tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

csp_fuzzer.cpp (1432B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
      6 
      7 #include "FuzzingInterface.h"
      8 #include "mozilla/BasePrincipal.h"
      9 #include "nsCSPContext.h"
     10 #include "nsComponentManagerUtils.h"
     11 #include "nsNetUtil.h"
     12 #include "nsStringFwd.h"
     13 
     14 static int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     15  nsresult ret;
     16  nsCOMPtr<nsIURI> selfURI;
     17  ret = NS_NewURI(getter_AddRefs(selfURI), "http://selfuri.com");
     18  if (ret != NS_OK) return 0;
     19 
     20  mozilla::OriginAttributes attrs;
     21  nsCOMPtr<nsIPrincipal> selfURIPrincipal =
     22      mozilla::BasePrincipal::CreateContentPrincipal(selfURI, attrs);
     23  if (!selfURIPrincipal) return 0;
     24 
     25  nsCOMPtr<nsIContentSecurityPolicy> csp =
     26      do_CreateInstance(NS_CSPCONTEXT_CONTRACTID, &ret);
     27  if (ret != NS_OK) return 0;
     28 
     29  ret =
     30      csp->SetRequestContextWithPrincipal(selfURIPrincipal, selfURI, ""_ns, 0);
     31  if (ret != NS_OK) return 0;
     32 
     33  NS_ConvertASCIItoUTF16 policy(reinterpret_cast<const char*>(data), size);
     34  if (!policy.get()) return 0;
     35  csp->AppendPolicy(policy, false, false);
     36 
     37  return 0;
     38 }
     39 
     40 MOZ_FUZZING_INTERFACE_RAW(nullptr, LLVMFuzzerTestOneInput,
     41                          ContentSecurityPolicyParser);