• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "formdbcache_fuzzer.h"
17 
18 #include <cstddef>
19 #include <cstdint>
20 #include <fuzzer/FuzzedDataProvider.h>
21 
22 #define private public
23 #define protected public
24 #include "data_center/database/form_db_cache.h"
25 #include "data_center/database/form_db_info.h"
26 #undef private
27 #undef protected
28 #include "securec.h"
29 
30 using namespace OHOS::AppExecFwk;
31 
32 namespace OHOS {
33 constexpr int32_t INDEX_MAX = 5;
34 const nlohmann::json JSON_FORMS = R"({})"_json;
35 
GenerateMapData(FuzzedDataProvider * fdp,std::set<int64_t> & matchedFormIds,std::map<FormIdKey,std::set<int64_t>> & noHostDBFormsMap,std::map<int64_t,bool> & foundFormsMap)36 void GenerateMapData(FuzzedDataProvider *fdp, std::set<int64_t> &matchedFormIds,
37     std::map<FormIdKey, std::set<int64_t>> &noHostDBFormsMap, std::map<int64_t, bool> &foundFormsMap)
38 {
39     int32_t index = fdp->ConsumeIntegralInRange(0, INDEX_MAX);
40     for (int32_t i = 0; i < index; i++) {
41         int64_t formId = fdp->ConsumeIntegral<int64_t>();
42         matchedFormIds.insert(formId);
43         std::string bundleName = fdp->ConsumeRandomLengthString();
44         std::string abilityName = fdp->ConsumeRandomLengthString();
45         FormIdKey formIdKey(bundleName, abilityName);
46         std::set<int64_t> formIds = {};
47         int32_t indexj = fdp->ConsumeIntegralInRange(0, INDEX_MAX);
48         for (int32_t j = 0; j < indexj; j++) {
49             int64_t dbFormId = fdp->ConsumeIntegral<int64_t>();
50             formIds.insert(dbFormId);
51         }
52         noHostDBFormsMap[formIdKey] = formIds;
53         int64_t foundFormId = fdp->ConsumeIntegral<int64_t>();
54         bool isFound = fdp->ConsumeBool();
55         foundFormsMap[foundFormId] = isFound;
56     }
57 }
58 
GenerateFormDBInfo(FuzzedDataProvider * fdp,FormDBInfo & info)59 void GenerateFormDBInfo(FuzzedDataProvider *fdp, FormDBInfo &info)
60 {
61     std::vector<Constants::FormLocation> formLocations = {Constants::FormLocation::OTHER,
62         Constants::FormLocation::DESKTOP, Constants::FormLocation::FORM_CENTER,
63         Constants::FormLocation::FORM_MANAGER, Constants::FormLocation::NEGATIVE_SCREEN,
64         Constants::FormLocation::FORM_CENTER_NEGATIVE_SCREEN,
65         Constants::FormLocation::FORM_MANAGER_NEGATIVE_SCREEN,
66         Constants::FormLocation::SCREEN_LOCK, Constants::FormLocation::AI_SUGGESTION};
67     info.formId = fdp->ConsumeIntegral<int64_t>();
68     info.userId = fdp->ConsumeIntegral<int32_t>();
69     info.providerUserId = fdp->ConsumeIntegral<int32_t>();
70     info.formName = fdp->ConsumeRandomLengthString();
71     info.bundleName = fdp->ConsumeRandomLengthString();
72     info.moduleName = fdp->ConsumeRandomLengthString();
73     info.abilityName = fdp->ConsumeRandomLengthString();
74     info.formUserUids = {};
75     info.formLocation = formLocations[fdp->ConsumeIntegralInRange<size_t>(0, formLocations.size() - 1)];
76     info.isThemeForm = fdp->ConsumeBool();
77     info.enableForm = fdp->ConsumeBool();
78     info.lockForm = fdp->ConsumeBool();
79     int32_t indexj = fdp->ConsumeIntegralInRange(0, INDEX_MAX);
80     for (int32_t j = 0; j < indexj; j++) {
81         int formUserUid = fdp->ConsumeIntegral<int>();
82         info.formUserUids.push_back(formUserUid);
83     }
84 }
85 
GetFormDBInfos(FuzzedDataProvider * fdp)86 std::vector<FormDBInfo> GetFormDBInfos(FuzzedDataProvider *fdp)
87 {
88     std::vector<FormDBInfo> formDBInfos = {};
89     int32_t index = fdp->ConsumeIntegralInRange(0, INDEX_MAX);
90     for (int32_t i = 0; i < index; i++) {
91         FormDBInfo info;
92         OHOS::GenerateFormDBInfo(fdp, info);
93         formDBInfos.push_back(info);
94     }
95     return formDBInfos;
96 }
97 
InnerFormInfoTest(FuzzedDataProvider * fdp)98 void InnerFormInfoTest(FuzzedDataProvider *fdp)
99 {
100     InnerFormInfo innerFormInfo;
101     FormDBInfo formDBInfo;
102     OHOS::GenerateFormDBInfo(fdp, formDBInfo);
103     innerFormInfo.formDBInfo_ = formDBInfo;
104     int callingUid = fdp->ConsumeIntegral<int>();
105     nlohmann::json jsonObject = JSON_FORMS;
106     innerFormInfo.ToJson(jsonObject);
107     innerFormInfo.AddUserUid(callingUid);
108     innerFormInfo.DeleteUserUid(callingUid);
109 }
110 
DoSomethingInterestingWithMyAPI(FuzzedDataProvider * fdp)111 bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp)
112 {
113     if (fdp == nullptr) {
114         return true;
115     }
116     OHOS::InnerFormInfoTest(fdp);
117     FormDbCache formDbCache;
118     formDbCache.formDBInfos_ = OHOS::GetFormDBInfos(fdp);
119     formDbCache.Start();
120     FormDBInfo formDBInfo;
121     formDbCache.SaveFormInfo(formDBInfo);
122     formDbCache.SaveFormInfoNolock(formDBInfo);
123     int64_t formId = fdp->ConsumeIntegral<int64_t>();
124     formDbCache.DeleteFormInfo(formId);
125     int32_t hostUid = fdp->ConsumeIntegral<int32_t>();
126     formDbCache.IsHostOwner(formId, hostUid);
127     formDbCache.UpdateFormLocation(formId, hostUid);
128     std::string bundleName = fdp->ConsumeRandomLengthString();
129     std::string moduleName = fdp->ConsumeRandomLengthString();
130     int32_t userId = fdp->ConsumeIntegral<int32_t>();
131     int32_t callingUid = fdp->ConsumeIntegral<int32_t>();
132     uint32_t versionCode = fdp->ConsumeIntegral<uint32_t>();
133     std::vector<FormDBInfo> removedDBForms;
134     std::vector<FormDBInfo> formDBInfos;
135     formDbCache.GetAllFormDBInfoByBundleName(bundleName, userId, formDBInfos);
136     removedDBForms.emplace_back(formDBInfo);
137     formDbCache.DeleteFormInfoByBundleName(bundleName, userId, removedDBForms);
138     formDbCache.GetAllFormInfo(formDBInfos);
139     FormRecord record;
140     formDbCache.GetDBRecord(formId, record);
141     formDbCache.UpdateDBRecord(formId, record);
142     formDbCache.GetMatchCount(bundleName, moduleName);
143     std::set<int64_t> matchedFormIds = {};
144     std::map<FormIdKey, std::set<int64_t>> noHostDBFormsMap = {};
145     std::map<int64_t, bool> foundFormsMap = {};
146     OHOS::GenerateMapData(fdp, matchedFormIds, noHostDBFormsMap, foundFormsMap);
147     formDbCache.GetNoHostInvalidDBForms(userId, callingUid, matchedFormIds, noHostDBFormsMap, foundFormsMap);
148     formDbCache.BatchDeleteNoHostDBForms(callingUid, noHostDBFormsMap, foundFormsMap);
149     formDbCache.GetMultiAppFormVersionCode(bundleName);
150     formDbCache.UpdateMultiAppFormVersionCode(bundleName, versionCode);
151     formDbCache.DeleteInvalidDBForms(userId, callingUid, matchedFormIds, foundFormsMap);
152     return true;
153 }
154 }
155 
156 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)157 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
158 {
159     FuzzedDataProvider fdp(data, size);
160     OHOS::DoSomethingInterestingWithMyAPI(&fdp);
161     return 0;
162 }