# Copyright 2023 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import("//build/buildflag_header.gni")
import("//build/config/ozone.gni")
import("//build/config/ui.gni")
import("//chrome/test/fuzzing/in_process_fuzzer.gni")
import("//testing/libfuzzer/research/domatolpm/domatolpm.gni")
# This target exists to reference other test executables to bring these files
# into the build.
group("test") {
testonly = true
deps = [ "renderer_fuzzing:test" ]
}
if (fuzzing_engine_supports_custom_main) {
static_library("in_process_fuzzer_runner") {
testonly = true
sources = [
"in_process_fuzzer.cc",
"in_process_fuzzer.h",
]
deps = [
":in_process_fuzzer_buildflags",
"//testing/libfuzzer:fuzzing_engine_no_main",
]
public_deps = [
"//chrome/test:chrome_test_launcher",
"//chrome/test:test_support",
]
}
buildflag_header("in_process_fuzzer_buildflags") {
header = "in_process_fuzzer_buildflags.h"
flags = [
"IS_CENTIPEDE=$use_centipede",
"IS_LIBFUZZER=$use_libfuzzer",
"IS_FUZZILLI=$use_fuzzilli",
# crbug.com/1474421: remove these lines once the bug is fixed.
"DEBUG_CLUSTERFUZZ_FAILURE=$use_libfuzzer",
]
}
source_set("in_process_proto_fuzzer_runner") {
testonly = true
sources = [ "in_process_proto_fuzzer.h" ]
public_deps = [ ":in_process_fuzzer_runner" ]
}
}
if (!is_android) {
in_process_fuzzer("html_in_process_fuzzer") {
sources = [ "html_in_process_fuzzer.cc" ]
dict = "html_in_process_fuzzer.dictionary"
}
in_process_fuzzer("js_in_process_fuzzer") {
sources = [ "js_in_process_fuzzer.cc" ]
deps = [ ":in_process_fuzzer_buildflags" ]
is_fuzzilli_compatible = true
}
in_process_proto_fuzzer("page_load_in_process_fuzzer") {
sources = [ "page_load_in_process_fuzzer.cc" ]
proto_source = "page_load_in_process_fuzzer.proto"
seed_corpus_sources = [
"page_load_in_process_fuzzer_seed_corpus/cross_origin.textproto",
"page_load_in_process_fuzzer_seed_corpus/network.textproto",
"page_load_in_process_fuzzer_seed_corpus/simple.textproto",
]
testcase_proto_kind = "test.fuzzing.page_load_fuzzing.FuzzCase"
}
in_process_proto_fuzzer("kombucha_in_process_fuzzer") {
sources = [
"kombucha_in_process_fuzzer.cc",
"kombucha_in_process_fuzzer.h",
]
proto_source = "kombucha_in_process_fuzzer.proto"
deps = [
":in_process_fuzzer_buildflags",
"//chrome:packed_resources",
"//chrome/app:command_ids",
"//chrome/browser/ui:browser_element_identifiers",
"//chrome/browser/ui:ui_features",
]
# Used for UI controls
if (use_aura) {
deps += [ "//ui/aura:test_support" ]
}
if (use_aura && use_ozone) {
deps += [
"//ui/ozone",
"//ui/platform_window/common:common",
]
}
}
# We cannot disable instrumenting protobuf generated files on MSAN builds,
# which makes the build time explode and fail the CQ.
if (!is_msan) {
domatolpm_fuzzer("domato_html_fuzzer_grammar") {
template_file = "//third_party/domato/src/template.html"
grammars = [
"jsfuzzer://chrome/test/fuzzing/domato_html_in_process_fuzzer_grammar/js.txt",
"cssfuzzer://third_party/domato/src/rules/css.txt",
"htmlfuzzer://chrome/test/fuzzing/domato_html_in_process_fuzzer_grammar/html.txt",
]
}
in_process_fuzzer("domato_html_in_process_fuzzer") {
sources = [ "domato_html_in_process_fuzzer.cc" ]
deps = [
":domato_html_fuzzer_grammar",
"//testing/libfuzzer/research/domatolpm:domatolpm_context",
"//third_party/libprotobuf-mutator",
]
}
}
if (is_linux) {
in_process_proto_fuzzer("atspi_in_process_fuzzer") {
sources = [ "atspi_in_process_fuzzer.cc" ]
libfuzzer_options = [ "max_len=4096" ]
proto_source = "atspi_in_process_fuzzer.proto"
deps = [ "//sql" ]
}
}
}
Codebase Browser
chromium