1 // Copyright 2019 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <stddef.h>
6 #include <stdint.h>
7
8 #include <fuzzer/FuzzedDataProvider.h>
9
10 #include <limits>
11 #include <memory>
12
13 #include "net/cookies/canonical_cookie.h"
14 #include "net/cookies/cookie_constants.h"
15 #include "net/cookies/cookie_util.h"
16 #include "net/cookies/parsed_cookie.h"
17
18 namespace net {
getRandomTime(FuzzedDataProvider * data_provider)19 const base::Time getRandomTime(FuzzedDataProvider* data_provider) {
20 const uint64_t max = std::numeric_limits<uint64_t>::max();
21 return base::Time::FromTimeT(
22 data_provider->ConsumeIntegralInRange<uint64_t>(0, max));
23 }
24
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)25 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
26 FuzzedDataProvider data_provider(data, size);
27
28 const std::string name = data_provider.ConsumeRandomLengthString(
29 net::ParsedCookie::kMaxCookieNamePlusValueSize + 10);
30 const std::string value = data_provider.ConsumeRandomLengthString(
31 net::ParsedCookie::kMaxCookieNamePlusValueSize + 10);
32 const std::string domain = data_provider.ConsumeRandomLengthString(
33 net::ParsedCookie::kMaxCookieAttributeValueSize + 10);
34 const std::string path = data_provider.ConsumeRandomLengthString(
35 net::ParsedCookie::kMaxCookieAttributeValueSize + 10);
36
37 const GURL url(data_provider.ConsumeRandomLengthString(800));
38 if (!url.is_valid())
39 return 0;
40
41 const base::Time creation = getRandomTime(&data_provider);
42 const base::Time expiration = getRandomTime(&data_provider);
43 const base::Time last_access = getRandomTime(&data_provider);
44
45 const CookieSameSite same_site =
46 data_provider.PickValueInArray<CookieSameSite>({
47 CookieSameSite::UNSPECIFIED,
48 CookieSameSite::NO_RESTRICTION,
49 CookieSameSite::LAX_MODE,
50 CookieSameSite::STRICT_MODE,
51 });
52
53 const CookiePriority priority =
54 data_provider.PickValueInArray<CookiePriority>({
55 CookiePriority::COOKIE_PRIORITY_LOW,
56 CookiePriority::COOKIE_PRIORITY_MEDIUM,
57 CookiePriority::COOKIE_PRIORITY_HIGH,
58 });
59
60 const auto partition_key = std::make_optional<CookiePartitionKey>(
61 CookiePartitionKey::FromURLForTesting(
62 GURL(data_provider.ConsumeRandomLengthString(800))));
63
64 const std::unique_ptr<const CanonicalCookie> sanitized_cookie =
65 CanonicalCookie::CreateSanitizedCookie(
66 url, name, value, domain, path, creation, expiration, last_access,
67 data_provider.ConsumeBool() /* secure */,
68 data_provider.ConsumeBool() /* httponly */, same_site, priority,
69 partition_key, /*status=*/nullptr);
70
71 if (sanitized_cookie) {
72 CHECK(sanitized_cookie->IsCanonical());
73
74 // Check identity property of various comparison functions
75 const CanonicalCookie copied_cookie = *sanitized_cookie;
76 CHECK(sanitized_cookie->IsEquivalent(copied_cookie));
77 CHECK(sanitized_cookie->IsEquivalentForSecureCookieMatching(copied_cookie));
78 CHECK(!sanitized_cookie->PartialCompare(copied_cookie));
79 }
80
81 return 0;
82 }
83 } // namespace net
84