test: move fuzzing tests from google/oss-fuzz repository (#4719)

XML/fuzzing/CMakeLists.txt

@@ -0,0 +1,3 @@
+add_executable(XML-parse-fuzzer XMLParse.cpp)
+target_link_libraries(XML-parse-fuzzer PUBLIC Poco::XML)
+set_target_properties(XML-parse-fuzzer PROPERTIES LINK_FLAGS $ENV{LIB_FUZZING_ENGINE})

XML/fuzzing/XMLParse.cpp

@@ -0,0 +1,88 @@
+#include "Poco/AutoPtr.h"
+#include "Poco/DOM/DOMParser.h"
+#include "Poco/DOM/Document.h"
+#include "Poco/SAX/DefaultHandler.h"
+#include "Poco/SAX/SAXParser.h"
+#include "Poco/XML/XMLStreamParser.h"
+
+using namespace Poco;
+using namespace Poco::XML;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+	std::string xml(reinterpret_cast<const char*>(data), size);
+
+	// SAX Parser
+
+	SAXParser saxParser;
+	std::uint8_t saxFeatures = size > 0 ? data[size - 1] : 0;
+
+	DefaultHandler defHandler;
+	saxParser.setContentHandler(&defHandler);
+	saxParser.setDTDHandler(&defHandler);
+	saxParser.setErrorHandler(&defHandler);
+	saxParser.setEntityResolver(&defHandler);
+
+	for (const auto feature : {
+			 XMLReader::FEATURE_EXTERNAL_GENERAL_ENTITIES,
+			 XMLReader::FEATURE_EXTERNAL_PARAMETER_ENTITIES,
+			 XMLReader::FEATURE_NAMESPACES,
+			 XMLReader::FEATURE_NAMESPACE_PREFIXES,
+			 SAXParser::FEATURE_PARTIAL_READS,
+		 })
+	{
+		saxParser.setFeature(feature, saxFeatures & 0x01);
+		saxFeatures >>= 1;
+	}
+
+	try
+	{
+		saxParser.parseString(xml);
+	}
+	catch (const std::exception&)
+	{
+	}
+
+	// DOM Parser
+
+	DOMParser domParser;
+	std::uint8_t domFeatures = size > 0 ? data[size - 1] : 0;
+
+	for (const auto feature : {
+			 XMLReader::FEATURE_EXTERNAL_GENERAL_ENTITIES,
+			 XMLReader::FEATURE_EXTERNAL_PARAMETER_ENTITIES,
+			 XMLReader::FEATURE_NAMESPACES,
+			 XMLReader::FEATURE_NAMESPACE_PREFIXES,
+			 DOMParser::FEATURE_FILTER_WHITESPACE,
+		 })
+	{
+		domParser.setFeature(feature, domFeatures & 0x01);
+		domFeatures >>= 1;
+	}
+
+	try
+	{
+		Poco::AutoPtr<Document> doc = domParser.parseString(xml);
+	}
+	catch (const std::exception&)
+	{
+	}
+
+	// Stream Parser
+
+	std::istringstream stream(xml);
+
+	try
+	{
+		XMLStreamParser streamParser(stream, "fuzz");
+		for (XMLStreamParser::EventType e : streamParser)
+		{
+			streamParser.getQName().toString();
+		}
+	}
+	catch (const std::exception&)
+	{
+	}
+
+	return 0;
+}

XML/fuzzing/xml.dict

@@ -0,0 +1,116 @@
+attr_encoding=" encoding=\"1\""
+attr_generic=" a=\"1\""
+attr_href=" href=\"1\""
+attr_standalone=" standalone=\"no\""
+attr_version=" version=\"1\""
+attr_xml_base=" xml:base=\"1\""
+attr_xml_id=" xml:id=\"1\""
+attr_xml_lang=" xml:lang=\"1\""
+attr_xml_space=" xml:space=\"1\""
+attr_xmlns=" xmlns=\"1\""
+
+entity_builtin="<"
+entity_decimal=""
+entity_external="&a;"
+entity_hex=""
+
+# keywords
+"ANY"
+"ATTLIST"
+"CDATA"
+"DOCTYPE"
+"ELEMENT"
+"EMPTY"
+"ENTITIES"
+"ENTITY"
+"FIXED"
+"ID"
+"IDREF"
+"IDREFS"
+"IGNORE"
+"IMPLIED"
+"INCLUDE"
+"NDATA"
+"NMTOKEN"
+"NMTOKENS"
+"NOTATION"
+"PCDATA"
+"PUBLIC"
+"REQUIRED"
+"SYSTEM"
+
+# Various tag parts
+"<"
+">"
+"/>"
+"</"
+"<?"
+"?>"
+"<!"
+"!>"
+"[]"
+"]]"
+"<![CDATA["
+"<![CDATA[]]>"
+"\"\""
+"''"
+"=\"\""
+"=''"
+
+# DTD
+"<!ATTLIST"
+"<!DOCTYPE"
+"<!ELEMENT"
+"<!ENTITY"
+"<![IGNORE["
+"<![INCLUDE["
+"<!NOTATION"
+"#CDATA"
+"#FIXED"
+"#IMPLIED"
+"#PCDATA"
+"#REQUIRED"
+
+# Encodings
+"ISO-8859-1"
+"US-ASCII"
+"UTF-8"
+"UTF-16"
+"UTF-16BE"
+"UTF-16LE"
+
+# Namespaces and schemas
+"xmlns"
+"xmlns:"
+"xmlns:xhtml=\"http://www.w3.org/1999/xhtml\""
+"xmlns:xml=\"http://www.w3.org/XML/1998/namespace\""
+"xmlns:xmlns=\"http://www.w3.org/2000/xmlns\""
+
+string_col_fallback=":fallback"
+string_col_generic=":a"
+string_col_include=":include"
+string_dashes="--"
+string_parentheses="()"
+string_percent="%a"
+string_schema=":schema"
+string_ucs4="UCS-4"
+tag_close="</a>"
+tag_open="<a>"
+tag_open_close="<a />"
+
+
+"<?xml?>"
+"http://docboo"
+"http://www.w"
+"he30"
+"he2"
+"IET"
+"FDF-10"
+"aDUCS-4OPveb:"
+"a>"
+"UT"
+"xMl"
+"/usr/share/sg"
+"ha07"
+"http://www.oa"
+"cle"