chromium/components/safe_browsing/content/renderer/phishing_classifier/client_side_phishing_fuzzer.cc

// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include <stddef.h>
#include <stdint.h>

#include "base/command_line.h"

#include "base/memory/read_only_shared_memory_region.h"
#include "components/safe_browsing/content/renderer/phishing_classifier/client_side_phishing_fuzzer.pb.h"
#include "components/safe_browsing/content/renderer/phishing_classifier/features.h"
#include "components/safe_browsing/content/renderer/phishing_classifier/scorer.h"
#include "testing/libfuzzer/proto/lpm_interface.h"

DEFINE_PROTO_FUZZER(
    const safe_browsing::ClientSidePhishingFuzzerCase& fuzzing_case) {
  base::CommandLine::Init(0, nullptr);
  const std::string model_str = fuzzing_case.memory_region();
  base::MappedReadOnlyRegion mapped_region = base::MappedReadOnlyRegion();
  mapped_region = base::ReadOnlySharedMemoryRegion::Create(model_str.size());
  memcpy(mapped_region.mapping.memory(), model_str.data(), model_str.length());
  std::unique_ptr<safe_browsing::Scorer> scorer(safe_browsing::Scorer::Create(
      mapped_region.region.Duplicate(), base::File()));
  if (!scorer)
    return;
  safe_browsing::FeatureMap features;
  for (const std::string& boolean_feature : fuzzing_case.boolean_features()) {
    if (!features.AddBooleanFeature(boolean_feature))
      return;
  }

  for (const safe_browsing::ClientSidePhishingFuzzerCase::RealFeature&
           real_feature : fuzzing_case.real_features()) {
    if (!features.AddRealFeature(real_feature.name(), real_feature.value()))
      return;
  }

  scorer->ComputeScore(features);
}