1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/spdy/fuzzing/hpack_fuzz_util.h" 6 7 #include <map> 8 9 #include "base/base_paths.h" 10 #include "base/file_util.h" 11 #include "base/files/file.h" 12 #include "base/path_service.h" 13 #include "net/spdy/spdy_test_utils.h" 14 #include "testing/gmock/include/gmock/gmock.h" 15 #include "testing/gtest/include/gtest/gtest.h" 16 17 namespace net { 18 19 namespace { 20 21 using base::StringPiece; 22 using std::map; 23 using std::string; 24 using test::a2b_hex; 25 26 TEST(HpackFuzzUtilTest, GeneratorContextInitialization) { 27 HpackFuzzUtil::GeneratorContext context; 28 HpackFuzzUtil::InitializeGeneratorContext(&context); 29 30 // Context was seeded with initial name & value fixtures. 31 EXPECT_LT(0u, context.names.size()); 32 EXPECT_LT(0u, context.values.size()); 33 } 34 35 TEST(HpackFuzzUtil, GeneratorContextExpansion) { 36 HpackFuzzUtil::GeneratorContext context; 37 38 map<string, string> headers = HpackFuzzUtil::NextGeneratedHeaderSet(&context); 39 40 // Headers were generated, and the generator context was expanded. 41 EXPECT_LT(0u, headers.size()); 42 EXPECT_LT(0u, context.names.size()); 43 EXPECT_LT(0u, context.values.size()); 44 } 45 46 // TODO(jgraettinger): A better test would mock a random generator and 47 // evaluate SampleExponential along fixed points of the [0,1] domain. 48 TEST(HpackFuzzUtilTest, SampleExponentialRegression) { 49 // TODO(jgraettinger): Upstream uses a seeded random generator here to pin 50 // the behavior of SampleExponential. Chromium's random generation utilities 51 // are strongly secure, but provide no way to seed the generator. 52 for (size_t i = 0; i != 100; ++i) { 53 EXPECT_GE(30u, HpackFuzzUtil::SampleExponential(10, 30)); 54 } 55 } 56 57 TEST(HpackFuzzUtilTest, ParsesSequenceOfHeaderBlocks) { 58 char fixture[] = 59 "\x00\x00\x00\x05""aaaaa" 60 "\x00\x00\x00\x04""bbbb" 61 "\x00\x00\x00\x03""ccc" 62 "\x00\x00\x00\x02""dd" 63 "\x00\x00\x00\x01""e" 64 "\x00\x00\x00\x00""" 65 "\x00\x00\x00\x03""fin"; 66 67 HpackFuzzUtil::Input input; 68 input.input.assign(fixture, arraysize(fixture) - 1); 69 70 StringPiece block; 71 72 EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 73 EXPECT_EQ("aaaaa", block); 74 EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 75 EXPECT_EQ("bbbb", block); 76 EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 77 EXPECT_EQ("ccc", block); 78 EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 79 EXPECT_EQ("dd", block); 80 EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 81 EXPECT_EQ("e", block); 82 EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 83 EXPECT_EQ("", block); 84 EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 85 EXPECT_EQ("fin", block); 86 EXPECT_FALSE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 87 } 88 89 TEST(HpackFuzzUtilTest, SerializedHeaderBlockPrefixes) { 90 EXPECT_EQ(string("\x00\x00\x00\x00", 4), HpackFuzzUtil::HeaderBlockPrefix(0)); 91 EXPECT_EQ(string("\x00\x00\x00\x05", 4), HpackFuzzUtil::HeaderBlockPrefix(5)); 92 EXPECT_EQ(string("\x4f\xb3\x0a\x91", 4), 93 HpackFuzzUtil::HeaderBlockPrefix(1337133713)); 94 } 95 96 TEST(HpackFuzzUtilTest, PassValidInputThroughAllStages) { 97 // Example lifted from HpackDecoderTest.SectionD3RequestHuffmanExamples. 98 string input = a2b_hex("828786448ce7cf9bebe89b6fb16fa9b6ff"); 99 100 HpackFuzzUtil::FuzzerContext context; 101 HpackFuzzUtil::InitializeFuzzerContext(&context); 102 103 EXPECT_TRUE( 104 HpackFuzzUtil::RunHeaderBlockThroughFuzzerStages(&context, input)); 105 106 std::map<string, string> expect; 107 expect[":method"] = "GET"; 108 expect[":scheme"] = "http"; 109 expect[":path"] = "/"; 110 expect[":authority"] = "www.example.com"; 111 EXPECT_EQ(expect, context.third_stage->decoded_block()); 112 } 113 114 TEST(HpackFuzzUtilTest, ValidFuzzExamplesRegressionTest) { 115 base::FilePath source_root; 116 ASSERT_TRUE(PathService::Get(base::DIR_SOURCE_ROOT, &source_root)); 117 118 // Load the example fixtures versioned with the source tree. 119 HpackFuzzUtil::Input input; 120 ASSERT_TRUE(base::ReadFileToString( 121 source_root.Append(FILE_PATH_LITERAL("net")) 122 .Append(FILE_PATH_LITERAL("data")) 123 .Append(FILE_PATH_LITERAL("spdy_tests")) 124 .Append(FILE_PATH_LITERAL("examples_07.hpack")), 125 &input.input)); 126 127 HpackFuzzUtil::FuzzerContext context; 128 HpackFuzzUtil::InitializeFuzzerContext(&context); 129 130 StringPiece block; 131 while (HpackFuzzUtil::NextHeaderBlock(&input, &block)) { 132 // As these are valid examples, all fuzz stages should succeed. 133 EXPECT_TRUE(HpackFuzzUtil::RunHeaderBlockThroughFuzzerStages( 134 &context, block)); 135 } 136 } 137 138 TEST(HpackFuzzUtilTest, FlipBitsMutatesBuffer) { 139 char buffer[] = "testbuffer1234567890"; 140 string unmodified(buffer, arraysize(buffer) - 1); 141 142 EXPECT_EQ(unmodified, buffer); 143 HpackFuzzUtil::FlipBits(reinterpret_cast<uint8*>(buffer), 144 arraysize(buffer) - 1, 145 1); 146 EXPECT_NE(unmodified, buffer); 147 } 148 149 } // namespace 150 151 } // namespace net 152