1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "formrefresh_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <fuzzer/FuzzedDataProvider.h>
21 #include "form_constants.h"
22
23 #define private public
24 #include "form_refresh/refresh_impl/form_refresh_after_uncontrol_impl.h"
25 #include "form_refresh/refresh_impl/form_timer_refresh_impl.h"
26 #undef private
27 #include "message_parcel.h"
28 #include "securec.h"
29 #include "form_refresh/check_mgr/active_user_checker.h"
30 #include "form_refresh/check_mgr/add_finish_checker.h"
31 #include "form_refresh/check_mgr/calling_bundle_checker.h"
32 #include "form_refresh/check_mgr/calling_user_checker.h"
33 #include "form_refresh/check_mgr/self_form_checker.h"
34 #include "form_refresh/check_mgr/system_app_checker.h"
35 #include "form_refresh/refresh_impl/form_data_refresh_impl.h"
36 #include "form_refresh/refresh_impl/form_force_refresh_impl.h"
37 #include "form_refresh/refresh_impl/form_host_refresh_impl.h"
38 #include "form_refresh/refresh_impl/form_net_conn_refresh_impl.h"
39 #include "form_refresh/refresh_impl/form_next_time_refresh_impl.h"
40 #include "status_mgr_center/form_status.h"
41
42 using namespace OHOS::AppExecFwk;
43
44 namespace OHOS {
45 constexpr size_t U32_AT_SIZE = 4;
FormStatusTest(FuzzedDataProvider * fdp)46 void FormStatusTest(FuzzedDataProvider *fdp)
47 {
48 int64_t formId = fdp->ConsumeIntegralInRange(0, 1000);
49 int64_t num = fdp->ConsumeIntegralInRange(0, 1000);
50 FormFsmStatus formStatus;
51 FormStatus::GetInstance().SetFormStatus(num, FormFsmStatus::RECYCLING);
52 FormStatus::GetInstance().HasFormStatus(formId);
53 FormStatus::GetInstance().IsFormProcessRecycle(formId);
54 FormStatus::GetInstance().GetFormStatus(formId);
55 FormStatus::GetInstance().SetFormStatus(formId, FormFsmStatus::INIT);
56 FormStatus::GetInstance().DeleteFormStatus(formId);
57 }
58
FormRefreshTest(FuzzedDataProvider * fdp)59 void FormRefreshTest(FuzzedDataProvider *fdp)
60 {
61 bool isTrue = (fdp->ConsumeIntegralInRange(0, 1000)) % 2;
62 bool isFalse = (fdp->ConsumeIntegralInRange(0, 1000)) % 2;
63 int32_t callingUid = fdp->ConsumeIntegralInRange(0, 1000);
64 int64_t formId = fdp->ConsumeIntegralInRange(0, 1000);
65 RefreshData data;
66 int64_t nextTime = fdp->ConsumeIntegralInRange(0, 1000);
67 FormTimer formTimer;
68 sptr<IRemoteObject> callerToken;
69 FormProviderData providerData;
70 FormRecord record;
71 Want want;
72 data.nextTime = nextTime;
73 data.callingUid = callingUid;
74 record.isSystemApp = isTrue;
75 record.formId = formId;
76 record.isDataProxy = isTrue;
77 data.record = record;
78 data.formTimer = formTimer;
79 data.callerToken = callerToken;
80 data.want = want;
81 data.providerData = providerData;
82 FormDataRefreshImpl::GetInstance().RefreshFormRequest(data);
83 FormForceRefreshImpl::GetInstance().RefreshFormRequest(data);
84 FormHostRefreshImpl::GetInstance().RefreshFormRequest(data);
85 FormNetConnRefreshImpl::GetInstance().RefreshFormRequest(data);
86 FormNextTimeRefreshImpl::GetInstance().RefreshFormRequest(data);
87 FormRefreshAfterUncontrolImpl::GetInstance().RefreshFormRequest(data);
88 FormRefreshAfterUncontrolImpl::GetInstance().DetectControlPoint(data, isTrue, isFalse);
89 FormTimerRefreshImpl::GetInstance().RefreshFormRequest(data);
90 FormTimerRefreshImpl::GetInstance().DealRefresh(data);
91 FormTimerRefreshImpl::GetInstance().DetectControlPoint(data, isTrue, isFalse);
92 FormTimerRefreshImpl::GetInstance().BuildTimerWant(formTimer, want);
93 }
94
DoSomethingInterestingWithMyAPI(FuzzedDataProvider * fdp)95 bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp)
96 {
97 bool isTrue = (fdp->ConsumeIntegralInRange(0, 1000)) % 2;
98 bool isFalse = (fdp->ConsumeIntegralInRange(0, 1000)) % 2;
99 int32_t num = fdp->ConsumeIntegralInRange(0, 1000);
100 int32_t num32 = fdp->ConsumeIntegralInRange(0, 1000);
101 int32_t callingUid = fdp->ConsumeIntegralInRange(0, 1000);
102 int64_t formId = fdp->ConsumeIntegralInRange(0, 1000);
103 CheckValidFactor reqFactor;
104 Want want;
105 want.SetParam(Constants::PARAM_FORM_USER_ID, num32);
106 FormRecord record;
107 record.providerUserId = num;
108 reqFactor.formId = formId;
109 reqFactor.callingUid = callingUid;
110 reqFactor.want = want;
111 reqFactor.record = record;
112 ActiveUserChecker::GetInstance().CheckValid(reqFactor);
113 AddFinishChecker::GetInstance().CheckValid(reqFactor);
114 CallingBundleChecker::GetInstance().CheckValid(reqFactor);
115 CallingUserChecker::GetInstance().CheckValid(reqFactor);
116 SelfFormChecker::GetInstance().CheckValid(reqFactor);
117 SystemAppChecker::GetInstance().CheckValid(reqFactor);
118 OHOS::FormRefreshTest(fdp);
119 OHOS::FormStatusTest(fdp);
120 return true;
121 }
122 }
123
124 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)125 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
126 {
127 /* Run your code on data */
128 if (data == nullptr) {
129 return 0;
130 }
131
132 if (size < OHOS::U32_AT_SIZE) {
133 return 0;
134 }
135
136 char* ch = static_cast<char*>(malloc(size + 1));
137 if (ch == nullptr) {
138 return 0;
139 }
140
141 (void)memset_s(ch, size + 1, 0x00, size + 1);
142 if (memcpy_s(ch, size + 1, data, size) != EOK) {
143 free(ch);
144 ch = nullptr;
145 return 0;
146 }
147 FuzzedDataProvider fdp(data, size);
148 OHOS::DoSomethingInterestingWithMyAPI(&fdp);
149 free(ch);
150 ch = nullptr;
151 return 0;
152 }
153
154