net/data/fuzzer_dictionaries/net_http_stream_parser_fuzzer.dict - Issue 2128583006: [libfuzzer] Add or update dictionaries for //net fuzzers.

Unified Diff: net/data/fuzzer_dictionaries/net_http_stream_parser_fuzzer.dict

Issue 2128583006: [libfuzzer] Add or update dictionaries for //net fuzzers. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Update comments. Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « net/data/fuzzer_dictionaries/net_http_proxy_client_socket_fuzzer.dict ('k') | net/data/fuzzer_dictionaries/net_mime_sniffer_fuzzer.dict » ('j') | net/data/fuzzer_dictionaries/net_url_request_fuzzer.dict » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/data/fuzzer_dictionaries/net_http_stream_parser_fuzzer.dict

diff --git a/net/data/fuzzer_dictionaries/net_http_stream_parser_fuzzer.dict b/net/data/fuzzer_dictionaries/net_http_stream_parser_fuzzer.dict

new file mode 100644

index 0000000000000000000000000000000000000000..cba14dc5ee95bbb54915d74ff9fea9ebfc1f1fbc

--- /dev/null

+++ b/net/data/fuzzer_dictionaries/net_http_stream_parser_fuzzer.dict

@@ -0,0 +1,1039 @@

+# Use of this source code is governed by a BSD-style license that can be

+# found in the LICENSE file.

+# Fuzzer dictionary targetting HTTP/1.x responses.

+# Entries that are generally useful in headers

+":"

+"\x0A"

+"\x0D"

+"0"

+"50"

+"500"

+# Horizontal whitespace. Matters mostly in status line.

+" "

+"\x09"

+# Header continuation

+"\x0D\x0A\x09"

+# Used in a lot of individual headers

+";"

+"="

+","

+"\""

+"-"

+# Status line components

+"HTTP"

+"/1.1"

+"/1.0"

+# More interesting status codes. Leading space so can be inserted into

+# other status lines.

+" 100"

+" 200"

+" 206"

+" 301"

+" 302"

+" 303"

+" 304"

+" 307"

+" 308"

+" 401"

+" 403"

+" 404"

+" 500"

+" 501"

+" 403"

+# Full status lines (Some with relevant following headers)

+"HTTP/1.1 200 OK\x0A\x0A"

+"HTTP/1.1 100 Continue\x0A\x0A"

+"HTTP/1.1 401 Unauthorized\x0AWWW-Authenticate: Basic realm=\"Middle-Earth\"\x0A\xA0"

+"HTTP/1.1 407 Proxy Authentication Required\x0AProxy-Authenticate: Digest realm=\"Middle-Earth\", nonce=\"aaaaaaaaaa\"\x0A\x0A"

+"HTTP/1.0 301 Moved Permanently\x0ALocation: /a\x0A\x0A"

+"HTTP/1.1 302 Found\x0ALocation: http://lost/\x0A\x0A"

+# Proxy authentication headers. Note that fuzzers don't support NTLM or

+# negotiate.

+"WWW-Authenticate:"

+"Proxy-Authenticate:"

+"Basic"

+"Digest"

+"realm"

+"nonce"

+"Connection:"

+"Proxy-Connection:"

+"Keep-Alive"

+"Close"

+"Upgrade"

+"\x0AConnection: Keep-Alive"

+"\x0AConnection: Close"

+"\x0AProxy-Connection: Keep-Alive"

+"\x0AProxy-Connection: Close"

+"Content-Length:"

+"Transfer-Encoding:"

+"chunked"

+"\x0AContent-Length: 0"

+"\x0AContent-Length: 500"

+"\x0ATransfer-Encoding: chunked\x0A\x0A5\x0A12345\x0A0\x0A\x0A"

+"Location:"

+"\x0ALocation: http://foo/"

+"\x0ALocation: http://bar/"

+"\x0ALocation: https://foo/"

+"\x0ALocation: https://bar/"

+"Accept-Ranges:"

+"bytes"

+"\x0AAccept-Ranges: bytes"

+"Content-Range:"

+"Age:"

+"\x0AAge: 0"

+"\x0AAge: 3153600000"

+"Cache-Control:"

+"max-age"

+"no-cache"

+"no-store"

+"must-revalidate"

+"\x0ACache-Control: max-age=3153600000"

+"\x0ACache-Control: max-age=0"

+"\x0ACache-Control: no-cache"

+"\x0ACache-Control: no-store"

+"\x0ACache-Control: must-revalidate"

+"Content-Disposition:"

+"attachment"

+"filename"

+"Content-Encoding:"

+"gzip"

+"deflate"

+"sdch"

+"br"

+"\x0AContent-Encoding: gzip"

+"\x0AContent-Encoding: deflate"

+"\x0AContent-Encoding: sdch"

+"\x0AContent-Encoding: br"

+"Date:"

+"Fri, 01 Apr, 2050 14:14:14 GMT"

+"Mon, 28 Mar, 2016 04:04:04 GMT"

+"\x0ADate: Fri, 01 Apr, 2050 14:14:14 GMT"

+"\x0ADate: Mon, 28 Mar, 2016 04:04:04 GMT"

+"Last-Modified:"

+"\x0ALast-Modified: Fri, 01 Apr, 2050 14:14:14 GMT"

+"\x0ALast-Modified: Mon, 28 Mar, 2016 04:04:04 GMT"

+"Expires:"

+"\x0AExpires: Fri, 01 Apr, 2050 14:14:14 GMT"

+"\x0AExpires: Mon, 28 Mar, 2016 04:04:04 GMT"

+"Set-Cookie:"

+"Expires"

+"Max-Age"

+"Domain"

+"Path"

+"Secure"

+"HttpOnly"

+"Priority"

+"Low"

+"Medium"

+"High"

+"SameSite"

+"Strict"

+"Lax"

+"\x0ASet-Cookie: foo=bar"

+"\x0ASet-Cookie: foo2=bar2;HttpOnly;Priority=Low;SameSite=Strict;Path=/"

+"\x0ASet-Cookie: foo=chicken;SameSite=Lax"

+"Strict-Transport-Security:"

+"includeSubDomains"

+"Vary:"

+"\x0AVary: Cookie"

+"\x0AVary: Age"

+"ETag:"

+"\x0AETag: jumboshrimp"

+# This part has been generated with testing/libfuzzer/dictionary_generator.py

+# using net_http_stream_parser_fuzzer binary and RFC 2616.

+"all"

+"code"

+"maximum"

+"Transfer-Encoding"

+"D.,"

+"results"

+"follow"

+"(LZW)."

+"provided."

+"(which"

+"ISDN"

+"\"TE\""

+"LF>"

+"FORCE"

+"calculate"

+"\"IETF"

+"UNIX,"

+"ARPA"

+"\"OPTIONAL\""

+"environment"

+"ENGINEERING"

+"program"

+"USENET"

+"TEXT"

+"Not"

+"Nov"

+"include"

+"resources"

+"(STD"

+"labels"

+"string"

+"returning"

+"HTTP/1.1;"

+"SP,"

+"SP."

+"entries"

+"HTTP/1.1,"

+"HTTP/1.1."

+"difference"

+"(URI):"

+"did"

+"[CRLF]"

+"EXPRESS"

+"list"

+"HTTP/1.0\","

+"(RFC"

+"large"

+"ONLY"

+"Tag"

+"(LWS"

+"(URL)\","

+"\"A\"..\"Z\">"

+"unexpected"

+"GET)"

+"direct"

+"Failed"

+"second"

+"Version"

+"\"A\""

+"allowed."

+"GET,"

+"tag."

+"implemented"

+"\"HTTP/1.0\""

+"errors"

+"ISO-8859-4,"

+"appear"

+"incompatible"

+"section"

+"CPU"

+"current"

+"waiting"

+"version"

+"above"

+"TTL"

+"new"

+"CRLF)"

+"public"

+"FTP"

+"NNTP."

+"WWW-"

+"never"

+"equals"

+"\"HTTP/1.1"

+"reported"

+"objects"

+"address"

+"active"

+"\"HEAD\""

+"["

+"\"POST\""

+"HTTP."

+"change"

+"MA"

+"\"AS"

+"last-modified"

+"BACK)"

+"NOT"

+"NNTP"

+"named"

+"useful"

+"secure"

+"case."

+"detected."

+"\"HTTP\""

+"private"

+"CERN/3.0"

+"CTE"

+"(CTE)"

+"Too"

+"CTL"

+"PUT,"

+"user-agent"

+"PUT)"

+"POST"

+"select"

+"use"

+"TASK"

+"from"

+"exception."

+"working"

+"to"

+"positive"

+"two"

+"URI;"

+"properties"

+"few"

+"--THIS_STRING_SEPARATES"

+"POST,"

+"call"

+"memory"

+"MUST,"

+"scope"

+"type"

+"authorization"

+"more"

+"ISO-8859-9,"

+"(GMT),"

+"(TE)"

+"name."

+"LF,"

+"RFC-850"

+"warn"

+"bytes,"

+"Found"

+"cases"

+"MHTML"

+"name:"

+"must"

+"Content"

+"ALL"

+"MHTML,"

+"RIGHTS"

+"this"

+"NTP"

+"work"

+"--THIS_STRING_SEPARATES--"

+"Syntax"

+"can"

+"of"

+"following"

+"\"I"

+"closing"

+"root"

+"example"

+"requested,"

+"J.,"

+"type."

+"reserved"

+"stream"

+"process"

+"attribute"

+"allowed"

+"high"

+"currency"

+"numbers"

+"want"

+"type:"

+"native"

+"LF"

+"class,"

+"end"

+"Missing"

+"HTTP-"

+"HTTP,"

+"links"

+"1"

+"line."

+"2*N"

+"H."

+"1XX"

+"WARRANTIES,"

+"HTTP:"

+"A"

+"badly"

+"HEAD"

+"may"

+"insecure"

+"after"

+"containing"

+"tracking"

+"wrong"

+"[SP"

+"ANSI,"

+"date"

+"such"

+"data"

+"parallel"

+"repeat"

+"a"

+"FTP,"

+"All"

+"short"

+"Y."

+"UA"

+"(2**N),"

+"element"

+"so"

+"cases."

+"File"

+"(LWS)"

+"\"DEFLATE"

+"order"

+"charset"

+"\"SHOULD"

+"don't"

+"MIC"

+"move"

+"vary"

+"satisfied"

+"CD-ROM,"

+"HTTP-WG."

+"LINK,"

+"pointer"

+"its"

+"digest"

+"before"

+"HTML"

+"(OK)"

+"Rules"

+"MAY,"

+"fix"

+"ISO-3166"

+"actually"

+"407"

+"(GNU"

+"\"HTTP/1.1\","

+"P.,"

+"401"

+"MERCHANTABILITY"

+"DNS."

+"into"

+"\"HTTP"

+"it."

+"it,"

+"return"

+"URL"

+"URI"

+"number"

+"Bad"

+"not"

+"However,"

+"SSL"

+"name"

+"always"

+"expectation."

+"--"

+"ISO-639"

+"]URI,"

+"found"

+"trailer"

+"mean"

+"breakdown"

+"From"

+"UTC"

+"(via"

+"(URI)"

+"UNLINK"

+"expect"

+"exceeded"

+"(MIC)"

+"event"

+"out"

+"is:"

+"E."

+"space"

+"\"MUST/MAY/SHOULD\""

+"REQUIRED"

+"ALPHA"

+"HTTP/2.4"

+"4DIGIT"

+"increase"

+"L."

+"time."

+"PATCH,"

+"supports"

+"2DIGIT"

+"K.,"

+"(A,"

+"This"

+"free"

+"\"B\""

+"RFC"

+"base"

+"IMPLIED,"

+"byte"

+"received."

+"generate"

+"text/plain"

+"ISO-8859-7,"

+"\"HTTP/1.1\""

+"Partial"

+"could"

+"transition"

+"DISCLAIMS"

+"times"

+"filter"

+"HTML\","

+"length"

+"HEAD."

+"HEAD,"

+"S.,"

+"first"

+"origin"

+"\"E\""

+"already"

+"UPALPHA"

+"3DIGIT"

+"Cache"

+"Please"

+"token."

+"one"

+"CHAR"

+"ISI"

+"another"

+"FITNESS"

+"message"

+"CSS1,"

+"open"

+"size"

+"doesn't"

+"\""

+"script"

+"unknown"

+"top"

+"header)"

+"system"

+"construct"

+"image/gif"

+"2"

+"ignored."

+"listed"

+"Date"

+"LOALPHA"

+"scheme"

+"store"

+"too"

+"M."

+"Success"

+"that"

+"completed"

+"OPTIONAL;"

+"R"

+"pragma"

+"(IANA"

+"WAIS"

+"F.,"

+"than"

+"K."

+"target"

+"Content-Type:"

+"require"

+"Only"

+"HTTP/2.13,"

+"headers"

+"See"

+"GMT."

+"HTTP/2.0,"

+"were"

+"1)"

+"IS\""

+"1*8ALPHA"

+"are"

+"and"

+"IRC/6.9,"

+"false"

+"turned"

+"ANSI"

+"B"

+"(IANA)"

+"tables"

+"have"

+"MIME,"

+"need"

+"HTTP/1.1.)"

+"null"

+"any"

+"contents"

+"data)"

+"(LZ77)"

+"(MIME"

+"mechanism"

+"internal"

+"(C)"

+"take"

+"which"

+"With"

+"UCI"

+"HTTP/0.9,"

+"content-"

+"200"

+"begin"

+"multiple"

+"TCP/IP"

+"Content-Disposition"

+"206"

+"buffer"

+"object"

+"\"MUST\","

+"regular"

+"entry"

+"The"

+"]"

+"model"

+"D."

+"US-ASCII"

+"L.,"

+"(URL)"

+"If"

+"+"

+"\"MIME"

+"Note:"

+"particularly"

+"WA"

+"text"

+"supported"

+"\"C\""

+"Unrecognized"

+"CRLF."

+"CRLF,"

+"SP"

+"find"

+"MUST"

+"true,"

+"cache."

+"upgrade"

+"cache)"

+"implementation"

+"("

+"[RFC"

+"cache"

+"outside"

+"should"

+"failed"

+"only"

+"URL)."

+"LDAP)"

+"USA"

+"WARRANTIES"

+"(UA)"

+"get"

+"there"

+"HEREIN"

+"\"HTTP\"."

+"cannot"

+"shared"

+"THE"

+"BNF"

+"DIGIT,"

+"closure"

+"PUT"

+"reading"

+"resource"

+"A.,"

+"W."

+"16"

+"ISO-8859."

+"calling"

+"J."

+"INCLUDING"

+"common"

+"INTERNET"

+"release"

+"ISI/RR-98-463,"

+"\"CONNECT\""

+"where"

+"set"

+"IANA"

+"For"

+"\"F\""

+"configured"

+"C"

+"this,"

+"multipart"

+"close"

+"E.,"

+"end."

+"detect"

+"GET"

+"WWW\","

+"1*DIGIT"

+"BUT"

+"MIT"

+"3"

+"unable"

+"between"

+"probably"

+"boundary"

+"0)"

+"\"SHALL"

+"\"RECOMMENDED\","

+"available"

+"we"

+"FOR"

+"missing"

+"importance"

+"screen"

+"connection."

+"PARTICULAR"

+"UNIX"

+"STD"

+"ISO-8859-1"

+"key"

+"(MIME)"

+"P."

+"\"HTTP/1.1\"."

+"HTTP/1.0),"

+"AND"

+"received"

+"WWW"

+"TRACE"

+"\"MAY\","

+"many"

+"*TEXT"

+"Unsupported"

+"using:"

+"connection"

+"Unicode"

+"*OCTET"

+"exceeds"

+"(URN)"

+"safely"

+"ANY"

+"can't"

+"WARRANTY"

+"ISO-8859-8,"

+"Content-Length"

+"consume"

+"simple"

+"header"

+"DNS)"

+"colon"

+"\"GET\""

+"spans"

+"1*HEX"

+"table"

+"allocated"

+"BCP"

+"application/pdf"

+"LWS:"

+"save"

+"\"REQUIRED\","

+"Wed,"

+"C."

+"C,"

+"encryption"

+"create"

+"(MHTML)\","

+"been"

+"."

+"HTTP/12.3."

+"\"PUT\""

+"context."

+"LWS,"

+"basic"

+"expected"

+"prototype"

+"GMT,"

+"empty"

+"define"

+"PNG,\""

+"\"D\""

+"with"

+"CA"

+"HEX"

+"N"

+"0*3DIGIT"

+"\"W/\""

+"CR"

+"\"DELETE\""

+"unnecessarily"

+"case"

+"exception"

+"(A"

+"(HTTP)"

+"value"

+"INFRINGE"

+"while"

+"\"GZIP"

+"\"SHALL\","

+"error"

+"\"GMT\""

+"(LWS)."

+"resident"

+"is"

+"thus"

+"it"

+"encountered"

+"parse"

+"MIME"

+"in"

+"SIGCOMM"

+"You"

+"if"

+"result"

+"binary"

+"different"

+"\"A"

+")"

+"CREATE"

+"expired"

+"1DIGIT"

+"same"

+"OPTIONS"

+"transfer-encoding"

+"BNF,"

+"unrecognized"

+"units"

+"UST"

+"status"

+"\"%"

+"used"

+"http"

+"context"

+"I"

+"IP"

+"(O)."

+"allocation"

+"running"

+"*LWS"

+"user"

+"SMTP"

+"\"SHOULD\","

+"stack"

+"task"

+"CR."

+"failing"

+"IETF"

+"M.,"

+"Names"

+"In"

+"position"

+"the"

+"audio"

+"left"

+"US-ASCII."

+"MAY"

+"THAT"

+"being"

+"(OK)."

+"actions"

+"invalid"

+"HTTP/1.0)"

+"CRC."

+"previous"

+"adding"

+"TO"

+"<US-ASCII"

+"source"

+"ISO-8859-2,"

+"\"OPTIONS\""

+"location"

+"HTTP/1.0"

+"HTTP/1.1"

+"size,"

+"has"

+"match"

+"build"

+"URI."

+"tests"

+"format"

+"read"

+"H.,"

+"T"

+"using"

+"LIMITED"

+"OK"

+"text/html"

+"success"

+"ISO-8859-5,"

+"B,"

+"signal"

+"MIME:"

+"(HTCPCP/1.0)\","

+"server"

+"ignore"

+"OF"

+"output"

+"page"

+"S."

+"because"

+"old"

+"sequence"

+"HT."

+"B.,"

+"some"

+"back"

+"HT"

+"Last-Modified"

+"growth"

+"DEL"

+"specified"

+"unless"

+"H.F.,"

+"HTTP/1.0."

+"(BNF)"

+"happens"

+"discarded"

+"PUT."

+"INDEX."

+"trace"

+"for"

+"avoid"

+"CR,"

+"does"

+"CONNECT"

+"assuming"

+"be"

+"run"

+"GET."

+"deleted"

+"equivalent"

+"X3.4-1986"

+"<URL:"

+"O"

+"ISO-8859-1."

+"broken"

+"host"

+"HTTP/1.0,"

+"LWS>"

+"INFORMATION"

+"X3.4-1986,"

+"by"

+"ALPHA,"

+"Location"

+"on"

+"DIGIT"

+"actual"

+"extension"

+"tracing"

+"R.,"

+"\"UTF-8,"

+"*<TEXT,"

+"OR"

+"range"

+"3ALPHA"

+"URI,"

+"value."

+"Message"

+"DELETE"

+"content-type"

+"or"

+"UC"

+"No"

+"ISO-"

+"image"

+"ACM"

+"HEX\""

+"URL,"

+"ISO-8859-6,"

+"T.,"

+"operator"

+"T/TCP"

+"file."

+"GET\""

+"transfer"

+"support"

+"*"

+"long"

+"class"

+"start"

+"forward"

+"was"

+"function"

+"HT,"

+"N."

+"HTTP/1.1\","

+"OCTET"

+"but"

+"failure"

+"TE:"

+"IMPLIED"

+"CRLF"

+"DNS"

+"Error"

+"\"ZLIB"

+"line"

+"trying"

+"true"

+"GMT"

+"count"

+"default"

+"B."

+"ISO-8859-1,"

+"up"

+"ISO-8859-1)"

+"SHOULD"

+"PURPOSE."

+"used."

+"WILL"

+">"

+"called"

+"delete"

+"DELETE,"

+"storing"

+"USE"

+"image/jpeg"

+"defined"

+"LWS"

+"URL."

+"unsafe"

+"an"

+"To"

+"as"

+"warning"

+"exist"

+"at"

+"file"

+"NOT\""

+"NOT,"

+"W3C/MIT"

+"ISO-8859-1:1987."

+"SHTTP/1.3,"

+"no"

+"when"

+"A,"

+"virtual"

+"A."

+"details."

+"application"

+"valid"

+"OPTIONAL"

+"\"TRACE\""

+"test"

+"MD5"

+"you"

+"TE"

+"ISO-8859-3,"

+"requested"

+"elements"

+"C)"

+"symbol"

+"T."

+"code)"

+"variable"

+"SOCIETY"

+"\"MUST"

+"TCP"

+"ISO-10646\","

+"NOT\","

+"R."

+"audio/basic"

+"IANA."

+"\"WAIS"

+"persistent"

+"Its"

+"As"

+"time"

+"failures"

+"\"ISO-8859-1\""

+"once"