Create an "integration fuzzer" for URLRequest. |
||||
Issue descriptionCreate a URLRequest fuzzer that uses the input to create bogus socket input, and read it from the top level URLRequest. Redirects, HTTP auth, etc, should either be handled, or result in cancellation - handling them may be too difficult, first pass (Two issues here: Multiple sockets may be needed, and these will result in a second write to the sockets, which may be somewhat difficult to deal with)
,
Apr 28 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c951d41c1a0df97a0b6a17379f8f7c11989aa80f commit c951d41c1a0df97a0b6a17379f8f7c11989aa80f Author: mmenke <mmenke@chromium.org> Date: Thu Apr 28 19:05:22 2016 URLRequest fuzzer. This fuzzer covers much of the network stack, with everything wired up. Unfortunately, it does have a couple dependencies on the system it's running on (uses NTLM/Neogiate platform stores and current time, not sure what else). It covers so much code that it's unlikely to be able to catch everything, so most modules it should also be fuzzed independently. BUG= 602440 Review-Url: https://codereview.chromium.org/1917503002 Cr-Commit-Position: refs/heads/master@{#390440} [modify] https://crrev.com/c951d41c1a0df97a0b6a17379f8f7c11989aa80f/net/BUILD.gn [add] https://crrev.com/c951d41c1a0df97a0b6a17379f8f7c11989aa80f/net/base/fuzzed_data_provider.cc [add] https://crrev.com/c951d41c1a0df97a0b6a17379f8f7c11989aa80f/net/base/fuzzed_data_provider.h [modify] https://crrev.com/c951d41c1a0df97a0b6a17379f8f7c11989aa80f/net/data/http/http.dict [modify] https://crrev.com/c951d41c1a0df97a0b6a17379f8f7c11989aa80f/net/http/http_proxy_client_socket_fuzzer.cc [modify] https://crrev.com/c951d41c1a0df97a0b6a17379f8f7c11989aa80f/net/http/http_stream_parser_fuzzer.cc [modify] https://crrev.com/c951d41c1a0df97a0b6a17379f8f7c11989aa80f/net/socket/fuzzed_socket.cc [modify] https://crrev.com/c951d41c1a0df97a0b6a17379f8f7c11989aa80f/net/socket/fuzzed_socket.h [add] https://crrev.com/c951d41c1a0df97a0b6a17379f8f7c11989aa80f/net/socket/fuzzed_socket_factory.cc [add] https://crrev.com/c951d41c1a0df97a0b6a17379f8f7c11989aa80f/net/socket/fuzzed_socket_factory.h [modify] https://crrev.com/c951d41c1a0df97a0b6a17379f8f7c11989aa80f/net/socket/socks5_client_socket_fuzzer.cc [modify] https://crrev.com/c951d41c1a0df97a0b6a17379f8f7c11989aa80f/net/socket/socks_client_socket_fuzzer.cc [add] https://crrev.com/c951d41c1a0df97a0b6a17379f8f7c11989aa80f/net/url_request/url_request_fuzzer.cc
,
May 2 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0960f7561368543f46cc126d64820307728faa2f commit 0960f7561368543f46cc126d64820307728faa2f Author: mmenke <mmenke@chromium.org> Date: Mon May 02 20:08:34 2016 net: Prevent fuzzers from leaking on each iteration. While the UMA macros use statics to avoid leaking, code that directly invokes base::Histogram::FactoryGet will keep on creating new objects on each iteration, unless the StatisticsRecorder has been initialized. This CL modifies net's Fuzzer infrastructure to ensure it is initialized. BUG= 602440 Review-Url: https://codereview.chromium.org/1941933002 Cr-Commit-Position: refs/heads/master@{#391039} [modify] https://crrev.com/0960f7561368543f46cc126d64820307728faa2f/net/base/fuzzer_test_support.cc
,
Jul 22 2016
May still want to add features here, but calling this fixed.
,
Jul 6
,
Jul 6
|
||||
►
Sign in to add a comment |
||||
Comment 1 by mmenke@chromium.org
, Apr 11 2016Components: Internals>Network>HTTP
Labels: FixIt-Net
Owner: mmenke@chromium.org
Status: Assigned (was: Untriaged)