xref: /aosp_15_r20/external/cronet/net/dns/host_cache_fuzzer.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1*6777b538SAndroid Build Coastguard Worker // Copyright 2020 The Chromium Authors
2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be
3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file.
4*6777b538SAndroid Build Coastguard Worker 
5*6777b538SAndroid Build Coastguard Worker #include "net/dns/host_cache.h"
6*6777b538SAndroid Build Coastguard Worker 
7*6777b538SAndroid Build Coastguard Worker #include <stddef.h>
8*6777b538SAndroid Build Coastguard Worker #include <stdint.h>
9*6777b538SAndroid Build Coastguard Worker #include <stdlib.h>
10*6777b538SAndroid Build Coastguard Worker 
11*6777b538SAndroid Build Coastguard Worker #include <optional>
12*6777b538SAndroid Build Coastguard Worker 
13*6777b538SAndroid Build Coastguard Worker #include "base/json/json_reader.h"
14*6777b538SAndroid Build Coastguard Worker #include "base/logging.h"
15*6777b538SAndroid Build Coastguard Worker #include "base/numerics/clamped_math.h"
16*6777b538SAndroid Build Coastguard Worker #include "base/numerics/ostream_operators.h"
17*6777b538SAndroid Build Coastguard Worker #include "base/strings/string_piece.h"
18*6777b538SAndroid Build Coastguard Worker #include "net/dns/host_cache_fuzzer.pb.h"
19*6777b538SAndroid Build Coastguard Worker #include "testing/libfuzzer/proto/json.pb.h"
20*6777b538SAndroid Build Coastguard Worker #include "testing/libfuzzer/proto/json_proto_converter.h"
21*6777b538SAndroid Build Coastguard Worker #include "testing/libfuzzer/proto/lpm_interface.h"
22*6777b538SAndroid Build Coastguard Worker 
23*6777b538SAndroid Build Coastguard Worker namespace net {
24*6777b538SAndroid Build Coastguard Worker 
25*6777b538SAndroid Build Coastguard Worker struct Environment {
Environmentnet::Environment26*6777b538SAndroid Build Coastguard Worker   Environment() { logging::SetMinLogLevel(logging::LOGGING_INFO); }
27*6777b538SAndroid Build Coastguard Worker   const bool kDumpStats = getenv("DUMP_FUZZER_STATS");
28*6777b538SAndroid Build Coastguard Worker   const bool kDumpNativeInput = getenv("LPM_DUMP_NATIVE_INPUT");
29*6777b538SAndroid Build Coastguard Worker };
30*6777b538SAndroid Build Coastguard Worker 
31*6777b538SAndroid Build Coastguard Worker // This fuzzer checks that parsing a JSON list to a HostCache and then
32*6777b538SAndroid Build Coastguard Worker // re-serializing it recreates the original JSON list.
33*6777b538SAndroid Build Coastguard Worker //
34*6777b538SAndroid Build Coastguard Worker // A side effect of this technique is that our distribution of HostCaches only
35*6777b538SAndroid Build Coastguard Worker // contains HostCaches that can be generated by RestoreFromListValue. It's
36*6777b538SAndroid Build Coastguard Worker // conceivable that this doesn't capture all possible HostCaches.
37*6777b538SAndroid Build Coastguard Worker //
38*6777b538SAndroid Build Coastguard Worker // TODO(dmcardle): Check the other direction of this property. Starting from an
39*6777b538SAndroid Build Coastguard Worker // arbitrary HostCache, serialize it and then parse a different HostCache.
40*6777b538SAndroid Build Coastguard Worker // Verify that the two HostCaches are equal.
DEFINE_PROTO_FUZZER(const host_cache_fuzzer_proto::JsonOrBytes & input)41*6777b538SAndroid Build Coastguard Worker DEFINE_PROTO_FUZZER(const host_cache_fuzzer_proto::JsonOrBytes& input) {
42*6777b538SAndroid Build Coastguard Worker   static Environment env;
43*6777b538SAndroid Build Coastguard Worker 
44*6777b538SAndroid Build Coastguard Worker   // Clamp these counters to avoid incorrect statistics in case of overflow. On
45*6777b538SAndroid Build Coastguard Worker   // platforms with 8-byte size_t, it would take roughly 58,000 centuries to
46*6777b538SAndroid Build Coastguard Worker   // overflow, assuming a very fast fuzzer running at 100,000 exec/s. However, a
47*6777b538SAndroid Build Coastguard Worker   // 4-byte size_t could overflow in roughly 12 hours.
48*6777b538SAndroid Build Coastguard Worker   static base::ClampedNumeric<size_t> valid_json_count = 0;
49*6777b538SAndroid Build Coastguard Worker   static base::ClampedNumeric<size_t> iteration_count = 0;
50*6777b538SAndroid Build Coastguard Worker 
51*6777b538SAndroid Build Coastguard Worker   constexpr size_t kIterationsPerStatsDump = 1024;
52*6777b538SAndroid Build Coastguard Worker   static_assert(SIZE_MAX % kIterationsPerStatsDump != 0,
53*6777b538SAndroid Build Coastguard Worker                 "After saturation, stats would print on every iteration.");
54*6777b538SAndroid Build Coastguard Worker 
55*6777b538SAndroid Build Coastguard Worker   ++iteration_count;
56*6777b538SAndroid Build Coastguard Worker   if (env.kDumpStats && iteration_count % kIterationsPerStatsDump == 0) {
57*6777b538SAndroid Build Coastguard Worker     LOG(INFO) << "Valid JSON hit rate:" << valid_json_count << "/"
58*6777b538SAndroid Build Coastguard Worker               << iteration_count;
59*6777b538SAndroid Build Coastguard Worker   }
60*6777b538SAndroid Build Coastguard Worker 
61*6777b538SAndroid Build Coastguard Worker   std::string native_input;
62*6777b538SAndroid Build Coastguard Worker   if (input.has_json()) {
63*6777b538SAndroid Build Coastguard Worker     json_proto::JsonProtoConverter converter;
64*6777b538SAndroid Build Coastguard Worker     native_input = converter.Convert(input.json());
65*6777b538SAndroid Build Coastguard Worker   } else if (input.has_bytes()) {
66*6777b538SAndroid Build Coastguard Worker     native_input = input.bytes();
67*6777b538SAndroid Build Coastguard Worker   } else {
68*6777b538SAndroid Build Coastguard Worker     return;
69*6777b538SAndroid Build Coastguard Worker   }
70*6777b538SAndroid Build Coastguard Worker 
71*6777b538SAndroid Build Coastguard Worker   if (env.kDumpNativeInput)
72*6777b538SAndroid Build Coastguard Worker     LOG(INFO) << "native_input: " << native_input;
73*6777b538SAndroid Build Coastguard Worker 
74*6777b538SAndroid Build Coastguard Worker   std::optional<base::Value> value = base::JSONReader::Read(native_input);
75*6777b538SAndroid Build Coastguard Worker   if (!value || !value->is_list())
76*6777b538SAndroid Build Coastguard Worker     return;
77*6777b538SAndroid Build Coastguard Worker   ++valid_json_count;
78*6777b538SAndroid Build Coastguard Worker 
79*6777b538SAndroid Build Coastguard Worker   // Parse the HostCache.
80*6777b538SAndroid Build Coastguard Worker   constexpr size_t kMaxEntries = 1000;
81*6777b538SAndroid Build Coastguard Worker   HostCache host_cache(kMaxEntries);
82*6777b538SAndroid Build Coastguard Worker   if (!host_cache.RestoreFromListValue(value->GetList()))
83*6777b538SAndroid Build Coastguard Worker     return;
84*6777b538SAndroid Build Coastguard Worker 
85*6777b538SAndroid Build Coastguard Worker   // Serialize the HostCache.
86*6777b538SAndroid Build Coastguard Worker   base::Value::List serialized;
87*6777b538SAndroid Build Coastguard Worker   host_cache.GetList(
88*6777b538SAndroid Build Coastguard Worker       serialized /* entry_list */, true /* include_staleness */,
89*6777b538SAndroid Build Coastguard Worker       HostCache::SerializationType::kRestorable /* serialization_type */);
90*6777b538SAndroid Build Coastguard Worker 
91*6777b538SAndroid Build Coastguard Worker   CHECK_EQ(*value, serialized);
92*6777b538SAndroid Build Coastguard Worker   return;
93*6777b538SAndroid Build Coastguard Worker }
94*6777b538SAndroid Build Coastguard Worker }  // namespace net
95