/src/node/test/fuzzers/fuzz_x509.cc

Source
// Copyright 2025 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <cstdint>
#include <string>
#include "fuzzer/FuzzedDataProvider.h"
#include "fuzz_common.h"
#include "fuzz_js_format.h"

namespace {
constexpr const char* kSrc = R"JS(
  (function(pem, email, host1, host2){
    const { X509Certificate } = require('node:crypto');
    try {
      const x = new X509Certificate(pem);
      x.checkEmail(email);
      x.checkHost(host1);
      x.checkHost(host2, { subject: 'always' });
      void x.fingerprint; void x.fingerprint512; void x.issuer; void x.subject;
    } catch (_e) {}
  })
)JS";
}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  FuzzedDataProvider fdp(data, size);

  const size_t len0 = fdp.ConsumeIntegralInRange<size_t>(0, 4096);
  const std::string a0 = fdp.ConsumeRandomLengthString(len0);
  const size_t len1 = fdp.ConsumeIntegralInRange<size_t>(0, 4096);
  const std::string a1 = fdp.ConsumeRandomLengthString(len1);
  const size_t len2 = fdp.ConsumeIntegralInRange<size_t>(0, 4096);
  const std::string a2 = fdp.ConsumeRandomLengthString(len2);
  const std::string a3 = fdp.ConsumeRemainingBytesAsString();

  fuzz::IsolateScope iso;
  if (!iso.ok()) return 0;

  const std::string js = FormatJs(
      "try { ({0})({1},{2},{3},{4}); } catch (e) {}",
      std::string(kSrc),
      ToSingleQuotedJsLiteral(a0),
      ToSingleQuotedJsLiteral(a1),
      ToSingleQuotedJsLiteral(a2),
      ToSingleQuotedJsLiteral(a3));
  fuzz::RunEnvString(iso.isolate(), js.c_str());
  return 0;
}

Line	Count	Source
1		// Copyright 2025 Google LLC
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// http://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14
15		#include <cstdint>
16		#include <string>
17		#include "fuzzer/FuzzedDataProvider.h"
18		#include "fuzz_common.h"
19		#include "fuzz_js_format.h"
20
21		namespace {
22		constexpr const char* kSrc = R"JS(
23		(function(pem, email, host1, host2){
24		const { X509Certificate } = require('node:crypto');
25		try {
26		const x = new X509Certificate(pem);
27		x.checkEmail(email);
28		x.checkHost(host1);
29		x.checkHost(host2, { subject: 'always' });
30		void x.fingerprint; void x.fingerprint512; void x.issuer; void x.subject;
31		} catch (_e) {}
32		})
33		)JS";
34		}
35
36	22.0k	extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
37	22.0k	FuzzedDataProvider fdp(data, size);
38
39	22.0k	const size_t len0 = fdp.ConsumeIntegralInRange<size_t>(0, 4096);
40	22.0k	const std::string a0 = fdp.ConsumeRandomLengthString(len0);
41	22.0k	const size_t len1 = fdp.ConsumeIntegralInRange<size_t>(0, 4096);
42	22.0k	const std::string a1 = fdp.ConsumeRandomLengthString(len1);
43	22.0k	const size_t len2 = fdp.ConsumeIntegralInRange<size_t>(0, 4096);
44	22.0k	const std::string a2 = fdp.ConsumeRandomLengthString(len2);
45	22.0k	const std::string a3 = fdp.ConsumeRemainingBytesAsString();
46
47	22.0k	fuzz::IsolateScope iso;
48	22.0k	if (!iso.ok()) return 0;
49
50	22.0k	const std::string js = FormatJs(
51	22.0k	"try { ({0})({1},{2},{3},{4}); } catch (e) {}",
52	22.0k	std::string(kSrc),
53	22.0k	ToSingleQuotedJsLiteral(a0),
54	22.0k	ToSingleQuotedJsLiteral(a1),
55	22.0k	ToSingleQuotedJsLiteral(a2),
56	22.0k	ToSingleQuotedJsLiteral(a3));
57	22.0k	fuzz::RunEnvString(iso.isolate(), js.c_str());
58	22.0k	return 0;
59	22.0k	}

Coverage Report

Created: 2025-10-31 09:06