xref: /aosp_15_r20/external/cronet/net/data/fuzzer_dictionaries/net_http_stream_parser_fuzzer.dict (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1# Copyright 2016 The Chromium Authors
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5# Fuzzer dictionary targetting HTTP/1.x responses.
6
7# Entries that are generally useful in headers
8":"
9"\x0A"
10"\x0D"
11"0"
12"50"
13"500"
14# Horizontal whitespace. Matters mostly in status line.
15" "
16"\x09"
17# Header continuation
18"\x0D\x0A\x09"
19# Used in a lot of individual headers
20";"
21"="
22","
23"\""
24"-"
25
26# Status line components
27"HTTP"
28"/1.1"
29"/1.0"
30# More interesting status codes.  Leading space so can be inserted into
31# other status lines.
32" 100"
33" 200"
34" 206"
35" 301"
36" 302"
37" 303"
38" 304"
39" 307"
40" 308"
41" 401"
42" 403"
43" 404"
44" 500"
45" 501"
46" 403"
47
48# Full status lines (Some with relevant following headers)
49"HTTP/1.1 200 OK\x0A\x0A"
50"HTTP/1.1 100 Continue\x0A\x0A"
51"HTTP/1.1 401 Unauthorized\x0AWWW-Authenticate: Basic realm=\"Middle-Earth\"\x0A\xA0"
52"HTTP/1.1 407 Proxy Authentication Required\x0AProxy-Authenticate: Digest realm=\"Middle-Earth\", nonce=\"aaaaaaaaaa\"\x0A\x0A"
53"HTTP/1.0 301 Moved Permanently\x0ALocation: /a\x0A\x0A"
54"HTTP/1.1 302 Found\x0ALocation: http://lost/\x0A\x0A"
55
56# Proxy authentication headers. Note that fuzzers don't support NTLM or
57# negotiate.
58"WWW-Authenticate:"
59"Proxy-Authenticate:"
60"Basic"
61"Digest"
62"realm"
63"nonce"
64
65"Connection:"
66"Proxy-Connection:"
67"Keep-Alive"
68"Close"
69"Upgrade"
70"\x0AConnection: Keep-Alive"
71"\x0AConnection: Close"
72"\x0AProxy-Connection: Keep-Alive"
73"\x0AProxy-Connection: Close"
74
75"Content-Length:"
76"Transfer-Encoding:"
77"chunked"
78"\x0AContent-Length: 0"
79"\x0AContent-Length: 500"
80"\x0ATransfer-Encoding: chunked\x0A\x0A5\x0A12345\x0A0\x0A\x0A"
81
82"Location:"
83"\x0ALocation: http://foo/"
84"\x0ALocation: http://bar/"
85"\x0ALocation: https://foo/"
86"\x0ALocation: https://bar/"
87
88"Accept-Ranges:"
89"bytes"
90"\x0AAccept-Ranges: bytes"
91
92"Content-Range:"
93
94"Age:"
95"\x0AAge: 0"
96"\x0AAge: 3153600000"
97
98"Cache-Control:"
99"max-age"
100"no-cache"
101"no-store"
102"must-revalidate"
103"\x0ACache-Control: max-age=3153600000"
104"\x0ACache-Control: max-age=0"
105"\x0ACache-Control: no-cache"
106"\x0ACache-Control: no-store"
107"\x0ACache-Control: must-revalidate"
108
109"Content-Disposition:"
110"attachment"
111"filename"
112
113"Content-Encoding:"
114"gzip"
115"deflate"
116"sdch"
117"br"
118"\x0AContent-Encoding: gzip"
119"\x0AContent-Encoding: deflate"
120"\x0AContent-Encoding: sdch"
121"\x0AContent-Encoding: br"
122
123"Date:"
124"Fri, 01 Apr, 2050 14:14:14 GMT"
125"Mon, 28 Mar, 2016 04:04:04 GMT"
126"\x0ADate: Fri, 01 Apr, 2050 14:14:14 GMT"
127"\x0ADate: Mon, 28 Mar, 2016 04:04:04 GMT"
128
129"Last-Modified:"
130"\x0ALast-Modified: Fri, 01 Apr, 2050 14:14:14 GMT"
131"\x0ALast-Modified: Mon, 28 Mar, 2016 04:04:04 GMT"
132
133"Expires:"
134"\x0AExpires: Fri, 01 Apr, 2050 14:14:14 GMT"
135"\x0AExpires: Mon, 28 Mar, 2016 04:04:04 GMT"
136
137"Set-Cookie:"
138"Expires"
139"Max-Age"
140"Domain"
141"Path"
142"Secure"
143"HttpOnly"
144"Priority"
145"Low"
146"Medium"
147"High"
148"SameSite"
149"Strict"
150"Lax"
151"\x0ASet-Cookie: foo=bar"
152"\x0ASet-Cookie: foo2=bar2;HttpOnly;Priority=Low;SameSite=Strict;Path=/"
153"\x0ASet-Cookie: foo=chicken;SameSite=Lax"
154
155"Strict-Transport-Security:"
156"includeSubDomains"
157
158"Vary:"
159"\x0AVary: Cookie"
160"\x0AVary: Age"
161
162"ETag:"
163"\x0AETag: jumboshrimp"
164
165
166# This part has been generated with testing/libfuzzer/dictionary_generator.py
167# using net_http_stream_parser_fuzzer binary and RFC 2616.
168"all"
169"code"
170"maximum"
171"Transfer-Encoding"
172"D.,"
173"results"
174"follow"
175"(LZW)."
176"provided."
177"(which"
178"ISDN"
179"\"TE\""
180"LF>"
181"FORCE"
182"calculate"
183"\"IETF"
184"UNIX,"
185"ARPA"
186"\"OPTIONAL\""
187"environment"
188"ENGINEERING"
189"program"
190"USENET"
191"TEXT"
192"Not"
193"Nov"
194"include"
195"resources"
196"(STD"
197"labels"
198"string"
199"returning"
200"HTTP/1.1;"
201"SP,"
202"SP."
203"entries"
204"HTTP/1.1,"
205"HTTP/1.1."
206"difference"
207"(URI):"
208"did"
209"[CRLF]"
210"EXPRESS"
211"list"
212"HTTP/1.0\","
213"(RFC"
214"large"
215"ONLY"
216"Tag"
217"(LWS"
218"(URL)\","
219"\"A\"..\"Z\">"
220"unexpected"
221"GET)"
222"direct"
223"Failed"
224"second"
225"Version"
226"\"A\""
227"allowed."
228"GET,"
229"tag."
230"implemented"
231"\"HTTP/1.0\""
232"errors"
233"ISO-8859-4,"
234"appear"
235"incompatible"
236"section"
237"CPU"
238"current"
239"waiting"
240"version"
241"above"
242"TTL"
243"new"
244"CRLF)"
245"public"
246"FTP"
247"NNTP."
248"WWW-"
249"never"
250"equals"
251"\"HTTP/1.1"
252"reported"
253"objects"
254"address"
255"active"
256"\"HEAD\""
257"["
258"\"POST\""
259"HTTP."
260"change"
261"MA"
262"\"AS"
263"last-modified"
264"BACK)"
265"NOT"
266"NNTP"
267"named"
268"useful"
269"secure"
270"case."
271"detected."
272"\"HTTP\""
273"private"
274"CERN/3.0"
275"CTE"
276"(CTE)"
277"Too"
278"CTL"
279"PUT,"
280"user-agent"
281"PUT)"
282"POST"
283"select"
284"use"
285"TASK"
286"from"
287"exception."
288"working"
289"to"
290"positive"
291"two"
292"URI;"
293"properties"
294"few"
295"--THIS_STRING_SEPARATES"
296"POST,"
297"call"
298"memory"
299"MUST,"
300"scope"
301"type"
302"authorization"
303"more"
304"ISO-8859-9,"
305"(GMT),"
306"(TE)"
307"name."
308"LF,"
309"RFC-850"
310"warn"
311"bytes,"
312"Found"
313"cases"
314"MHTML"
315"name:"
316"must"
317"Content"
318"ALL"
319"MHTML,"
320"RIGHTS"
321"this"
322"NTP"
323"work"
324"--THIS_STRING_SEPARATES--"
325"Syntax"
326"can"
327"of"
328"following"
329"\"I"
330"closing"
331"root"
332"example"
333"requested,"
334"J.,"
335"type."
336"reserved"
337"stream"
338"process"
339"attribute"
340"allowed"
341"high"
342"currency"
343"numbers"
344"want"
345"type:"
346"native"
347"LF"
348"class,"
349"end"
350"Missing"
351"HTTP-"
352"HTTP,"
353"links"
354"1"
355"line."
356"2*N"
357"H."
358"1XX"
359"WARRANTIES,"
360"HTTP:"
361"A"
362"badly"
363"HEAD"
364"may"
365"insecure"
366"after"
367"containing"
368"tracking"
369"wrong"
370"[SP"
371"ANSI,"
372"date"
373"such"
374"data"
375"parallel"
376"repeat"
377"a"
378"FTP,"
379"All"
380"short"
381"Y."
382"UA"
383"(2**N),"
384"element"
385"so"
386"cases."
387"File"
388"(LWS)"
389"\"DEFLATE"
390"order"
391"charset"
392"\"SHOULD"
393"don't"
394"MIC"
395"move"
396"vary"
397"satisfied"
398"CD-ROM,"
399"HTTP-WG."
400"LINK,"
401"pointer"
402"its"
403"digest"
404"before"
405"HTML"
406"(OK)"
407"Rules"
408"MAY,"
409"fix"
410"ISO-3166"
411"actually"
412"407"
413"(GNU"
414"\"HTTP/1.1\","
415"P.,"
416"401"
417"MERCHANTABILITY"
418"DNS."
419"into"
420"\"HTTP"
421"it."
422"it,"
423"return"
424"URL"
425"URI"
426"number"
427"Bad"
428"not"
429"However,"
430"SSL"
431"name"
432"always"
433"expectation."
434"--"
435"ISO-639"
436"]URI,"
437"found"
438"trailer"
439"mean"
440"breakdown"
441"From"
442"UTC"
443"(via"
444"(URI)"
445"UNLINK"
446"expect"
447"exceeded"
448"(MIC)"
449"event"
450"out"
451"is:"
452"E."
453"space"
454"\"MUST/MAY/SHOULD\""
455"REQUIRED"
456"ALPHA"
457"HTTP/2.4"
458"4DIGIT"
459"increase"
460"L."
461"time."
462"PATCH,"
463"supports"
464"2DIGIT"
465"K.,"
466"(A,"
467"This"
468"free"
469"\"B\""
470"RFC"
471"base"
472"IMPLIED,"
473"byte"
474"received."
475"generate"
476"text/plain"
477"ISO-8859-7,"
478"\"HTTP/1.1\""
479"Partial"
480"could"
481"transition"
482"DISCLAIMS"
483"times"
484"filter"
485"HTML\","
486"length"
487"HEAD."
488"HEAD,"
489"S.,"
490"first"
491"origin"
492"\"E\""
493"already"
494"UPALPHA"
495"3DIGIT"
496"Cache"
497"Please"
498"token."
499"one"
500"CHAR"
501"ISI"
502"another"
503"FITNESS"
504"message"
505"CSS1,"
506"open"
507"size"
508"doesn't"
509"\""
510"script"
511"unknown"
512"top"
513"header)"
514"system"
515"construct"
516"image/gif"
517"2"
518"ignored."
519"listed"
520"Date"
521"LOALPHA"
522"scheme"
523"store"
524"too"
525"M."
526"Success"
527"that"
528"completed"
529"OPTIONAL;"
530"R"
531"pragma"
532"(IANA"
533"WAIS"
534"F.,"
535"than"
536"K."
537"target"
538"Content-Type:"
539"require"
540"Only"
541"HTTP/2.13,"
542"headers"
543"See"
544"GMT."
545"HTTP/2.0,"
546"were"
547"1)"
548"IS\""
549"1*8ALPHA"
550"are"
551"and"
552"IRC/6.9,"
553"false"
554"turned"
555"ANSI"
556"B"
557"(IANA)"
558"tables"
559"have"
560"MIME,"
561"need"
562"HTTP/1.1.)"
563"null"
564"any"
565"contents"
566"data)"
567"(LZ77)"
568"(MIME"
569"mechanism"
570"internal"
571"(C)"
572"take"
573"which"
574"With"
575"UCI"
576"HTTP/0.9,"
577"content-"
578"200"
579"begin"
580"multiple"
581"TCP/IP"
582"Content-Disposition"
583"206"
584"buffer"
585"object"
586"\"MUST\","
587"regular"
588"entry"
589"The"
590"]"
591"model"
592"D."
593"US-ASCII"
594"L.,"
595"(URL)"
596"If"
597"+"
598"\"MIME"
599"Note:"
600"particularly"
601"WA"
602"text"
603"supported"
604"\"C\""
605"Unrecognized"
606"CRLF."
607"CRLF,"
608"SP"
609"find"
610"MUST"
611"true,"
612"cache."
613"upgrade"
614"cache)"
615"implementation"
616"("
617"[RFC"
618"cache"
619"outside"
620"should"
621"failed"
622"only"
623"URL)."
624"LDAP)"
625"USA"
626"WARRANTIES"
627"(UA)"
628"get"
629"there"
630"HEREIN"
631"\"HTTP\"."
632"cannot"
633"shared"
634"THE"
635"BNF"
636"DIGIT,"
637"closure"
638"PUT"
639"reading"
640"resource"
641"A.,"
642"W."
643"16"
644"ISO-8859."
645"calling"
646"J."
647"INCLUDING"
648"common"
649"INTERNET"
650"release"
651"ISI/RR-98-463,"
652"\"CONNECT\""
653"where"
654"set"
655"IANA"
656"For"
657"\"F\""
658"configured"
659"C"
660"this,"
661"multipart"
662"close"
663"E.,"
664"end."
665"detect"
666"GET"
667"WWW\","
668"1*DIGIT"
669"BUT"
670"MIT"
671"3"
672"unable"
673"between"
674"probably"
675"boundary"
676"0)"
677"\"SHALL"
678"\"RECOMMENDED\","
679"available"
680"we"
681"FOR"
682"missing"
683"importance"
684"fetchpriority"
685"screen"
686"connection."
687"PARTICULAR"
688"UNIX"
689"STD"
690"ISO-8859-1"
691"key"
692"(MIME)"
693"P."
694"\"HTTP/1.1\"."
695"HTTP/1.0),"
696"AND"
697"received"
698"WWW"
699"TRACE"
700"\"MAY\","
701"many"
702"*TEXT"
703"Unsupported"
704"using:"
705"connection"
706"Unicode"
707"*OCTET"
708"exceeds"
709"(URN)"
710"safely"
711"ANY"
712"can't"
713"WARRANTY"
714"ISO-8859-8,"
715"Content-Length"
716"consume"
717"simple"
718"header"
719"DNS)"
720"colon"
721"\"GET\""
722"spans"
723"1*HEX"
724"table"
725"allocated"
726"BCP"
727"application/pdf"
728"LWS:"
729"save"
730"\"REQUIRED\","
731"Wed,"
732"C."
733"C,"
734"encryption"
735"create"
736"(MHTML)\","
737"been"
738"."
739"HTTP/12.3."
740"\"PUT\""
741"context."
742"LWS,"
743"basic"
744"expected"
745"prototype"
746"GMT,"
747"empty"
748"define"
749"PNG,\""
750"\"D\""
751"with"
752"CA"
753"HEX"
754"N"
755"0*3DIGIT"
756"\"W/\""
757"CR"
758"\"DELETE\""
759"unnecessarily"
760"case"
761"exception"
762"(A"
763"(HTTP)"
764"value"
765"INFRINGE"
766"while"
767"\"GZIP"
768"\"SHALL\","
769"error"
770"\"GMT\""
771"(LWS)."
772"resident"
773"is"
774"thus"
775"it"
776"encountered"
777"parse"
778"MIME"
779"in"
780"SIGCOMM"
781"You"
782"if"
783"result"
784"binary"
785"different"
786"\"A"
787")"
788"CREATE"
789"expired"
790"1DIGIT"
791"same"
792"OPTIONS"
793"transfer-encoding"
794"BNF,"
795"unrecognized"
796"units"
797"UST"
798"status"
799"\"%"
800"used"
801"http"
802"context"
803"I"
804"IP"
805"(O)."
806"allocation"
807"running"
808"*LWS"
809"user"
810"SMTP"
811"\"SHOULD\","
812"stack"
813"task"
814"CR."
815"failing"
816"IETF"
817"M.,"
818"Names"
819"In"
820"position"
821"the"
822"audio"
823"left"
824"US-ASCII."
825"MAY"
826"THAT"
827"being"
828"(OK)."
829"actions"
830"invalid"
831"HTTP/1.0)"
832"CRC."
833"previous"
834"adding"
835"TO"
836"<US-ASCII"
837"source"
838"ISO-8859-2,"
839"\"OPTIONS\""
840"location"
841"HTTP/1.0"
842"HTTP/1.1"
843"size,"
844"has"
845"match"
846"build"
847"URI."
848"tests"
849"format"
850"read"
851"H.,"
852"T"
853"using"
854"LIMITED"
855"OK"
856"text/html"
857"success"
858"ISO-8859-5,"
859"B,"
860"signal"
861"MIME:"
862"(HTCPCP/1.0)\","
863"server"
864"ignore"
865"OF"
866"output"
867"page"
868"S."
869"because"
870"old"
871"sequence"
872"HT."
873"B.,"
874"some"
875"back"
876"HT"
877"Last-Modified"
878"growth"
879"DEL"
880"specified"
881"unless"
882"H.F.,"
883"HTTP/1.0."
884"(BNF)"
885"happens"
886"discarded"
887"PUT."
888"INDEX."
889"trace"
890"for"
891"avoid"
892"CR,"
893"does"
894"CONNECT"
895"assuming"
896"be"
897"run"
898"GET."
899"deleted"
900"equivalent"
901"X3.4-1986"
902"<URL:"
903"O"
904"ISO-8859-1."
905"broken"
906"host"
907"HTTP/1.0,"
908"LWS>"
909"INFORMATION"
910"X3.4-1986,"
911"by"
912"ALPHA,"
913"Location"
914"on"
915"DIGIT"
916"actual"
917"extension"
918"tracing"
919"R.,"
920"\"UTF-8,"
921"*<TEXT,"
922"OR"
923"range"
924"3ALPHA"
925"URI,"
926"value."
927"Message"
928"DELETE"
929"content-type"
930"or"
931"UC"
932"No"
933"ISO-"
934"image"
935"ACM"
936"HEX\""
937"URL,"
938"ISO-8859-6,"
939"T.,"
940"operator"
941"T/TCP"
942"file."
943"GET\""
944"transfer"
945"support"
946"*"
947"long"
948"class"
949"start"
950"forward"
951"was"
952"function"
953"HT,"
954"N."
955"HTTP/1.1\","
956"OCTET"
957"but"
958"failure"
959"TE:"
960"IMPLIED"
961"CRLF"
962"DNS"
963"Error"
964"\"ZLIB"
965"line"
966"trying"
967"true"
968"GMT"
969"count"
970"default"
971"B."
972"ISO-8859-1,"
973"up"
974"ISO-8859-1)"
975"SHOULD"
976"PURPOSE."
977"used."
978"WILL"
979">"
980"called"
981"delete"
982"DELETE,"
983"storing"
984"USE"
985"image/jpeg"
986"defined"
987"LWS"
988"URL."
989"unsafe"
990"an"
991"To"
992"as"
993"warning"
994"exist"
995"at"
996"file"
997"NOT\""
998"NOT,"
999"W3C/MIT"
1000"ISO-8859-1:1987."
1001"SHTTP/1.3,"
1002"no"
1003"when"
1004"A,"
1005"virtual"
1006"A."
1007"details."
1008"application"
1009"valid"
1010"OPTIONAL"
1011"\"TRACE\""
1012"test"
1013"MD5"
1014"you"
1015"TE"
1016"ISO-8859-3,"
1017"requested"
1018"elements"
1019"C)"
1020"symbol"
1021"T."
1022"code)"
1023"variable"
1024"SOCIETY"
1025"\"MUST"
1026"TCP"
1027"ISO-10646\","
1028"NOT\","
1029"R."
1030"audio/basic"
1031"IANA."
1032"\"WAIS"
1033"persistent"
1034"Its"
1035"As"
1036"time"
1037"failures"
1038"\"ISO-8859-1\""
1039"once"
1040
1041