Files
url.c/tests/url.dict
Claude bd0a0f0c26 Add comprehensive fuzzing infrastructure for URL parser
This commit adds AFL++ (American Fuzzy Lop) fuzzing support to help find bugs,
crashes, and security vulnerabilities in the URL parser.

Changes:
- Add fuzz_afl.c: AFL++ fuzz target that tests all parser functions
  - url_parse() with different flag combinations
  - url_parse_ipv4() and url_parse_ipv6()
  - url_serialize(), url_percent_decode(), url_remove_white_space()

- Add build_afl.sh: Build script with AFL++ compiler detection
- Add run_afl.sh: Automated fuzzing script with result reporting
- Add url.dict: Dictionary file to guide AFL++ mutations

- Add corpus/: Seed inputs covering various URL patterns
  - Basic URLs, IPv4/IPv6, percent-encoding, relative paths
  - Edge cases and special schemes (file://, mailto:, etc.)

- Add FUZZING.md: Comprehensive documentation
  - Installation instructions
  - Quick start guide
  - Advanced usage (parallel fuzzing, sanitizers)
  - Troubleshooting tips

- Add fuzz.c: Standalone mutation-based fuzzer (no AFL++ required)
  - Useful for quick testing without installing AFL++
  - Implements various mutation strategies
2025-12-06 15:23:32 +00:00

85 lines
786 B
Plaintext

# AFL++ dictionary for URL fuzzing
# This helps AFL++ generate more interesting mutations
# URL schemes
"http://"
"https://"
"ftp://"
"file://"
"mailto:"
"data:"
"ws://"
"wss://"
# Special characters
":"
"/"
"?"
"#"
"@"
"."
"%"
"["
"]"
# Authority separators
"//"
"@"
# Port separators
":80"
":443"
":8080"
":3000"
# Percent encoding
"%20"
"%2F"
"%3A"
"%00"
"%FF"
# IPv4 patterns
"127.0.0.1"
"192.168.1.1"
"0.0.0.0"
"255.255.255.255"
# IPv6 patterns
"::1"
"::"
"2001:db8::1"
"::ffff:192.0.2.1"
# Common paths
"/index.html"
"/api/v1"
"/../"
"/.."
"/."
# Common query strings
"?query=value"
"&"
"="
# Common fragments
"#fragment"
"#top"
# Userinfo
"user:password@"
"user@"
":password@"
# Special values
"localhost"
"example.com"
"example.org"
# Whitespace
"\t"
"\n"
"\r"
" "