1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #define private public
16 #define protected public
17 #include "fuzzer/FuzzedDataProvider.h"
18 #include "scanservicestub_fuzzer.h"
19 #include "scan_service_ability.h"
20
21 namespace OHOS {
22 namespace Scan {
23 constexpr uint8_t MAX_STRING_LENGTH = 255;
24 constexpr int MAX_SET_NUMBER = 100;
25 constexpr size_t FOO_MAX_LEN = 1024;
26 constexpr size_t U32_AT_SIZE = 4;
27
WriteInterfaceToken(MessageParcel & datas)28 bool WriteInterfaceToken(MessageParcel &datas)
29 {
30 if (!datas.WriteInterfaceToken(ScanServiceAbility::GetInstance()->GetDescriptor())) {
31 return false;
32 }
33 return true;
34 }
35
TestOnOpenScanner(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)36 bool TestOnOpenScanner(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
37 {
38 MessageParcel datas;
39 MessageParcel reply;
40 MessageOption option;
41 if (!WriteInterfaceToken(datas)) {
42 return false;
43 }
44 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
45 datas.WriteString(scannerId);
46 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCANNER_LIST, datas, reply, option);
47 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_INIT_SCAN, datas, reply, option);
48 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_OPEN_SCANNER, datas, reply, option);
49 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_EXIT_SCAN, datas, reply, option);
50 return true;
51 }
52
TestOnCloseScanner(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)53 bool TestOnCloseScanner(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
54 {
55 MessageParcel datas;
56 MessageParcel reply;
57 MessageOption option;
58 if (!WriteInterfaceToken(datas)) {
59 return false;
60 }
61 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
62 datas.WriteString(scannerId);
63 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_CLOSE_SCANNER, datas, reply, option);
64 return true;
65 }
66
TestOnGetScanOptionDesc(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)67 bool TestOnGetScanOptionDesc(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
68 {
69 MessageParcel datas;
70 MessageParcel reply;
71 MessageOption option;
72 if (!WriteInterfaceToken(datas)) {
73 return false;
74 }
75 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
76 datas.WriteString(scannerId);
77 int32_t optionIndex = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
78 datas.WriteInt32(optionIndex);
79 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_OPTION_DESC, datas, reply, option);
80 return true;
81 }
82
TestOnOpScanOptionValue(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)83 bool TestOnOpScanOptionValue(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
84 {
85 MessageParcel datas;
86 MessageParcel reply;
87 MessageOption option;
88 if (!WriteInterfaceToken(datas)) {
89 return false;
90 }
91 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
92 datas.WriteString(scannerId);
93 int32_t optionIndex = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
94 datas.WriteInt32(optionIndex);
95 ScanOptionOpType op = SCAN_ACTION_SET_VALUE;
96 datas.WriteUint32(op);
97 ScanOptionValue value;
98 value.Marshalling(datas);
99 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_OP_SCAN_OPTION_VALUE, datas, reply, option);
100 return true;
101 }
102
TestOnGetScanParameters(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)103 bool TestOnGetScanParameters(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
104 {
105 MessageParcel datas;
106 MessageParcel reply;
107 MessageOption option;
108 if (!WriteInterfaceToken(datas)) {
109 return false;
110 }
111 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
112 datas.WriteString(scannerId);
113 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_PARAMETERS, datas, reply, option);
114 return true;
115 }
116
TestOnStartScan(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)117 bool TestOnStartScan(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
118 {
119 MessageParcel datas;
120 MessageParcel reply;
121 MessageOption option;
122 if (!WriteInterfaceToken(datas)) {
123 return false;
124 }
125 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
126 datas.WriteString(scannerId);
127 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_START_SCAN, datas, reply, option);
128 return true;
129 }
130
TestOnCancelScan(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)131 bool TestOnCancelScan(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
132 {
133 MessageParcel datas;
134 MessageParcel reply;
135 MessageOption option;
136 if (!WriteInterfaceToken(datas)) {
137 return false;
138 }
139 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
140 datas.WriteString(scannerId);
141 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_CANCEL_SCAN, datas, reply, option);
142 return true;
143 }
144
TestOnGetScanProgress(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)145 bool TestOnGetScanProgress(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
146 {
147 MessageParcel datas;
148 MessageParcel reply;
149 MessageOption option;
150 if (!WriteInterfaceToken(datas)) {
151 return false;
152 }
153 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
154 datas.WriteString(scannerId);
155 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_GET_SCAN_PROGRESS, datas, reply, option);
156 return true;
157 }
158
TestOnEventOn(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)159 bool TestOnEventOn(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
160 {
161 MessageParcel datas;
162 MessageParcel reply;
163 if (!WriteInterfaceToken(datas)) {
164 return false;
165 }
166 std::string taskId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
167 datas.WriteString(taskId);
168 std::string type = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
169 datas.WriteString(type);
170 ScanServiceAbility::GetInstance()->OnEventOn(datas, reply);
171 return true;
172 }
173
TestOnEventOff(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)174 bool TestOnEventOff(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
175 {
176 MessageParcel datas;
177 MessageParcel reply;
178 MessageOption option;
179 if (!WriteInterfaceToken(datas)) {
180 return false;
181 }
182 std::string taskId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
183 datas.WriteString(taskId);
184 std::string type = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
185 datas.WriteString(type);
186 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_OFF, datas, reply, option);
187 return true;
188 }
189
TestOnConnectScanner(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)190 bool TestOnConnectScanner(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
191 {
192 MessageParcel datas;
193 MessageParcel reply;
194 if (!WriteInterfaceToken(datas)) {
195 return false;
196 }
197 std::string serialNumber = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
198 datas.WriteString(serialNumber);
199 std::string discoverMode = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
200 datas.WriteString(discoverMode);
201 ScanServiceAbility::GetInstance()->OnConnectScanner(datas, reply);
202 return true;
203 }
204
TestOnDisConnectScanner(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)205 bool TestOnDisConnectScanner(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
206 {
207 MessageParcel datas;
208 MessageParcel reply;
209 if (!WriteInterfaceToken(datas)) {
210 return false;
211 }
212 std::string serialNumber = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
213 datas.WriteString(serialNumber);
214 std::string discoverMode = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
215 datas.WriteString(discoverMode);
216 ScanServiceAbility::GetInstance()->OnDisConnectScanner(datas, reply);
217 return true;
218 }
219
TestNoParmFuncs(const uint8_t * data,size_t size,FuzzedDataProvider * dataProvider)220 bool TestNoParmFuncs(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
221 {
222 MessageParcel datas;
223 MessageParcel reply;
224 MessageOption option;
225 if (!WriteInterfaceToken(datas)) {
226 return false;
227 }
228 std::string scannerId = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
229 datas.WriteString(scannerId);
230 ScanServiceAbility::GetInstance()->OnRemoteRequest(CMD_START_SCAN, datas, reply, option);
231 if (!WriteInterfaceToken(datas)) {
232 return false;
233 }
234 ScanServiceAbility::GetInstance()->OnGetConnectedScanner(datas, reply);
235 if (!WriteInterfaceToken(datas)) {
236 return false;
237 }
238 ScanServiceAbility::GetInstance()->OnExitScan(datas, reply);
239 if (!WriteInterfaceToken(datas)) {
240 return false;
241 }
242 ScanServiceAbility::GetInstance()->OnInitScan(datas, reply);
243 return true;
244 }
245 }
246 }
247
248 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)249 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
250 {
251 if (data == nullptr) {
252 return 0;
253 }
254
255 if (size < OHOS::Scan::U32_AT_SIZE || size > OHOS::Scan::FOO_MAX_LEN) {
256 return 0;
257 }
258 FuzzedDataProvider dataProvider(data, size);
259 OHOS::Scan::TestOnOpenScanner(data, size, &dataProvider);
260 OHOS::Scan::TestOnCloseScanner(data, size, &dataProvider);
261 OHOS::Scan::TestOnGetScanOptionDesc(data, size, &dataProvider);
262 OHOS::Scan::TestOnOpScanOptionValue(data, size, &dataProvider);
263 OHOS::Scan::TestOnGetScanParameters(data, size, &dataProvider);
264 OHOS::Scan::TestOnStartScan(data, size, &dataProvider);
265 OHOS::Scan::TestOnCancelScan(data, size, &dataProvider);
266 OHOS::Scan::TestOnGetScanProgress(data, size, &dataProvider);
267 OHOS::Scan::TestOnEventOn(data, size, &dataProvider);
268 OHOS::Scan::TestOnEventOff(data, size, &dataProvider);
269 OHOS::Scan::TestOnConnectScanner(data, size, &dataProvider);
270 OHOS::Scan::TestOnDisConnectScanner(data, size, &dataProvider);
271 OHOS::Scan::TestNoParmFuncs(data, size, &dataProvider);
272 return 0;
273 }