Add client protocol fuzzer test

tools/chrome_proxy/webdriver/protocol_fuzz.py

+# Copyright 2017 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+#
+#
+# This test checks that Chrome does not crash or otherwise wildly misbehave when
+# it receives unexpected Chrome-Proxy header values and/or directives. This is
+# done by fuzz testing which is configured through a dictionary object at the
+# top of this file.
+#
+# The fuzz testing generates URLs which are requested from the Chrome Proxy test
+# server which will modify its response based on the encoded data in the URL.
+#
+# The fuzz testing is configured in a dictionary-type object of the following
+# format:
+#   {
+#     # This specifies a header that will be fuzzed. Only one header is fuzzed
+#     # per test. When a header is being fuzz tested, any entry it has in the
+#     # STATIC_RESPONSE_HEADERS object will be overwritten.
+#     "chrome-proxy": {
+#       # This specifies the directive key values that are possible to use in
+#       # fuzzing.
+#       "directive_keys: [
+#         "page-policy",
+#         "foo",
+#       ],
+#       # This specifies the directive values that are possible to use in
+#       # fuzzing. Any one of these values may end up mapped to any one of the
+#       # directive_keys above.
+#       "directive_values": [
+#         "empty-image",
+#         "bar",
+#       ],
+#       # The maximum number of directives to use in this header. If this value
+#       # is greater than the number of directives given above, that will be
+#       # used instead.
+#       "max_directives": 10,
+#
+#       # The maximum number of directive values to use per directive. If this
+#       # value is greater than the number of directive values given above, that
+#       # will be used instead.
+#       "max_directive_values": 10,
+#
+#       # This is used to join the directive values when multiple are used.
+#       "directive_value_joiner": "|",
+#     },
+#   }
+#
+# If the above configuration was given, the following values would be generated
+# for the chrome-proxy header:
+#   <empty-string>
+#   foo
+#   foo=bar
+#   foo=empty-image
+#   foo=bar|empty-image
+#   page_policies
+#   page_policies=bar
+#   page_policies=empty-image
+#   page_policies=bar|empty-image
+#   foo page_policies
+#   foo=bar page_policies=bar
+#   foo=empty-image page_policies=empty-image
+#   foo=bar|empty-image page_policies=bar|empty-image

[Tom Bergan, 2017/06/07 22:18:08]

Directives should be comma-separated, I think?

[Robert Ogden, 2017/06/07 23:38:35]

Done.

+#
+# Randomly generated values are also supported in the fuzz_header field
+# ("chrome-proxy" in the above example), directive_keys, and directive_values.
+# Randomly generated values can be specified using these formats:
+#   {{RAND_STR(N)}}
+#     Creates a random string of lowercase and digit characters of length N
+#
+#   {{RAND_INT(N)}}
+#     Creates a random integer in the range [0, 10^N+1) with leading zeros
+#     Example: "Num cookies: {{RAND_INT(4)}}" yields "Num cookies: 0123"
+#
+#   {{RAND_DBL(P.Q)}}
+#     Creates a random double in the range [0, 10^P+1) with leading zeros and
+#     up to Q places after the decimal point
+#     Example: "My money = ${{RAND_DBL(3,2)}}" yields "My money = $001.53"
+#
+#   {{RAND_BOOL}}
+#     Creates a random boolean, either 'true' or 'false'
+#     Example: "I am awesome: {{RAND_BOOL}}" yields "I am awesome: true"
+
+import BaseHTTPServer
+import base64
+import itertools
+import json
+import random
+import re
+import string
+
+from common import TestDriver
+from common import IntegrationTest
+from decorators import Slow
+
+# This dict configures how the fuzzing will operate. See documentation above for
+# more information.
+FUZZ_HEADERS = {
+  "chrome-proxy": {
+    "directive_keys": [
+      "foo",
+      "{{RAND_STR(10)}}",
+      "page-policies",
+      "q",
+      "block-once",
+      "block",
+      "bypass",
+    ],
+    "directive_values": [
+      "bar",
+      "{{RAND_INT(1)}}",
+      "{{RAND_INT(4)}}",
+      "empty-image",
+      "{{RAND_STR(10)}}",
+      "low",
+      "preview",
+    ],
+    "max_directives": 10,

[Tom Bergan, 2017/06/07 22:18:08]

You can probably shrink this to 3, since most bugs are in a corner-case at the
front, end, or middle.

[Robert Ogden, 2017/06/07 23:38:36]

Done.

+    "max_directive_values": 10,

[Tom Bergan, 2017/06/07 22:18:08]

Ditto here.

[Robert Ogden, 2017/06/07 23:38:35]

Done.

+    "directive_value_joiner": "|",
+  },
+}
+
+TEST_SERVER = "chromeproxy-test.appspot.com"
+
+# These headers will be present in every test server response. If one of these
+# entries is also a fuzzed header above, then the fuzzed value will take the
+# place of the static one instead.
+STATIC_RESPONSE_HEADERS = {
+  "content-type":  ["text/html"],
+  "via":           ["1.1 Chrome-Compression-Proxy"],
+  "cache-control": ["no-cache, no-store, must-revalidate"],
+  "pragma":        ["no-cache"],
+  "expires":       ["0"],
+}
+
+# This string will be used as the response body in every test and will be
+# checked for existance on the final loaded page.
+STATIC_RESPONSE_BODY = 'ok'
+
+rand_str_re = re.compile(r'{{RAND_STR\((\d+)\)}}')
+rand_int_re = re.compile(r'{{RAND_INT\((\d+)\)}}')
+rand_dbl_re = re.compile(r'{{RAND_DBL\((\d+)\.(\d+)\)}}')
+rand_bool_re = re.compile(r'{{RAND_BOOL}}')
+
+def ParseRand(key, val):
+  """This helper function parses the {{RAND}} expressions in the given values
+  and returns them with random values subsituted in place.
+
+  Args:
+    key: the header key with 0 or more {{RAND}} expressions
+    val: the header value with 0 or more {{RAND}} expressions
+  Returns:
+    A key, value tuple with subsituted random values
+  """
+  def GenerateRand(length, charset):
+    return ''.join(random.choice(charset) for _ in range(length))
+  def _parse_rand(v):
+    result = v
+    had_match = True
+    while had_match:
+      had_match = False
+      str_match = rand_str_re.search(result)
+      if str_match:
+        had_match = True
+        mag = int(result[str_match.start(1):str_match.end(1)])
+        rand_str = GenerateRand(mag, string.ascii_lowercase + string.digits)
+        result = (result[:str_match.start()] + rand_str
+          + result[str_match.end():])
+      int_match = rand_int_re.search(result)
+      if int_match:
+        had_match = True
+        mag = int(result[int_match.start(1):int_match.end(1)])
+        rand_int = GenerateRand(mag, string.digits)
+        result = (result[:int_match.start()] + rand_int
+          + result[int_match.end():])
+      dbl_match = rand_dbl_re.search(result)
+      if dbl_match:
+        had_match = True
+        magN = int(result[dbl_match.start(1):dbl_match.end(1)])
+        magD = int(result[dbl_match.start(2):dbl_match.end(2)])
+        rand_dbl = GenerateRand(magN, string.digits) + '.' + GenerateRand(magD,
+          string.digits)
+        result = (result[:dbl_match.start()] + rand_dbl
+          + result[dbl_match.end():])
+      bool_match = rand_bool_re.search(result)
+      if bool_match:
+        had_match = True
+        rand_bool = bool(random.getrandbits(1))
+        result = (result[:bool_match.start()] + str(rand_bool).lower()
+          + result[bool_match.end():])
+    return result
+  return (_parse_rand(key), _parse_rand(val))
+
+def GenerateFuzzedHeaders(cfg=FUZZ_HEADERS):
+  """This function yields header key value pairs which can be used to update a
+  Python dict representing HTTP headers. See file level documentation for more
+  information.
+
+  Args:
+    cfg: the configuration dict that specifies how to fuzz the proxy headers
+  Yields:
+    one header key value pair
+  """
+  for header_key in cfg:
+    fuzz = cfg[header_key]
+    dirs = fuzz['directive_keys']
+    vals = fuzz['directive_values']
+    max_dirs = min(fuzz['max_directives'], len(dirs))
+    max_vals = min(fuzz['max_directive_values'], len(vals))
+    def GenerateFuzzedValues():
+      for n in range(0, max_vals + 1):
+        for c in itertools.combinations(vals, n):
+          yield c
+    # Yield an empty header key,value pair before doing all the combinations.
+    yield (header_key, '')
+    for num_dirs in range(1, max_dirs + 1):
+      for directive_set in itertools.combinations(dirs, num_dirs):
+        for values in GenerateFuzzedValues():
+          value_list = list(values)
+          if '' in value_list:
+            value_list.remove('')
+          value_str = fuzz['directive_value_joiner'].join(value_list)
+          header = []
+          for directive in directive_set:
+            if len(value_str) == 0:
+              header.append(directive)
+            else:
+              header.append('%s=%s' % (directive, value_str))
+          yield ParseRand(header_key, ' '.join(header))
+
+class FuzzUnitTests(IntegrationTest):
+
+  def testParseRand(self):
+    tests = {
+      "{{RAND_STR(1)}": r"{{RAND_STR\(1\)}",
+      "{{RAND_INT(1)}": r"{{RAND_INT\(1\)}",
+      "{{RAND_DBL(1.1)}": r"{{RAND_DBL\(1\.1\)}",
+      "{{RAND_DBL(11)}}": r"{{RAND_DBL\(11\)}}",
+      "{{RAND_BOOL}": r"{{RAND_BOOL}",
+      "{{RAND_STR(0)}}": "",
+      "hi{{RAND_STR(0)}}": "hi",
+      "{{RAND_STR(0)}}there": "there",
+      "hi{{RAND_STR(0)}}there": "hithere",
+      "{{RAND_STR(3)}}": r"[a-z0-9][a-z0-9][a-z0-9]",
+      "{{RAND_STR(3)}}there": r"[a-z0-9][a-z0-9][a-z0-9]there",
+      "hi{{RAND_STR(3)}}": r"hi[a-z0-9][a-z0-9][a-z0-9]",
+      "hi{{RAND_STR(3)}}there": r"hi[a-z0-9][a-z0-9][a-z0-9]there",
+      "{{RAND_INT(0)}}": "",
+      "hi{{RAND_INT(0)}}": "hi",
+      "{{RAND_INT(0)}}there": "there",
+      "hi{{RAND_INT(0)}}there": "hithere",
+      "{{RAND_INT(3)}}": r"[0-9][0-9][0-9]",
+      "{{RAND_INT(3)}}there": r"[0-9][0-9][0-9]there",
+      "hi{{RAND_INT(3)}}": r"hi[0-9][0-9][0-9]",
+      "hi{{RAND_INT(3)}}there": r"hi[0-9][0-9][0-9]there",
+      "{{RAND_DBL(0.0)}}": r"\.",
+      "hi{{RAND_DBL(0.0)}}": r"hi\.",
+      "{{RAND_DBL(0.0)}}there": r"\.there",
+      "hi{{RAND_DBL(0.0)}}there": r"hi\.there",
+      "{{RAND_DBL(3.3)}}": r"[0-9][0-9][0-9]\.[0-9][0-9][0-9]",
+      "hi{{RAND_DBL(3.3)}}": r"hi[0-9][0-9][0-9]\.[0-9][0-9][0-9]",
+      "{{RAND_DBL(3.3)}}there": r"[0-9][0-9][0-9]\.[0-9][0-9][0-9]there",
+      "hi{{RAND_DBL(3.3)}}there": r"hi[0-9][0-9][0-9]\.[0-9][0-9][0-9]there",
+      "{{RAND_BOOL}}": r"(true|false)",
+      "{{RAND_BOOL}}there": r"(true|false)there",
+      "hi{{RAND_BOOL}}": r"hi(true|false)",
+      "hi{{RAND_BOOL}}there": r"hi(true|false)there",
+      "{{RAND_STR(1)}}{{RAND_STR(1)}}": r"[a-z0-9][a-z0-9]",
+      "{{RAND_STR(1)}}{{RAND_INT(1)}}": r"[a-z0-9][0-9]",
+      "{{RAND_STR(1)}}{{RAND_DBL(1.1)}}": r"[a-z0-9][0-9]\.[0-9]",
+      "{{RAND_STR(1)}}{{RAND_BOOL}}": r"[a-z0-9](true|false)",
+      "{{RAND_INT(1)}}{{RAND_STR(1)}}": r"[0-9][a-z0-9]",
+      "{{RAND_INT(1)}}{{RAND_INT(1)}}": r"[0-9][0-9]",
+      "{{RAND_INT(1)}}{{RAND_DBL(1.1)}}": r"[0-9][0-9]\.[0-9]",
+      "{{RAND_INT(1)}}{{RAND_BOOL}}": r"[0-9](true|false)",
+      "{{RAND_DBL(1.1)}}{{RAND_STR(1)}}": r"[0-9]\.[0-9][a-z0-9]",
+      "{{RAND_DBL(1.1)}}{{RAND_INT(1)}}": r"[0-9]\.[0-9][0-9]",
+      "{{RAND_DBL(1.1)}}{{RAND_DBL(1.1)}}": r"[0-9]\.[0-9][0-9]\.[0-9]",
+      "{{RAND_DBL(1.1)}}{{RAND_BOOL}}": r"[0-9]\.[0-9](true|false)",
+      "{{RAND_BOOL}}{{RAND_STR(1)}}": r"(true|false)[a-z0-9]",
+      "{{RAND_BOOL}}{{RAND_INT(1)}}": r"(true|false)[0-9]",
+      "{{RAND_BOOL}}{{RAND_DBL(1.1)}}": r"(true|false)[0-9]\.[0-9]",
+      "{{RAND_BOOL}}{{RAND_BOOL}}": r"(true|false)(true|false)",
+    }
+    for t in tests:
+      expected = re.compile('^' + tests[t] + '$')
+      gotK, gotV = ParseRand(t, t)
+      if not expected.match(gotK):
+        self.fail("%s doesn't match /%s/" % (gotK, tests[t]))
+      if not expected.match(gotV):
+        self.fail("%s doesn't match /%s/" % (gotK, tests[t]))
+
+  def testGenerator(self):
+    test_cfg = {
+      "chrome-proxy": {
+        "directive_keys": [
+          "foo",
+          "page_policies",
+        ],
+        "directive_values": [
+          "bar",
+          "empty-image",
+        ],
+        "max_directives": 10,
+        "max_directive_values": 10,
+        "directive_value_joiner": "|",
+      },
+    }
+    expected_headers = ['', 'foo', 'foo=bar', 'foo=empty-image',
+      'foo=bar|empty-image', 'page_policies', 'page_policies=bar',
+      'page_policies=empty-image', 'page_policies=bar|empty-image',
+      'foo page_policies', 'foo=bar page_policies=bar',
+      'foo=empty-image page_policies=empty-image',
+      'foo=bar|empty-image page_policies=bar|empty-image',
+    ]
+    actual_headers = []
+    for h in GenerateFuzzedHeaders(cfg=test_cfg):
+      actual_headers.append(h[1])
+    expected_headers.sort()
+    actual_headers.sort()
+    self.assertEqual(expected_headers, actual_headers)
+
+class ProtocolFuzzer(IntegrationTest):
+
+  def GenerateTestURLs(self):
+    """This function yields test URLs which will cause the test server to
+    respond with the given given headers and body.
+
+    Yields:
+      URLs suitable for testing fuzzed response headers
+    """
+    for fz_key, fz_val in GenerateFuzzedHeaders():
+      headers = {}
+      headers.update(STATIC_RESPONSE_HEADERS)
+      headers.update({fz_key: [fz_val]})
+      json_headers = json.dumps(headers)
+      b64_headers = base64.b64encode(json_headers)
+      url = "http://%s/default?respBody=%s&respHeader=%s" % (TEST_SERVER,
+        base64.b64encode(STATIC_RESPONSE_BODY), b64_headers)
+      yield (json_headers, url)
+
+  @Slow
+  def testFuzzing(self):
+    for headers, url in self.GenerateTestURLs():
+      with TestDriver() as t:
+        t.AddChromeArg('--enable-spdy-proxy-auth')
+        t.AddChromeArg('--data-reduction-proxy-http-proxies='
+          'https://chromeproxy-test.appspot.com')
+        try:
+          t.LoadURL(url)
+          # The main test is to make sure Chrome doesn't crash after loading a
+          # page with fuzzed headers, which would be raised as a ChromeDriver
+          # exception. Otherwise, we'll do a simple check and make sure the page
+          # body is correct and Chrome isn't displaying some kind of error page.
+          body = t.ExecuteJavascriptStatement('document.body.innerHTML')
+          self.assertEqual(body, STATIC_RESPONSE_BODY)
+        except Exception as e:
+          print 'Response headers: ' + headers
+          print 'URL: ' + url
+          raise e
+
+if __name__ == '__main__':
+  IntegrationTest.RunAllTests()