1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include <fuzzer/FuzzedDataProvider.h>
16
17 #include <string>
18 #include <vector>
19
20 #include "abs_rdb_predicates.h"
21 #include "rdb_types.h"
22
23
24 using namespace OHOS;
25 using namespace OHOS::NativeRdb;
26
27 static const int FOR_LOOP_MIN = 0;
28 static const int FOR_LOOP_MAX = 10;
29 static const int RANDOM_STRING_LENGTH = 30;
30
31 namespace OHOS {
FuzzInDevices(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)32 void FuzzInDevices(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
33 {
34 std::vector<std::string> devices;
35 size_t numDevices = provider.ConsumeIntegralInRange<size_t>(FOR_LOOP_MIN, FOR_LOOP_MAX);
36 for (size_t i = 0; i < numDevices; ++i) {
37 devices.push_back(provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH));
38 }
39 predicates.InDevices(devices);
40 }
41
FuzzEqualTo(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)42 void FuzzEqualTo(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
43 {
44 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
45 ValueObject value(provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH));
46 predicates.EqualTo(field, value);
47 }
48
FuzzNotEqualTo(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)49 void FuzzNotEqualTo(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
50 {
51 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
52 ValueObject value(provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH));
53 predicates.NotEqualTo(field, value);
54 }
55
FuzzInStringVector(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)56 void FuzzInStringVector(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
57 {
58 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
59 std::vector<std::string> values;
60 size_t numValues = provider.ConsumeIntegralInRange<size_t>(FOR_LOOP_MIN, FOR_LOOP_MAX);
61 for (size_t i = 0; i < numValues; ++i) {
62 values.push_back(provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH));
63 }
64 predicates.In(field, values);
65 }
66
FuzzInValueObjectVector(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)67 void FuzzInValueObjectVector(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
68 {
69 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
70 std::vector<ValueObject> values;
71 size_t numValues = provider.ConsumeIntegralInRange<size_t>(FOR_LOOP_MIN, FOR_LOOP_MAX);
72 for (size_t i = 0; i < numValues; ++i) {
73 ValueObject value(provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH));
74 values.push_back(value);
75 }
76 predicates.In(field, values);
77 }
78
FuzzContains(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)79 void FuzzContains(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
80 {
81 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
82 std::string value = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
83 predicates.Contains(field, value);
84 }
85
FuzzNotContains(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)86 void FuzzNotContains(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
87 {
88 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
89 std::string value = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
90 predicates.NotContains(field, value);
91 }
92
FuzzBeginsWith(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)93 void FuzzBeginsWith(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
94 {
95 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
96 std::string value = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
97 predicates.BeginsWith(field, value);
98 }
99
FuzzEndsWith(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)100 void FuzzEndsWith(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
101 {
102 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
103 std::string value = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
104 predicates.EndsWith(field, value);
105 }
106
FuzzLike(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)107 void FuzzLike(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
108 {
109 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
110 std::string value = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
111 predicates.Like(field, value);
112 }
113
FuzzNotLike(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)114 void FuzzNotLike(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
115 {
116 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
117 std::string value = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
118 predicates.NotLike(field, value);
119 }
120
FuzzGlob(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)121 void FuzzGlob(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
122 {
123 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
124 std::string value = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
125 predicates.Glob(field, value);
126 }
127
FuzzNotGlob(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)128 void FuzzNotGlob(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
129 {
130 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
131 std::string value = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
132 predicates.NotGlob(field, value);
133 }
134
FuzzNotInStringVector(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)135 void FuzzNotInStringVector(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
136 {
137 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
138 std::vector<std::string> values;
139 size_t numValues = provider.ConsumeIntegralInRange<size_t>(FOR_LOOP_MIN, FOR_LOOP_MAX);
140 for (size_t i = 0; i < numValues; ++i) {
141 values.push_back(provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH));
142 }
143 predicates.NotIn(field, values);
144 }
145
FuzzNotInValueObjectVector(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)146 void FuzzNotInValueObjectVector(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
147 {
148 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
149 std::vector<ValueObject> values;
150 size_t numValues = provider.ConsumeIntegralInRange<size_t>(FOR_LOOP_MIN, FOR_LOOP_MAX);
151 for (size_t i = 0; i < numValues; ++i) {
152 ValueObject value(provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH));
153 values.push_back(value);
154 }
155 predicates.NotIn(field, values);
156 }
157
FuzzOrderByAsc(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)158 void FuzzOrderByAsc(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
159 {
160 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
161 predicates.OrderByAsc(field);
162 }
163
FuzzOrderByDesc(FuzzedDataProvider & provider,AbsRdbPredicates & predicates)164 void FuzzOrderByDesc(FuzzedDataProvider &provider, AbsRdbPredicates &predicates)
165 {
166 std::string field = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
167 predicates.OrderByDesc(field);
168 }
169
170 } // namespace OHOS
171
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)172 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
173 {
174 FuzzedDataProvider provider(data, size);
175
176 // Create an instance of AbsRdbPredicates
177 std::string tableName = provider.ConsumeRandomLengthString(RANDOM_STRING_LENGTH);
178 AbsRdbPredicates predicates(tableName);
179
180 // Fuzzing for InDevices
181 OHOS::FuzzInDevices(provider, predicates);
182
183 // Fuzzing for EqualTo
184 OHOS::FuzzEqualTo(provider, predicates);
185
186 // Fuzzing for NotEqualTo
187 OHOS::FuzzNotEqualTo(provider, predicates);
188
189 // Fuzzing for In (string vector)
190 OHOS::FuzzInStringVector(provider, predicates);
191
192 // Fuzzing for In (ValueObject vector)
193 OHOS::FuzzInValueObjectVector(provider, predicates);
194
195 // Fuzzing for Contains
196 OHOS::FuzzContains(provider, predicates);
197
198 // Fuzzing for NotContains
199 OHOS::FuzzNotContains(provider, predicates);
200
201 // Fuzzing for BeginsWith
202 OHOS::FuzzBeginsWith(provider, predicates);
203
204 // Fuzzing for EndsWith
205 OHOS::FuzzEndsWith(provider, predicates);
206
207 // Fuzzing for Like
208 OHOS::FuzzLike(provider, predicates);
209
210 // Fuzzing for NotLike
211 OHOS::FuzzNotLike(provider, predicates);
212
213 // Fuzzing for Glob
214 OHOS::FuzzGlob(provider, predicates);
215
216 // Fuzzing for NotGlob
217 OHOS::FuzzNotGlob(provider, predicates);
218
219 // Fuzzing for NotIn (string vector)
220 OHOS::FuzzNotInStringVector(provider, predicates);
221
222 // Fuzzing for NotIn (ValueObject vector)
223 OHOS::FuzzNotInValueObjectVector(provider, predicates);
224
225 // Fuzzing for OrderByAsc
226 OHOS::FuzzOrderByAsc(provider, predicates);
227
228 // Fuzzing for OrderByDesc
229 OHOS::FuzzOrderByDesc(provider, predicates);
230
231 return 0;
232 }
233