Chromium Code Reviews Chromium Code Reviews
Issue 1917503002:
URLRequest fuzzer. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@fuzz| OLD | NEW |
|---|---|
| 1 # Copyright 2016 The Chromium Authors. All rights reserved. | 1 # Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
| 3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
| 4 | 4 |
| 5 # Fuzzer dictionary targetting HTTP/1.x responses. | 5 # Fuzzer dictionary targetting HTTP/1.x responses. |
| 6 | 6 |
| 7 # Entries that are generally useful in headers | 7 # Entries that are generally useful in headers |
| 8 ":" | 8 ":" |
| 9 "\x0A" | 9 "\x0A" |
| 10 "\x0D" | 10 "\x0D" |
| 11 "0" | 11 "0" |
| 12 "50" | 12 "50" |
| 13 "500" | 13 "500" |
| 14 # Horizontal whitespace. Matters mostly in status line. | 14 # Horizontal whitespace. Matters mostly in status line. |
| 15 " " | 15 " " |
| 16 "\x09" | 16 "\x09" |
| 17 # Header continuation | 17 # Header continuation |
| 18 "\x0D\x0A\x09" | 18 "\x0D\x0A\x09" |
| 19 # Used in a lot of individual headers | 19 # Used in a lot of individual headers |
| 20 ";" | 20 ";" |
| 21 "=" | 21 "=" |
| 22 "," | 22 "," |
| 23 "\"" | 23 "\"" |
| 24 "-" | |
| 24 | 25 |
| 25 # Status line components | 26 # Status line components |
| 26 "HTTP" | 27 "HTTP" |
| 27 "/1.1" | 28 "/1.1" |
| 28 "/1.0" | 29 "/1.0" |
| 29 # More interesting status codes. Leading space so can be inserted into | 30 # More interesting status codes. Leading space so can be inserted into |
| 30 # other status lines. | 31 # other status lines. |
| 31 " 100" | 32 " 100" |
| 32 " 200" | 33 " 200" |
| 33 " 206" | 34 " 206" |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 47 # Full status lines (Some with relevant following headers) | 48 # Full status lines (Some with relevant following headers) |
| 48 "HTTP/1.1 200 OK\x0A\x0A" | 49 "HTTP/1.1 200 OK\x0A\x0A" |
| 49 "HTTP/1.1 100 Continue\x0A\x0A" | 50 "HTTP/1.1 100 Continue\x0A\x0A" |
| 50 "HTTP/1.1 401 Unauthorized\x0AWWW-Authenticate: Basic realm=\"Middle-Earth\"\x0A \xA0" | 51 "HTTP/1.1 401 Unauthorized\x0AWWW-Authenticate: Basic realm=\"Middle-Earth\"\x0A \xA0" |
| 51 "HTTP/1.1 407 Proxy Authentication Required\x0AProxy-Authenticate: Digest realm= \"Middle-Earth\", nonce=\"aaaaaaaaaa\"\x0A\x0A" | 52 "HTTP/1.1 407 Proxy Authentication Required\x0AProxy-Authenticate: Digest realm= \"Middle-Earth\", nonce=\"aaaaaaaaaa\"\x0A\x0A" |
| 52 "HTTP/1.0 301 Moved Permanently\x0ALocation: /a\x0A\x0A" | 53 "HTTP/1.0 301 Moved Permanently\x0ALocation: /a\x0A\x0A" |
| 53 "HTTP/1.1 302 Found\x0ALocation: http://lost/\x0A\x0A" | 54 "HTTP/1.1 302 Found\x0ALocation: http://lost/\x0A\x0A" |
| 54 | 55 |
| 55 # Proxy authentication headers. Note that fuzzers don't support NTLM or | 56 # Proxy authentication headers. Note that fuzzers don't support NTLM or |
| 56 # negotiate. | 57 # negotiate. |
| 57 "WWW-Authenticate" | 58 "WWW-Authenticate:" |
| 58 "Proxy-Authenticate" | 59 "Proxy-Authenticate:" |
| 59 "Basic" | 60 "Basic" |
| 60 "Digest" | 61 "Digest" |
| 61 "realm" | 62 "realm" |
| 62 "nonce" | 63 "nonce" |
| 63 | 64 |
| 64 "Connection" | 65 "Connection:" |
| 65 "Proxy-Connection" | 66 "Proxy-Connection:" |
| 66 "Keep-Alive" | 67 "Keep-Alive" |
| 67 "Close" | 68 "Close" |
| 69 "Upgrade" | |
| 68 "\x0AConnection: Keep-Alive" | 70 "\x0AConnection: Keep-Alive" |
| 69 "\x0AConnection: Close" | 71 "\x0AConnection: Close" |
| 70 "\x0AProxy-Connection: Keep-Alive" | 72 "\x0AProxy-Connection: Keep-Alive" |
| 71 "\x0AProxy-Connection: Close" | 73 "\x0AProxy-Connection: Close" |
| 72 | 74 |
| 73 "Content-Length" | 75 "Content-Length:" |
| 74 "Transfer-Encoding" | 76 "Transfer-Encoding:" |
| 75 "chunked" | 77 "chunked" |
| 76 "\x0AContent-Length: 0" | 78 "\x0AContent-Length: 0" |
| 77 "\x0AContent-Length: 500" | 79 "\x0AContent-Length: 500" |
| 78 "\x0ATransfer-Encoding: chunked\x0A\x0A5\x0A12345\x0A0\x0A\x0A" | 80 "\x0ATransfer-Encoding: chunked\x0A\x0A5\x0A12345\x0A0\x0A\x0A" |
| 81 | |
| 82 "Location:" | |
| 83 "\x0ALocation: http://foo/" | |
| 84 "\x0ALocation: http://bar/" | |
| 85 "\x0ALocation: https://foo/" | |
| 86 "\x0ALocation: https://bar/" | |
| 87 | |
| 88 "Accept-Ranges:" | |
| 89 "bytes" | |
| 90 "\x0AAccept-Ranges: bytes" | |
| 91 | |
| 92 "Content-Range:" | |
| 93 | |
| 94 "Age:" | |
| 95 "\x0AAge: 0" | |
| 96 "\x0AAge: 3153600000" | |
|
mmenke
2016/04/27 19:55:32
This is 100 years. Figure that reduces variations
| |
| 97 | |
| 98 "Cache-Control:" | |
| 99 "max-age" | |
| 100 "no-cache" | |
| 101 "no-store" | |
| 102 "must-revalidate" | |
| 103 "\x0ACache-Control: max-age=3153600000" | |
| 104 "\x0ACache-Control: max-age=0" | |
| 105 "\x0ACache-Control: no-cache" | |
| 106 "\x0ACache-Control: no-store" | |
| 107 "\x0ACache-Control: must-revalidate" | |
|
mmenke
2016/04/27 19:55:32
None of my runs remotely compares to what the test
| |
| 108 | |
| 109 "Content-Disposition:" | |
| 110 "attachment" | |
| 111 "filename" | |
| 112 | |
| 113 "Content-Encoding:" | |
| 114 "gzip" | |
| 115 "deflate" | |
| 116 "sdch" | |
| 117 "br" | |
| 118 "\x0AContent-Encoding: gzip" | |
| 119 "\x0AContent-Encoding: deflate" | |
| 120 "\x0AContent-Encoding: sdch" | |
| 121 "\x0AContent-Encoding: br" | |
| 122 | |
| 123 "Date:" | |
| 124 "Fri, 01 Apr, 2050 14:14:14 GMT" | |
| 125 "Mon, 28 Mar, 2016 04:04:04 GMT" | |
| 126 "\x0ADate: Fri, 01 Apr, 2050 14:14:14 GMT" | |
| 127 "\x0ADate: Mon, 28 Mar, 2016 04:04:04 GMT" | |
| 128 | |
| 129 "Last-Modified:" | |
| 130 "\x0ALast-Modified: Fri, 01 Apr, 2050 14:14:14 GMT" | |
| 131 "\x0ALast-Modified: Mon, 28 Mar, 2016 04:04:04 GMT" | |
| 132 | |
| 133 "Expires:" | |
| 134 "\x0AExpires: Fri, 01 Apr, 2050 14:14:14 GMT" | |
| 135 "\x0AExpires: Mon, 28 Mar, 2016 04:04:04 GMT" | |
| 136 | |
| 137 "Set-Cookie:" | |
| 138 "Expires" | |
| 139 "Max-Age" | |
| 140 "Domain" | |
| 141 "Path" | |
| 142 "Secure" | |
| 143 "HttpOnly" | |
| 144 "Priority" | |
| 145 "Low" | |
| 146 "Medium" | |
| 147 "High" | |
| 148 "SameSite" | |
| 149 "Strict" | |
| 150 "Lax" | |
| 151 "\x0ASet-Cookie: foo=bar" | |
| 152 "\x0ASet-Cookie: foo2=bar2;HttpOnly;Priority=Low;SameSite=Strict;Path=/" | |
| 153 "\x0ASet-Cookie: foo=chicken;SameSite=Lax" | |
| 154 | |
| 155 "Strict-Transport-Security:" | |
| 156 "includeSubDomains" | |
| 157 | |
| 158 "Vary:" | |
| 159 "\x0AVary: Cookie" | |
| 160 "\x0AVary: Age" | |
| 161 | |
| 162 "ETag:" | |
| 163 "\x0AETag: jumboshrimp" | |
| OLD | NEW |
