1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <securec.h>
17 #include <thread>
18
19 #include "net_base_branch_fuzzer.h"
20
21 #include "curl/curl.h"
22 #include "net_mgr_log_wrapper.h"
23
24 #define private public
25 #include "net_http_probe.h"
26 #include "net_policy_rule.h"
27
28 namespace OHOS {
29 namespace NetManagerStandard {
30 namespace {
31 const uint8_t *g_baseBranchFuzzData = nullptr;
32 size_t g_baseBranchFuzzSize = 0;
33 size_t g_baseBranchFuzzPos;
34 constexpr int TWO = 2;
35 constexpr size_t STR_LEN = 10;
36 } // namespace
37
GetNetBranchFuzzData()38 template <class T> T GetNetBranchFuzzData()
39 {
40 T object{};
41 size_t objectSize = sizeof(object);
42 if (g_baseBranchFuzzData == nullptr || objectSize > g_baseBranchFuzzSize - g_baseBranchFuzzPos) {
43 return object;
44 }
45 errno_t ret = memcpy_s(&object, objectSize, g_baseBranchFuzzData + g_baseBranchFuzzPos, objectSize);
46 if (ret != EOK) {
47 return {};
48 }
49 g_baseBranchFuzzPos += objectSize;
50 return object;
51 }
52
GetStringFromData(int strlen)53 std::string GetStringFromData(int strlen)
54 {
55 char cstr[strlen];
56 cstr[strlen - 1] = '\0';
57 for (int i = 0; i < strlen - 1; i++) {
58 cstr[i] = GetNetBranchFuzzData<char>();
59 }
60 std::string str(cstr);
61 return str;
62 }
63
GetSecureDataFromData(int8_t strlen)64 SecureData GetSecureDataFromData(int8_t strlen)
65 {
66 SecureData secureData;
67 char cstr[strlen];
68 cstr[strlen - 1] = '\0';
69 for (int i = 0; i < strlen - 1; i++) {
70 cstr[i] = GetNetBranchFuzzData<char>();
71 }
72 secureData.append(cstr, strlen - 1);
73 return secureData;
74 }
75
NetHttpProbeBranchFuzzTest(const uint8_t * data,size_t size)76 void NetHttpProbeBranchFuzzTest(const uint8_t *data, size_t size)
77 {
78 if (data == nullptr) {
79 return;
80 }
81 int32_t testId = GetNetBranchFuzzData<int32_t>();
82 std::shared_ptr<NetHttpProbe> instance_ =
83 std::make_shared<NetHttpProbe>(testId, NetBearType::BEARER_DEFAULT, NetLinkInfo(), ProbeType::PROBE_HTTP);
84 instance_->GetHttpProbeResult();
85 instance_->GetHttpsProbeResult();
86 std::string host = GetStringFromData(STR_LEN);
87 HttpProxy httpProxy = {host, 0, {}};
88 NetLinkInfo info;
89 std::string ifaceName = std::string(reinterpret_cast<const char*>(data), size);
90 info.ifaceName_ = ifaceName;
91 instance_->UpdateNetLinkInfo(info);
92 instance_->UpdateGlobalHttpProxy(httpProxy);
93 std::string httpUrl = GetStringFromData(STR_LEN);
94 std::string httpsUrl = GetStringFromData(STR_LEN);
95 instance_->SendProbe(PROBE_HTTP_HTTPS, httpUrl, httpsUrl);
96 instance_->CheckCurlGlobalInitState();
97 ProbeType probeType = ProbeType::PROBE_HTTP_HTTPS;
98 instance_->InitHttpCurl(probeType);
99 instance_->CleanHttpCurl();
100 instance_->ExtractDomainFormUrl(httpUrl);
101 std::string testString = "";
102 instance_->GetAddrInfo(testString);
103 instance_->SetResolveOption(probeType, testString, testString, testId);
104 instance_->SetResolveOption(probeType, "test", testString, testId);
105 testString = GetStringFromData(STR_LEN);
106 instance_->GetAddrInfo(testString);
107 instance_->SetCurlOptions(probeType, httpUrl, httpsUrl);
108 CURL *curl = nullptr;
109 instance_->SetHttpOptions(probeType, curl, testString);
110 bool useHttpProxy = GetNetBranchFuzzData<bool>();
111 instance_->SetProxyOption(probeType, useHttpProxy);
112 instance_->SetResolveOption(probeType, testString, testString, testId);
113 instance_->SendDnsProbe(probeType, testString, testString, useHttpProxy);
114 instance_->SendHttpProbeRequest();
115 instance_->RecvHttpProbeResponse();
116 instance_->LoadProxy(testString, testId);
117 }
118
NetPolicyRuleBranchFuzzTest(const uint8_t * data,size_t size)119 void NetPolicyRuleBranchFuzzTest(const uint8_t *data, size_t size)
120 {
121 if (data == nullptr) {
122 return;
123 }
124 bool isForeground = (static_cast<int>(data[0]) % TWO) ? true : false;
125 std::shared_ptr<NetPolicyRule> netPolicyRule = std::make_shared<NetPolicyRule>();
126 uint32_t testId = GetNetBranchFuzzData<uint32_t>();
127 netPolicyRule->UpdateForegroundUidList(testId, isForeground);
128 std::string message = GetStringFromData(STR_LEN);
129 netPolicyRule->GetDumpMessage(message);
130
131 auto policyEvent = std::make_shared<PolicyEvent>();
132 netPolicyRule->HandleEvent(testId, policyEvent);
133 netPolicyRule->IsValidNetPolicy(testId);
134 uint32_t netsysCtrl = GetNetBranchFuzzData<uint32_t>();
135 netPolicyRule->NetsysCtrl(testId, netsysCtrl);
136 netPolicyRule->BuildTransCondition(testId, netsysCtrl);
137 }
138 } // namespace NetManagerStandard
139 } // namespace OHOS
140
141 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)142 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
143 {
144 /* Run your code on data */
145 OHOS::NetManagerStandard::NetHttpProbeBranchFuzzTest(data, size);
146 OHOS::NetManagerStandard::NetPolicyRuleBranchFuzzTest(data, size);
147 return 0;
148 }
149