• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "wantthird_fuzzer.h"
17 
18 #include <cstddef>
19 #include <cstdint>
20 #include <iostream>
21 
22 #define private public
23 #include "want.h"
24 #undef private
25 #include "securec.h"
26 
27 using namespace OHOS::AAFwk;
28 
29 namespace OHOS {
30 namespace {
31 constexpr size_t U32_AT_SIZE = 4;
32 }
GetU32Data(const char * ptr)33 uint32_t GetU32Data(const char* ptr)
34 {
35     // convert fuzz input data to an integer
36     return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3];
37 }
38 
DoReadFromJsonFirst(std::shared_ptr<Want> want)39 void DoReadFromJsonFirst(std::shared_ptr<Want> want)
40 {
41     nlohmann::json noBundleName = "{"
42         "\"deviceId\": \"teset_deviceId\""
43     "}";
44 
45     nlohmann::json noAbilityName = "{"
46         "\"deviceId\": \"teset_deviceId\","
47         "\"bundleName\": \"teset_bundleName\""
48     "}";
49 
50     nlohmann::json noUri = "{"
51         "\"deviceId\": \"teset_deviceId\","
52         "\"bundleName\": \"teset_bundleName\","
53         "\"abilityName\": \"teset_abilityName\""
54     "}";
55 
56     nlohmann::json noType = "{"
57         "\"deviceId\": \"teset_deviceId\","
58         "\"bundleName\": \"teset_bundleName\","
59         "\"abilityName\": \"teset_abilityName\","
60         "\"uri\": \"teset_uri\""
61     "}";
62 
63     nlohmann::json noFlags = "{"
64         "\"deviceId\": \"teset_deviceId\","
65         "\"bundleName\": \"teset_bundleName\","
66         "\"abilityName\": \"teset_abilityName\","
67         "\"uri\": \"teset_uri\","
68         "\"type\": \"teset_type\""
69     "}";
70 
71     nlohmann::json noAction = "{"
72         "\"deviceId\": \"teset_deviceId\","
73         "\"bundleName\": \"teset_bundleName\","
74         "\"abilityName\": \"teset_abilityName\","
75         "\"uri\": \"teset_uri\","
76         "\"type\": \"teset_type\","
77         "\"flags\": \"teset_flags\""
78     "}";
79     if (want != nullptr) {
80         want->ReadFromJson(noBundleName);
81         want->ReadFromJson(noAbilityName);
82         want->ReadFromJson(noUri);
83         want->ReadFromJson(noType);
84         want->ReadFromJson(noFlags);
85         want->ReadFromJson(noAction);
86     }
87 }
88 
DoReadFromJsonSecond(std::shared_ptr<Want> want)89 void DoReadFromJsonSecond(std::shared_ptr<Want> want)
90 {
91     nlohmann::json noParameters = "{"
92         "\"deviceId\": \"teset_deviceId\","
93         "\"bundleName\": \"teset_bundleName\","
94         "\"abilityName\": \"teset_abilityName\","
95         "\"uri\": \"teset_uri\","
96         "\"type\": \"teset_type\","
97         "\"flags\": \"teset_flags\","
98         "\"action\": \"teset_action\","
99         "\"parameters\": \"teset_parameters\""
100     "}";
101     nlohmann::json noEntities = "{"
102         "\"deviceId\": \"teset_deviceId\","
103         "\"bundleName\": \"teset_bundleName\","
104         "\"abilityName\": \"teset_abilityName\","
105         "\"uri\": \"teset_uri\","
106         "\"type\": \"teset_type\","
107         "\"flags\": \"teset_flags\","
108         "\"action\": \"teset_action\","
109         "\"parameters\": \"teset_parameters\""
110     "}";
111     nlohmann::json noStringDeviceId = "{"
112         "\"deviceId\": {},"
113         "\"bundleName\": \"teset_bundleName\","
114         "\"abilityName\": \"teset_abilityName\","
115         "\"uri\": \"teset_uri\","
116         "\"type\": \"teset_type\","
117         "\"flags\": \"teset_flags\","
118         "\"action\": \"teset_action\","
119         "\"parameters\": \"teset_parameters\","
120         "\"entities\": \"teset_entities\""
121     "}";
122     nlohmann::json noStringBundleName = "{"
123         "\"deviceId\": \"teset_deviceId\","
124         "\"bundleName\": {},"
125         "\"abilityName\": \"teset_abilityName\","
126         "\"uri\": \"teset_uri\","
127         "\"type\": \"teset_type\","
128         "\"flags\": \"teset_flags\","
129         "\"action\": \"teset_action\","
130         "\"parameters\": \"teset_parameters\","
131         "\"entities\": \"teset_entities\""
132     "}";
133     if (want != nullptr) {
134         want->ReadFromJson(noParameters);
135         want->ReadFromJson(noEntities);
136         want->ReadFromJson(noStringDeviceId);
137         want->ReadFromJson(noStringBundleName);
138     }
139 }
140 
DoReadFromJsonThird(std::shared_ptr<Want> want)141 void DoReadFromJsonThird(std::shared_ptr<Want> want)
142 {
143     nlohmann::json noStringAbilityName = "{"
144         "\"deviceId\": \"teset_deviceId\","
145         "\"bundleName\": \"teset_bundleName\","
146         "\"abilityName\": {},"
147         "\"uri\": \"teset_uri\","
148         "\"type\": \"teset_type\","
149         "\"flags\": \"teset_flags\","
150         "\"action\": \"teset_action\","
151         "\"parameters\": \"teset_parameters\","
152         "\"entities\": \"teset_entities\""
153     "}";
154 
155     nlohmann::json noStringUri = "{"
156         "\"deviceId\": \"teset_deviceId\","
157         "\"bundleName\": \"teset_bundleName\","
158         "\"abilityName\": \"teset_abilityName\","
159         "\"uri\": {},"
160         "\"type\": \"teset_type\","
161         "\"flags\": \"teset_flags\","
162         "\"action\": \"teset_action\","
163         "\"parameters\": \"teset_parameters\","
164         "\"entities\": \"teset_entities\""
165     "}";
166 
167     nlohmann::json noStringType = "{"
168         "\"deviceId\": \"teset_deviceId\","
169         "\"bundleName\": \"teset_bundleName\","
170         "\"abilityName\": \"teset_abilityName\","
171         "\"uri\": \"teset_uri\","
172         "\"type\": {},"
173         "\"flags\": \"teset_flags\","
174         "\"action\": \"teset_action\","
175         "\"parameters\": \"teset_parameters\","
176         "\"entities\": \"teset_entities\""
177     "}";
178 
179     if (want != nullptr) {
180         want->ReadFromJson(noStringAbilityName);
181         want->ReadFromJson(noStringUri);
182         want->ReadFromJson(noStringType);
183     }
184 }
185 
DoReadFromJsonFourth(std::shared_ptr<Want> want)186 void DoReadFromJsonFourth(std::shared_ptr<Want> want)
187 {
188     nlohmann::json noStringFlags = "{"
189         "\"deviceId\": \"teset_deviceId\","
190         "\"bundleName\": \"teset_bundleName\","
191         "\"abilityName\": \"teset_abilityName\","
192         "\"uri\": \"teset_uri\","
193         "\"type\": \"teset_type\","
194         "\"flags\": {},"
195         "\"action\": \"teset_action\","
196         "\"parameters\": \"teset_parameters\","
197         "\"entities\": \"teset_entities\""
198     "}";
199 
200     nlohmann::json noStringAction = "{"
201         "\"deviceId\": \"teset_deviceId\","
202         "\"bundleName\": \"teset_bundleName\","
203         "\"abilityName\": \"teset_abilityName\","
204         "\"uri\": \"teset_uri\","
205         "\"type\": \"teset_type\","
206         "\"flags\": \"teset_flags\","
207         "\"action\": {},"
208         "\"parameters\": \"teset_parameters\","
209         "\"entities\": \"teset_entities\""
210     "}";
211 
212     nlohmann::json noStringParameters = "{"
213         "\"deviceId\": \"teset_deviceId\","
214         "\"bundleName\": \"teset_bundleName\","
215         "\"abilityName\": \"teset_abilityName\","
216         "\"uri\": \"teset_uri\","
217         "\"type\": \"teset_type\","
218         "\"flags\": \"teset_flags\","
219         "\"action\": \"teset_action\","
220         "\"parameters\": {},"
221         "\"entities\": \"teset_entities\""
222     "}";
223 
224     if (want != nullptr) {
225         want->ReadFromJson(noStringFlags);
226         want->ReadFromJson(noStringAction);
227         want->ReadFromJson(noStringParameters);
228     }
229 }
230 
DoReadFromJsonFifth(std::shared_ptr<Want> want)231 void DoReadFromJsonFifth(std::shared_ptr<Want> want)
232 {
233     nlohmann::json nullEntities = "{"
234         "\"deviceId\": \"teset_deviceId\","
235         "\"bundleName\": \"teset_bundleName\","
236         "\"abilityName\": \"teset_abilityName\","
237         "\"uri\": \"teset_uri\","
238         "\"type\": \"teset_type\","
239         "\"flags\": \"teset_flags\","
240         "\"action\": \"teset_action\","
241         "\"parameters\": \"teset_parameters\","
242         "\"entities\": "
243     "}";
244 
245     nlohmann::json arraryEntitiesItemNotString = "{"
246         "\"deviceId\": \"teset_deviceId\","
247         "\"bundleName\": \"teset_bundleName\","
248         "\"abilityName\": \"teset_abilityName\","
249         "\"uri\": \"teset_uri\","
250         "\"type\": \"teset_type\","
251         "\"flags\": \"teset_flags\","
252         "\"action\": \"teset_action\","
253         "\"parameters\": \"teset_parameters\","
254         "\"entities\": ["
255             "{},"
256         "]"
257     "}";
258 
259     nlohmann::json stringJson = "{"
260         "\"deviceId\": \"teset_deviceId\","
261         "\"bundleName\": \"teset_bundleName\","
262         "\"abilityName\": \"teset_abilityName\","
263         "\"uri\": \"teset_uri\","
264         "\"type\": \"teset_type\","
265         "\"flags\": \"teset_flags\","
266         "\"action\": \"teset_action\","
267         "\"parameters\": \"teset_parameters\","
268         "\"entities\": ["
269             "\"entities\""
270         "]"
271     "}";
272 
273     if (want != nullptr) {
274         want->ReadFromJson(nullEntities);
275         want->ReadFromJson(arraryEntitiesItemNotString);
276         want->ReadFromJson(stringJson);
277     }
278 }
279 
DoReadFromJson(std::shared_ptr<Want> want)280 void DoReadFromJson(std::shared_ptr<Want> want)
281 {
282     DoReadFromJsonFirst(want);
283     DoReadFromJsonSecond(want);
284     DoReadFromJsonThird(want);
285     DoReadFromJsonFourth(want);
286     DoReadFromJsonFifth(want);
287 }
288 
DoSomethingInterestingWithMyAPI(const char * data,size_t size)289 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
290 {
291     std::shared_ptr<Want> want = std::make_shared<Want>();
292     want->CountEntities();
293     Want *wantptr = nullptr;
294     want->GetScheme();
295     AppExecFwk::ElementName elementName;
296     wantptr = want->MakeMainAbility(elementName);
297     if (wantptr) {
298         delete wantptr;
299         wantptr = nullptr;
300     }
301     Operation operation;
302     want->SetOperation(operation);
303     wantptr = want->CloneOperation();
304     if (wantptr) {
305         delete wantptr;
306         wantptr = nullptr;
307     }
308     std::string key(data, size);
309     want->HasParameter(key);
310     std::string content(data, size);
311     std::string prop(data, size);
312     std::string value(data, size);
313     want->ParseContent(content, prop, value);
314     std::string str(data, size);
315     want->Decode(str);
316     want->Encode(str);
317     int level = static_cast<int>(GetU32Data(data));
318     want->DumpInfo(level);
319     nlohmann::json wantJson;
320     std::string jsonStr(data, size);
321     size_t pos = jsonStr.find("\"jsonStr\"");
322     if (pos != std::string::npos) {
323         std::string jsonString = jsonStr.substr(pos + 8);
324         wantJson = nlohmann::json::parse(jsonString, nullptr, false);
325         if (!wantJson.is_discarded()) {
326             std::cout << "json parse success:" << wantJson.dump() << std::endl;
327             want->ReadFromJson(wantJson);
328         }
329     }
330     DoReadFromJson(want);
331     return true;
332 }
333 }
334 
335 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)336 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
337 {
338     /* Run your code on data */
339     if (data == nullptr) {
340         std::cout << "invalid data" << std::endl;
341         return 0;
342     }
343 
344     /* Validate the length of size */
345     if (size < OHOS::U32_AT_SIZE) {
346         return 0;
347     }
348 
349     char* ch = reinterpret_cast<char *>(malloc(size + 1));
350     if (ch == nullptr) {
351         std::cout << "malloc failed." << std::endl;
352         return 0;
353     }
354 
355     (void)memset_s(ch, size + 1, 0x00, size + 1);
356     if (memcpy_s(ch, size, data, size) != EOK) {
357         std::cout << "copy failed." << std::endl;
358         free(ch);
359         ch = nullptr;
360         return 0;
361     }
362 
363     OHOS::DoSomethingInterestingWithMyAPI(ch, size);
364     free(ch);
365     ch = nullptr;
366     return 0;
367 }
368