Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(838)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/server/http_server_fuzzer.cc

Issue 2649983003: A simple fuzzer for HttpServer, with limited coverage of WebSocket. (Closed)
Patch Set: Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/BUILD.gn ('K') | « net/data/fuzzer_dictionaries/net_http_server_fuzzer.dict ('k') | net/socket/fuzzed_server_socket.h » ('j') | net/socket/fuzzed_server_socket.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/server/http_server_fuzzer.cc
diff --git a/net/server/http_server_fuzzer.cc b/net/server/http_server_fuzzer.cc
new file mode 100644
index 0000000000000000000000000000000000000000..e23c9fb8a7de9e9649909622186588c927b0e210
--- /dev/null
+++ b/net/server/http_server_fuzzer.cc
@@ -0,0 +1,68 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/memory/ptr_util.h"
+#include "base/test/fuzzed_data_provider.h"
+#include "net/base/test_completion_callback.h"
+#include "net/log/test_net_log.h"
+#include "net/server/http_server.h"
+#include "net/socket/fuzzed_server_socket.h"
+
+namespace {
+
+class WaitTillHttpCloseDelegate : public net::HttpServer::Delegate {
+ public:
+ WaitTillHttpCloseDelegate(base::FuzzedDataProvider* data_provider,
+ const net::CompletionCallback& callback)
+ : server_(nullptr), data_provider_(data_provider), callback_(callback) {
+ should_accept_webp_ = data_provider_->ConsumeBool();
mmenke 2017/01/24 16:29:16 This variable name is confusing. webp is the name
Maks Orlovich 2017/01/24 18:34:18 Err, yeah. My past life shining through.
+ }
+
+ void set_server(net::HttpServer* server) { server_ = server; }
+
+ void OnConnect(int connection_id) override {}
mmenke 2017/01/24 16:29:16 Randomly close the socket or not here?
Maks Orlovich 2017/01/25 14:54:37 Done.
+ void OnHttpRequest(int connection_id,
+ const net::HttpServerRequestInfo& info) override {}
mmenke 2017/01/24 16:29:16 Should we randomly write data or close the connect
mmenke 2017/01/24 19:43:58 (Also, may want to do this multiple times, and syn
Maks Orlovich 2017/01/25 14:54:37 Done.
+
+ void OnWebSocketRequest(int connection_id,
+ const net::HttpServerRequestInfo& info) override {
+ // Randomize whether the delegate accepts web socket or not, to cover both
+ // options.
+ if (should_accept_webp_)
+ server_->AcceptWebSocket(connection_id, info);
+ }
+
+ void OnWebSocketMessage(int connection_id, const std::string& data) override {
mmenke 2017/01/24 16:29:16 Should we randomly write data or close the connect
Maks Orlovich 2017/01/25 14:54:37 Done.
+ }
+ void OnClose(int connection_id) override { callback_.Run(net::OK); }
mmenke 2017/01/24 19:43:58 Why is the socket guaranteed to be closed?
+
+ private:
+ net::HttpServer* server_;
+ base::FuzzedDataProvider* data_provider_;
mmenke 2017/01/24 16:29:16 nit: base::FuzzedDataProvider* const (Meaning th
Maks Orlovich 2017/01/24 18:34:18 Done.
+ net::CompletionCallback callback_;
+ bool should_accept_webp_;
mmenke 2017/01/24 16:29:16 add this to the initializer list and make it a con
mmenke 2017/01/24 16:29:16 DISALLOW_COPY_AND_ASSIGN + include base/macros.h
Maks Orlovich 2017/01/24 18:34:18 Done.
+};
+
+} // namespace
+
+// Fuzzer for HttpServer
+//
+// |data| is used to create a FuzzedServerSocket.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ net::BoundTestNetLog bound_test_net_log;
mmenke 2017/01/24 16:29:16 Should just be using TestNetLog (Then don't need t
Maks Orlovich 2017/01/25 14:54:37 Done.
+ base::FuzzedDataProvider data_provider(data, size);
+
+ std::unique_ptr<net::ServerSocket> server_socket(
+ base::MakeUnique<net::FuzzedServerSocket>(
+ &data_provider, bound_test_net_log.bound().net_log()));
+ CHECK_EQ(net::OK,
mmenke 2017/01/24 16:29:16 include net/base/net_errors.h and base/logging.h
Maks Orlovich 2017/01/25 14:54:37 Done.
+ server_socket->ListenWithAddressAndPort("127.0.0.1", 80, 5));
+
+ net::TestCompletionCallback callback; // provides the message loop
mmenke 2017/01/24 16:29:16 The comment isn't correct. It can spin the messag
Maks Orlovich 2017/01/25 14:54:37 Spinning is what I meant; the sloppy comment is be
+ WaitTillHttpCloseDelegate delegate(&data_provider, callback.callback());
+ net::HttpServer server(std::move(server_socket), &delegate);
+ delegate.set_server(&server);
+ CHECK_EQ(net::OK, callback.WaitForResult());
mmenke 2017/01/24 16:29:16 Why check the result? Also, I don't think we real
Maks Orlovich 2017/01/25 14:54:37 Switched to RunLoop --- which made the result issu
+ return 0;
+}
« net/BUILD.gn ('K') | « net/data/fuzzer_dictionaries/net_http_server_fuzzer.dict ('k') | net/socket/fuzzed_server_socket.h » ('j') | net/socket/fuzzed_server_socket.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698