1 /*
2 * Copyright (c) 2023-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "verifycredentialstub_fuzzer.h"
17
18 #include <string>
19 #include <vector>
20 #include "account_log_wrapper.h"
21 #include "app_account_authenticator_callback_stub.h"
22 #include "app_account_manager_service.h"
23 #include "iapp_account.h"
24 #include "fuzz_data.h"
25
26 using namespace std;
27 using namespace OHOS::AccountSA;
28
29 class MockAuthenticatorCallback final : public AppAccountAuthenticatorCallbackStub {
30 public:
OnResult(int32_t resultCode,const OHOS::AAFwk::Want & result)31 OHOS::ErrCode OnResult(int32_t resultCode, const OHOS::AAFwk::Want &result)
32 {
33 return OHOS::ERR_OK;
34 }
35
OnRequestRedirected(const OHOS::AAFwk::Want & request)36 OHOS::ErrCode OnRequestRedirected(const OHOS::AAFwk::Want &request)
37 {
38 return OHOS::ERR_OK;
39 }
40
OnRequestContinued()41 OHOS::ErrCode OnRequestContinued()
42 {
43 return OHOS::ERR_OK;
44 }
CallbackEnter(uint32_t code)45 OHOS::ErrCode CallbackEnter([[maybe_unused]] uint32_t code)
46 {
47 return OHOS::ERR_OK;
48 }
CallbackExit(uint32_t code,int32_t result)49 OHOS::ErrCode CallbackExit([[maybe_unused]] uint32_t code, [[maybe_unused]] int32_t result)
50 {
51 return OHOS::ERR_OK;
52 }
53 };
54
55 namespace OHOS {
56 const std::u16string APPACCOUNT_TOKEN = u"OHOS.AccountSA.IAppAccount";
VerifyCredentialStubFuzzTest(const uint8_t * data,size_t size)57 bool VerifyCredentialStubFuzzTest(const uint8_t* data, size_t size)
58 {
59 if ((data == nullptr) || (size == 0)) {
60 return false;
61 }
62 FuzzData fuzzData(data, size);
63 std::string testName = fuzzData.GenerateString();
64 std::string testOwner = fuzzData.GenerateString();
65 std::string testValue = fuzzData.GenerateString();
66 VerifyCredentialOptions options;
67 options.credentialType = testValue;
68 options.credential = testValue;
69 MessageParcel dataTemp;
70 if (!dataTemp.WriteInterfaceToken(APPACCOUNT_TOKEN)) {
71 return false;
72 }
73 if (!dataTemp.WriteString(testName)) {
74 return false;
75 }
76 if (!dataTemp.WriteString(testOwner)) {
77 return false;
78 }
79 if (!dataTemp.WriteParcelable(&options)) {
80 return false;
81 }
82 bool isWriteCallback = fuzzData.GetData<bool>();
83 if (isWriteCallback) {
84 sptr<MockAuthenticatorCallback> callback = new (std::nothrow) MockAuthenticatorCallback();
85 if (callback == nullptr) {
86 ACCOUNT_LOGI("AppAccountStub VerifyCredential callback is null");
87 return false;
88 }
89 if (!dataTemp.WriteRemoteObject(callback->AsObject())) {
90 return false;
91 }
92 }
93 MessageParcel reply;
94 MessageOption option;
95 uint32_t code = static_cast<uint32_t>(IAppAccountIpcCode::COMMAND_VERIFY_CREDENTIAL);
96 auto appAccountManagerService = std::make_shared<AppAccountManagerService>();
97 appAccountManagerService->OnRemoteRequest(code, dataTemp, reply, option);
98 return true;
99 }
100 }
101
102 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)103 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
104 {
105 /* Run your code on data */
106 OHOS::VerifyCredentialStubFuzzTest(data, size);
107 return 0;
108 }
109
110