• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2024 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.cts;
18 
19 import static com.android.sts.common.NativePocCrashAsserter.assertNoCrash;
20 
21 import static org.junit.Assume.assumeNoException;
22 
23 import android.platform.test.annotations.AsbSecurityTest;
24 
25 import com.android.sts.common.NativePoc;
26 import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
27 import com.android.sts.common.util.TombstoneUtils;
28 import com.android.sts.common.util.TombstoneUtils.Config.BacktraceFilterPattern;
29 import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
30 
31 import org.junit.Test;
32 import org.junit.runner.RunWith;
33 
34 @RunWith(DeviceJUnit4ClassRunner.class)
35 public class CVE_2022_23852 extends NonRootSecurityTestCase {
36 
37     // b/221255869
38     // Vulnerability Behaviour: SIGABRT in self
39     // Vulnerable Library: libexpat (As per AOSP code)
40     // Vulnerable Function: XML_GetBuffer (As per AOSP code)
41     @AsbSecurityTest(cveBugId = 221255869)
42     @Test
testPocCVE_2022_23852()43     public void testPocCVE_2022_23852() {
44         try {
45             // Create the crash config
46             String binary = "CVE-2022-23852";
47             TombstoneUtils.Config crashConfig =
48                     new TombstoneUtils.Config()
49                             .setProcessPatterns(binary)
50                             .setBacktraceIncludes(
51                                     new BacktraceFilterPattern("libexpat", "XML_GetBuffer"))
52                             .setSignals(TombstoneUtils.Signals.SIGABRT);
53 
54             // Build and run the Native PoC
55             NativePoc.builder()
56                     .pocName(binary)
57                     .asserter(assertNoCrash(crashConfig))
58                     .build()
59                     .run(this);
60         } catch (Exception e) {
61             assumeNoException(e);
62         }
63     }
64 }
65