1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "abspredicates_fuzzer.h"
16
17 #include <fuzzer/FuzzedDataProvider.h>
18
19 #include <string>
20 #include <vector>
21
22 #include "abs_shared_result_set.h"
23 #include "ashmem.h"
24 #include "rd_statement.h"
25 #include "rdb_errno.h"
26 #include "rdb_store_config.h"
27 #include "rdb_store_impl.h"
28 #include "rdb_types.h"
29 #include "refbase.h"
30 #include "shared_block.h"
31
32 using namespace OHOS;
33 using namespace OHOS::NativeRdb;
34
35 // Define constants
36 #define MAX_STRING_LENGTH 50
37 #define MAX_VECTOR_SIZE 10
38
39 namespace OHOS {
40
ConsumeRandomLengthValueObjectVector(FuzzedDataProvider & provider)41 std::vector<ValueObject> ConsumeRandomLengthValueObjectVector(FuzzedDataProvider &provider)
42 {
43 const int loopsMin = 0;
44 const int loopsMax = 100;
45 size_t loops = provider.ConsumeIntegralInRange<size_t>(loopsMin, loopsMax);
46 std::vector<ValueObject> columns;
47 for (size_t i = 0; i < loops; ++i) {
48 int32_t value = provider.ConsumeIntegral<int32_t>();
49 ValueObject obj(value);
50 columns.emplace_back(obj);
51 }
52 return columns;
53 }
54
ConsumeRandomLengthStringVector(FuzzedDataProvider & provider)55 std::vector<std::string> ConsumeRandomLengthStringVector(FuzzedDataProvider &provider)
56 {
57 const int loopsMin = 0;
58 const int loopsMax = 100;
59 size_t loops = provider.ConsumeIntegralInRange<size_t>(loopsMin, loopsMax);
60 std::vector<std::string> columns;
61 for (size_t i = 0; i < loops; ++i) {
62 int32_t length = provider.ConsumeIntegral<int32_t>();
63 auto bytes = provider.ConsumeBytes<char>(length);
64 columns.emplace_back(bytes.begin(), bytes.end());
65 }
66 return columns;
67 }
68
TestSetWhereClause(FuzzedDataProvider & provider,AbsPredicates & predicates)69 void TestSetWhereClause(FuzzedDataProvider &provider, AbsPredicates &predicates)
70 {
71 std::string whereClause = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
72 predicates.SetWhereClause(whereClause);
73 }
74
TestSetBindArgs(FuzzedDataProvider & provider,AbsPredicates & predicates)75 void TestSetBindArgs(FuzzedDataProvider &provider, AbsPredicates &predicates)
76 {
77 std::vector<ValueObject> valueObjects = ConsumeRandomLengthValueObjectVector(provider);
78 predicates.SetBindArgs(valueObjects);
79 }
80
TestSetOrder(FuzzedDataProvider & provider,AbsPredicates & predicates)81 void TestSetOrder(FuzzedDataProvider &provider, AbsPredicates &predicates)
82 {
83 std::string order = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
84 predicates.SetOrder(order);
85 }
86
TestLimit(FuzzedDataProvider & provider,AbsPredicates & predicates)87 void TestLimit(FuzzedDataProvider &provider, AbsPredicates &predicates)
88 {
89 int limit = provider.ConsumeIntegral<int>();
90 predicates.Limit(limit);
91 }
92
TestLimitWithOffset(FuzzedDataProvider & provider,AbsPredicates & predicates)93 void TestLimitWithOffset(FuzzedDataProvider &provider, AbsPredicates &predicates)
94 {
95 int offset = provider.ConsumeIntegral<int>();
96 int limit = provider.ConsumeIntegral<int>();
97 predicates.Limit(offset, limit);
98 }
99
TestOffset(FuzzedDataProvider & provider,AbsPredicates & predicates)100 void TestOffset(FuzzedDataProvider &provider, AbsPredicates &predicates)
101 {
102 int offset = provider.ConsumeIntegral<int>();
103 predicates.Offset(offset);
104 }
105
TestGroupBy(FuzzedDataProvider & provider,AbsPredicates & predicates)106 void TestGroupBy(FuzzedDataProvider &provider, AbsPredicates &predicates)
107 {
108 std::vector<std::string> fields = ConsumeRandomLengthStringVector(provider);
109 predicates.GroupBy(fields);
110 }
111
TestIndexedBy(FuzzedDataProvider & provider,AbsPredicates & predicates)112 void TestIndexedBy(FuzzedDataProvider &provider, AbsPredicates &predicates)
113 {
114 std::string indexName = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
115 predicates.IndexedBy(indexName);
116 }
117
TestHaving(FuzzedDataProvider & provider,AbsPredicates & predicates)118 void TestHaving(FuzzedDataProvider &provider, AbsPredicates &predicates)
119 {
120 std::string conditions = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
121 std::vector<ValueObject> valueObjects = ConsumeRandomLengthValueObjectVector(provider);
122 predicates.Having(conditions, valueObjects);
123 }
124
TestIn(FuzzedDataProvider & provider,AbsPredicates & predicates)125 void TestIn(FuzzedDataProvider &provider, AbsPredicates &predicates)
126 {
127 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
128 std::vector<ValueObject> valueObjects = ConsumeRandomLengthValueObjectVector(provider);
129 predicates.In(field, valueObjects);
130 }
131
TestNotIn(FuzzedDataProvider & provider,AbsPredicates & predicates)132 void TestNotIn(FuzzedDataProvider &provider, AbsPredicates &predicates)
133 {
134 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
135 std::vector<ValueObject> valueObjects = ConsumeRandomLengthValueObjectVector(provider);
136 predicates.NotIn(field, valueObjects);
137 }
138
TestBetween(FuzzedDataProvider & provider,AbsPredicates & predicates)139 void TestBetween(FuzzedDataProvider &provider, AbsPredicates &predicates)
140 {
141 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
142 int32_t value1 = provider.ConsumeIntegral<int32_t>();
143 ValueObject obj1(value1);
144 int32_t value2 = provider.ConsumeIntegral<int32_t>();
145 ValueObject obj2(value2);
146 predicates.Between(field, obj1, obj2);
147 }
148
TestNotBetween(FuzzedDataProvider & provider,AbsPredicates & predicates)149 void TestNotBetween(FuzzedDataProvider &provider, AbsPredicates &predicates)
150 {
151 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
152 int32_t value1 = provider.ConsumeIntegral<int32_t>();
153 ValueObject obj1(value1);
154 int32_t value2 = provider.ConsumeIntegral<int32_t>();
155 ValueObject obj2(value2);
156 predicates.NotBetween(field, obj1, obj2);
157 }
158
TestGreaterThan(FuzzedDataProvider & provider,AbsPredicates & predicates)159 void TestGreaterThan(FuzzedDataProvider &provider, AbsPredicates &predicates)
160 {
161 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
162 ValueObject valueObject = provider.ConsumeIntegral<int>();
163 predicates.GreaterThan(field, valueObject);
164 }
165
TestLessThan(FuzzedDataProvider & provider,AbsPredicates & predicates)166 void TestLessThan(FuzzedDataProvider &provider, AbsPredicates &predicates)
167 {
168 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
169 ValueObject valueObject = provider.ConsumeIntegral<int>();
170 predicates.LessThan(field, valueObject);
171 }
172
TestGreaterThanOrEqualTo(FuzzedDataProvider & provider,AbsPredicates & predicates)173 void TestGreaterThanOrEqualTo(FuzzedDataProvider &provider, AbsPredicates &predicates)
174 {
175 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
176 ValueObject valueObject = provider.ConsumeIntegral<int>();
177 predicates.GreaterThanOrEqualTo(field, valueObject);
178 }
179
TestLessThanOrEqualTo(FuzzedDataProvider & provider,AbsPredicates & predicates)180 void TestLessThanOrEqualTo(FuzzedDataProvider &provider, AbsPredicates &predicates)
181 {
182 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
183 ValueObject valueObject = provider.ConsumeIntegral<int>();
184 predicates.LessThanOrEqualTo(field, valueObject);
185 }
186
TestOrderByAsc(FuzzedDataProvider & provider,AbsPredicates & predicates)187 void TestOrderByAsc(FuzzedDataProvider &provider, AbsPredicates &predicates)
188 {
189 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
190 predicates.OrderByAsc(field);
191 }
192
TestOrderByDesc(FuzzedDataProvider & provider,AbsPredicates & predicates)193 void TestOrderByDesc(FuzzedDataProvider &provider, AbsPredicates &predicates)
194 {
195 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
196 predicates.OrderByDesc(field);
197 }
198
TestEqualTo(FuzzedDataProvider & provider,AbsPredicates & predicates)199 void TestEqualTo(FuzzedDataProvider &provider, AbsPredicates &predicates)
200 {
201 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
202 ValueObject valueObject = provider.ConsumeIntegral<int>();
203 predicates.EqualTo(field, valueObject);
204 }
205
TestNotEqualTo(FuzzedDataProvider & provider,AbsPredicates & predicates)206 void TestNotEqualTo(FuzzedDataProvider &provider, AbsPredicates &predicates)
207 {
208 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
209 ValueObject valueObject = provider.ConsumeIntegral<int>();
210 predicates.NotEqualTo(field, valueObject);
211 }
212
TestContains(FuzzedDataProvider & provider,AbsPredicates & predicates)213 void TestContains(FuzzedDataProvider &provider, AbsPredicates &predicates)
214 {
215 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
216 std::string value = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
217 predicates.Contains(field, value);
218 }
219
TestNotContains(FuzzedDataProvider & provider,AbsPredicates & predicates)220 void TestNotContains(FuzzedDataProvider &provider, AbsPredicates &predicates)
221 {
222 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
223 std::string value = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
224 predicates.NotContains(field, value);
225 }
226
TestBeginsWith(FuzzedDataProvider & provider,AbsPredicates & predicates)227 void TestBeginsWith(FuzzedDataProvider &provider, AbsPredicates &predicates)
228 {
229 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
230 std::string value = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
231 predicates.BeginsWith(field, value);
232 }
233
TestEndsWith(FuzzedDataProvider & provider,AbsPredicates & predicates)234 void TestEndsWith(FuzzedDataProvider &provider, AbsPredicates &predicates)
235 {
236 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
237 std::string value = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
238 predicates.EndsWith(field, value);
239 }
240
TestIsNull(FuzzedDataProvider & provider,AbsPredicates & predicates)241 void TestIsNull(FuzzedDataProvider &provider, AbsPredicates &predicates)
242 {
243 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
244 predicates.IsNull(field);
245 }
246
TestIsNotNull(FuzzedDataProvider & provider,AbsPredicates & predicates)247 void TestIsNotNull(FuzzedDataProvider &provider, AbsPredicates &predicates)
248 {
249 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
250 predicates.IsNotNull(field);
251 }
252
TestLike(FuzzedDataProvider & provider,AbsPredicates & predicates)253 void TestLike(FuzzedDataProvider &provider, AbsPredicates &predicates)
254 {
255 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
256 std::string value = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
257 predicates.Like(field, value);
258 }
259
TestNotLike(FuzzedDataProvider & provider,AbsPredicates & predicates)260 void TestNotLike(FuzzedDataProvider &provider, AbsPredicates &predicates)
261 {
262 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
263 std::string value = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
264 predicates.NotLike(field, value);
265 }
266
TestGlob(FuzzedDataProvider & provider,AbsPredicates & predicates)267 void TestGlob(FuzzedDataProvider &provider, AbsPredicates &predicates)
268 {
269 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
270 std::string value = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
271 predicates.Glob(field, value);
272 }
273
TestNotGlob(FuzzedDataProvider & provider,AbsPredicates & predicates)274 void TestNotGlob(FuzzedDataProvider &provider, AbsPredicates &predicates)
275 {
276 std::string field = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
277 std::string value = provider.ConsumeRandomLengthString(MAX_STRING_LENGTH);
278 predicates.NotGlob(field, value);
279 }
280 } // namespace OHOS
281
282 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)283 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
284 {
285 FuzzedDataProvider provider(data, size);
286 OHOS::NativeRdb::AbsPredicates predicates;
287
288 // Call test functions
289 OHOS::TestSetWhereClause(provider, predicates);
290 OHOS::TestSetBindArgs(provider, predicates);
291 OHOS::TestSetOrder(provider, predicates);
292 OHOS::TestLimit(provider, predicates);
293 OHOS::TestLimitWithOffset(provider, predicates);
294 OHOS::TestOffset(provider, predicates);
295 OHOS::TestGroupBy(provider, predicates);
296 OHOS::TestIndexedBy(provider, predicates);
297 OHOS::TestHaving(provider, predicates);
298 OHOS::TestIn(provider, predicates);
299 OHOS::TestNotIn(provider, predicates);
300 OHOS::TestBetween(provider, predicates);
301 OHOS::TestNotBetween(provider, predicates);
302 OHOS::TestGreaterThan(provider, predicates);
303 OHOS::TestLessThan(provider, predicates);
304 OHOS::TestGreaterThanOrEqualTo(provider, predicates);
305 OHOS::TestLessThanOrEqualTo(provider, predicates);
306 OHOS::TestOrderByAsc(provider, predicates);
307 OHOS::TestOrderByDesc(provider, predicates);
308 OHOS::TestEqualTo(provider, predicates);
309 OHOS::TestNotEqualTo(provider, predicates);
310 OHOS::TestContains(provider, predicates);
311 OHOS::TestNotContains(provider, predicates);
312 OHOS::TestBeginsWith(provider, predicates);
313 OHOS::TestEndsWith(provider, predicates);
314 OHOS::TestIsNull(provider, predicates);
315 OHOS::TestIsNotNull(provider, predicates);
316 OHOS::TestLike(provider, predicates);
317 OHOS::TestNotLike(provider, predicates);
318 OHOS::TestGlob(provider, predicates);
319 OHOS::TestNotGlob(provider, predicates);
320
321 return 0;
322 }
323