1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "net/spdy/fuzzing/hpack_fuzz_util.h" 6 7#include <map> 8 9#include "base/base_paths.h" 10#include "base/files/file.h" 11#include "base/files/file_util.h" 12#include "base/path_service.h" 13#include "net/spdy/spdy_test_utils.h" 14#include "testing/gmock/include/gmock/gmock.h" 15#include "testing/gtest/include/gtest/gtest.h" 16 17namespace net { 18 19namespace { 20 21using base::StringPiece; 22using std::map; 23using std::string; 24using test::a2b_hex; 25 26TEST(HpackFuzzUtilTest, GeneratorContextInitialization) { 27 HpackFuzzUtil::GeneratorContext context; 28 HpackFuzzUtil::InitializeGeneratorContext(&context); 29 30 // Context was seeded with initial name & value fixtures. 31 EXPECT_LT(0u, context.names.size()); 32 EXPECT_LT(0u, context.values.size()); 33} 34 35TEST(HpackFuzzUtil, GeneratorContextExpansion) { 36 HpackFuzzUtil::GeneratorContext context; 37 38 map<string, string> headers = HpackFuzzUtil::NextGeneratedHeaderSet(&context); 39 40 // Headers were generated, and the generator context was expanded. 41 EXPECT_LT(0u, headers.size()); 42 EXPECT_LT(0u, context.names.size()); 43 EXPECT_LT(0u, context.values.size()); 44} 45 46// TODO(jgraettinger): A better test would mock a random generator and 47// evaluate SampleExponential along fixed points of the [0,1] domain. 48TEST(HpackFuzzUtilTest, SampleExponentialRegression) { 49 // TODO(jgraettinger): Upstream uses a seeded random generator here to pin 50 // the behavior of SampleExponential. Chromium's random generation utilities 51 // are strongly secure, but provide no way to seed the generator. 52 for (size_t i = 0; i != 100; ++i) { 53 EXPECT_GE(30u, HpackFuzzUtil::SampleExponential(10, 30)); 54 } 55} 56 57TEST(HpackFuzzUtilTest, ParsesSequenceOfHeaderBlocks) { 58 char fixture[] = 59 "\x00\x00\x00\x05""aaaaa" 60 "\x00\x00\x00\x04""bbbb" 61 "\x00\x00\x00\x03""ccc" 62 "\x00\x00\x00\x02""dd" 63 "\x00\x00\x00\x01""e" 64 "\x00\x00\x00\x00""" 65 "\x00\x00\x00\x03""fin"; 66 67 HpackFuzzUtil::Input input; 68 input.input.assign(fixture, arraysize(fixture) - 1); 69 70 StringPiece block; 71 72 EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 73 EXPECT_EQ("aaaaa", block); 74 EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 75 EXPECT_EQ("bbbb", block); 76 EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 77 EXPECT_EQ("ccc", block); 78 EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 79 EXPECT_EQ("dd", block); 80 EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 81 EXPECT_EQ("e", block); 82 EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 83 EXPECT_EQ("", block); 84 EXPECT_TRUE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 85 EXPECT_EQ("fin", block); 86 EXPECT_FALSE(HpackFuzzUtil::NextHeaderBlock(&input, &block)); 87} 88 89TEST(HpackFuzzUtilTest, SerializedHeaderBlockPrefixes) { 90 EXPECT_EQ(string("\x00\x00\x00\x00", 4), HpackFuzzUtil::HeaderBlockPrefix(0)); 91 EXPECT_EQ(string("\x00\x00\x00\x05", 4), HpackFuzzUtil::HeaderBlockPrefix(5)); 92 EXPECT_EQ(string("\x4f\xb3\x0a\x91", 4), 93 HpackFuzzUtil::HeaderBlockPrefix(1337133713)); 94} 95 96TEST(HpackFuzzUtilTest, PassValidInputThroughAllStages) { 97 // Example lifted from HpackDecoderTest.SectionD4RequestHuffmanExamples. 98 string input = a2b_hex("828684418cf1e3c2e5f23a6ba0ab90f4" 99 "ff"); 100 101 HpackFuzzUtil::FuzzerContext context; 102 HpackFuzzUtil::InitializeFuzzerContext(&context); 103 104 EXPECT_TRUE( 105 HpackFuzzUtil::RunHeaderBlockThroughFuzzerStages(&context, input)); 106 107 std::map<string, string> expect; 108 expect[":method"] = "GET"; 109 expect[":scheme"] = "http"; 110 expect[":path"] = "/"; 111 expect[":authority"] = "www.example.com"; 112 EXPECT_EQ(expect, context.third_stage->decoded_block()); 113} 114 115TEST(HpackFuzzUtilTest, ValidFuzzExamplesRegressionTest) { 116 base::FilePath source_root; 117 ASSERT_TRUE(PathService::Get(base::DIR_SOURCE_ROOT, &source_root)); 118 119 // Load the example fixtures versioned with the source tree. 120 HpackFuzzUtil::Input input; 121 ASSERT_TRUE(base::ReadFileToString( 122 source_root.Append(FILE_PATH_LITERAL("net")) 123 .Append(FILE_PATH_LITERAL("data")) 124 .Append(FILE_PATH_LITERAL("spdy_tests")) 125 .Append(FILE_PATH_LITERAL("examples_07.hpack")), 126 &input.input)); 127 128 HpackFuzzUtil::FuzzerContext context; 129 HpackFuzzUtil::InitializeFuzzerContext(&context); 130 131 StringPiece block; 132 while (HpackFuzzUtil::NextHeaderBlock(&input, &block)) { 133 // As these are valid examples, all fuzz stages should succeed. 134 EXPECT_TRUE(HpackFuzzUtil::RunHeaderBlockThroughFuzzerStages( 135 &context, block)); 136 } 137} 138 139TEST(HpackFuzzUtilTest, FlipBitsMutatesBuffer) { 140 char buffer[] = "testbuffer1234567890"; 141 string unmodified(buffer, arraysize(buffer) - 1); 142 143 EXPECT_EQ(unmodified, buffer); 144 HpackFuzzUtil::FlipBits(reinterpret_cast<uint8*>(buffer), 145 arraysize(buffer) - 1, 146 1); 147 EXPECT_NE(unmodified, buffer); 148} 149 150} // namespace 151 152} // namespace net 153