chromium/third_party/blink/renderer/platform/weborigin/security_origin_fuzzer.cc

// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Configure: # gn args out/Fuzz
// with args:
//   use_libfuzzer = true
//   is_asan = true
//   is_ubsan_security = true
//   is_debug = false
//   use_remoteexec = true
// Build:     # autoninja -C out/Fuzz blink_security_origin_fuzzer
// Run:       # ./out/Fuzz/blink_security_origin_fuzzer
//
// For more details, see
// https://chromium.googlesource.com/chromium/src/+/main/testing/libfuzzer/README.md
#include "third_party/blink/renderer/platform/weborigin/security_origin.h"

#include "third_party/blink/public/platform/web_security_origin.h"
#include "third_party/blink/renderer/platform/testing/blink_fuzzer_test_support.h"
#include "third_party/blink/renderer/platform/testing/task_environment.h"
#include "third_party/blink/renderer/platform/wtf/text/wtf_string.h"
#include "url/gurl.h"
#include "url/origin.h"

namespace blink {

// Make sure an origin created from content (e.g. url::Origin) survives the
// conversion from/to blink.
void RoundTripFromContent(const GURL& input) {
  url::Origin origin_1 = url::Origin::Create(input);
  WebSecurityOrigin web_security_origin_1 = origin_1;
  scoped_refptr<const SecurityOrigin> security_origin = web_security_origin_1;
  WebSecurityOrigin web_security_origin_2 = security_origin;
  url::Origin origin_2 = web_security_origin_2;

  CHECK_EQ(origin_1, origin_2);
}

// Make sure an origin created from blink (e.g. blink::SecurityOrigin) survives
// the conversion from/to content.
void RoundTripFromBlink(String input) {
  scoped_refptr<const SecurityOrigin> security_origin_1 =
      SecurityOrigin::CreateFromString(input);
  WebSecurityOrigin web_security_origin_1 = security_origin_1;
  url::Origin origin = web_security_origin_1;
  WebSecurityOrigin web_security_origin_2 = origin;
  scoped_refptr<const SecurityOrigin> security_origin_2 = web_security_origin_2;

  CHECK(security_origin_1->IsSameOriginWith(security_origin_2.get()));
}

// Entry point for LibFuzzer.
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  static BlinkFuzzerTestSupport test_support = BlinkFuzzerTestSupport();
  test::TaskEnvironment task_environment;

  std::string input(reinterpret_cast<const char*>(data), size);
  RoundTripFromContent(GURL(input));
  RoundTripFromBlink(String::FromUTF8(input));
  return EXIT_SUCCESS;
}

}  // namespace blink

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  return blink::LLVMFuzzerTestOneInput(data, size);
}