include "nsCSPContext.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "nsStringFwd.h"
|
||||
|
||||
static int
|
||||
LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
|
||||
{
|
||||
nsresult ret;
|
||||
nsCOMPtr<nsIURI> selfURI;
|
||||
ret = NS_NewURI(getter_AddRefs(selfURI), "http://selfuri.com");
|
||||
if (ret != NS_OK)
|
||||
return 0;
|
||||
|
||||
mozilla::OriginAttributes attrs;
|
||||
nsCOMPtr<nsIPrincipal> selfURIPrincipal =
|
||||
mozilla::BasePrincipal::CreateCodebasePrincipal(selfURI, attrs);
|
||||
if (!selfURIPrincipal)
|
||||
return 0;
|
||||
|
||||
nsCOMPtr<nsIContentSecurityPolicy> csp =
|
||||
do_CreateInstance(NS_CSPCONTEXT_CONTRACTID, &ret);
|
||||
if (ret != NS_OK)
|
||||
return 0;
|
||||
|
||||
ret = csp->SetRequestContext(nullptr, selfURIPrincipal);
|
||||
if (ret != NS_OK)
|
||||
return 0;
|
||||
|
||||
NS_ConvertASCIItoUTF16 policy(reinterpret_cast<const char*>(data), size);
|
||||
if (!policy.get())
|
||||
return 0;
|
||||
csp->AppendPolicy(policy, false, false);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
MOZ_FUZZING_INTERFACE_RAW(nullptr, LLVMFuzzerTestOneInput, ContentSecurityPolicyParser);
|
||||
|
95
dom/security/fuzztest/csp_fuzzer.dict
Normal file
95
dom/security/fuzztest/csp_fuzzer.dict
Normal file
@ -0,0 +1,95 @@
|
||||
### dom/security/nsCSPParser.cpp
|
||||
# tokens
|
||||
":"
|
||||
";"
|
||||
"/"
|
||||
"+"
|
||||
"-"
|
||||
"."
|
||||
"_"
|
||||
"~"
|
||||
"*"
|
||||
"'"
|
||||
"#"
|
||||
"?"
|
||||
"%"
|
||||
"!"
|
||||
"$"
|
||||
"&"
|
||||
"("
|
||||
")"
|
||||
"="
|
||||
"@"
|
||||
|
||||
### https://www.w3.org/TR/{CSP,CSP2,CSP3}/
|
||||
# directive names
|
||||
"default-src"
|
||||
"script-src"
|
||||
"object-src"
|
||||
"style-src"
|
||||
"img-src"
|
||||
"media-src"
|
||||
"frame-src"
|
||||
"font-src"
|
||||
"connect-src"
|
||||
"report-uri"
|
||||
"frame-ancestors"
|
||||
"reflected-xss"
|
||||
"base-uri"
|
||||
"form-action"
|
||||
"manifest-src"
|
||||
"upgrade-insecure-requests"
|
||||
"child-src"
|
||||
"block-all-mixed-content"
|
||||
"require-sri-for"
|
||||
"sandbox"
|
||||
"worker-src"
|
||||
"plugin-types"
|
||||
"disown-opener"
|
||||
"report-to"
|
||||
|
||||
# directive values
|
||||
"'self'"
|
||||
"'unsafe-inline'"
|
||||
"'unsafe-eval'"
|
||||
"'none'"
|
||||
"'strict-dynamic'"
|
||||
"'unsafe-hashed-attributes'"
|
||||
"'nonce-AA=='"
|
||||
"'sha256-fw=='"
|
||||
"'sha384-/w=='"
|
||||
"'sha512-//8='"
|
||||
|
||||
# subresources
|
||||
"a"
|
||||
"audio"
|
||||
"embed"
|
||||
"iframe"
|
||||
"img"
|
||||
"link"
|
||||
"object"
|
||||
"script"
|
||||
"source"
|
||||
"style"
|
||||
"track"
|
||||
"video"
|
||||
|
||||
# sandboxing flags
|
||||
"allow-forms"
|
||||
"allow-pointer-lock"
|
||||
"allow-popups"
|
||||
"allow-same-origin"
|
||||
"allow-scripts"
|
||||
"allow-top-navigation"
|
||||
|
||||
# URI components
|
||||
"https:"
|
||||
"ws:"
|
||||
"blob:"
|
||||
"data:"
|
||||
"filesystem:"
|
||||
"javascript:"
|
||||
"http://"
|
||||
"selfuri.com"
|
||||
"127.0.0.1"
|
||||
"::1"
|
21
dom/security/fuzztest/moz.build
Normal file
21
dom/security/fuzztest/moz.build
Normal file
@ -0,0 +1,21 @@
|
||||
# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
|
||||
# vim: set filetype=python:
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
Library('FuzzingDOMSecurity')
|
||||
|
||||
LOCAL_INCLUDES += [
|
||||
'/dom/security',
|
||||
'/netwerk/base',
|
||||
]
|
||||
|
||||
include('/tools/fuzzing/libfuzzer-config.mozbuild')
|
||||
|
||||
SOURCES += [
|
||||
'csp_fuzzer.cpp'
|
||||
]
|
||||
|
||||
FINAL_LIBRARY = 'xul-gtest'
|
||||
|
@ -51,3 +51,11 @@ LOCAL_INCLUDES += [
|
||||
'/netwerk/base',
|
||||
'/netwerk/protocol/data', # for nsDataHandler.h
|
||||
]
|
||||
|
||||
include('/tools/fuzzing/libfuzzer-config.mozbuild')
|
||||
|
||||
if CONFIG['FUZZING_INTERFACES']:
|
||||
TEST_DIRS += [
|
||||
'fuzztest'
|
||||
]
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user