From 1ad9f4f5d400d6c9a48a5cc37c12c0cadc5c9c3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=9F=A6=E5=9B=BD=E5=BA=86?= Date: Sat, 21 Jun 2025 20:15:26 +0800 Subject: [PATCH 1/8] add FUZZ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 韦国庆 --- test/BUILD.gn | 56 ++++++------ test/commonfuzztest/BUILD.gn | 6 ++ test/commonfuzztest/authacl_fuzzer/BUILD.gn | 82 +++++++++++++++++ .../authacl_fuzzer/auth_acl_fuzzer.cpp | 50 +++++++++++ .../authacl_fuzzer/auth_acl_fuzzer.h | 21 +++++ .../commonfuzztest/authacl_fuzzer/corpus/init | 13 +++ .../commonfuzztest/authacl_fuzzer/project.xml | 25 ++++++ .../authcredential_fuzzer/BUILD.gn | 83 +++++++++++++++++ .../auth_credential_fuzzer.cpp | 71 +++++++++++++++ .../auth_credential_fuzzer.h | 21 +++++ .../authcredential_fuzzer/corpus/init | 13 +++ .../authcredential_fuzzer/project.xml | 25 ++++++ .../authpinauth_fuzzer/BUILD.gn | 80 +++++++++++++++++ .../auth_pin_auth_fuzzer.cpp | 71 +++++++++++++++ .../authpinauth_fuzzer/auth_pin_auth_fuzzer.h | 21 +++++ .../authpinauth_fuzzer/corpus/init | 13 +++ .../authpinauth_fuzzer/project.xml | 25 ++++++ .../commonfuzztest/dmanonyous_fuzzer/BUILD.gn | 75 ++++++++++++++++ .../dmanonyous_fuzzer/corpus/init | 13 +++ .../dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp | 74 ++++++++++++++++ .../dmanonyous_fuzzer/dm_anonyous_fuzzer.h | 21 +++++ .../dmanonyous_fuzzer/project.xml | 25 ++++++ .../dm_auth_manager_fuzzer.cpp | 1 - .../dmauthmanagerv2_fuzzer/BUILD.gn | 4 +- .../dm_auth_manager_fuzzer.cpp | 61 ++++++++++++- .../dmfreezeprocess_fuzzer/BUILD.gn | 80 +++++++++++++++++ .../dmfreezeprocess_fuzzer/corpus/init | 13 +++ .../dm_freeze_process_fuzzer.cpp | 88 +++++++++++++++++++ .../dm_freeze_process_fuzzer.h | 21 +++++ .../dmfreezeprocess_fuzzer/project.xml | 25 ++++++ .../UTTest_hichain_connector.cpp | 0 test/interfacesfuzztest/BUILD.gn | 0 .../devicemanagerimpl_fuzzer/BUILD.gn | 2 +- .../devicemanagerimpl_fuzzer/corpus/init | 0 .../device_manager_impl_fuzzer.cpp | 35 ++++++++ .../device_manager_impl_fuzzer.h | 0 .../devicemanagerimpl_fuzzer/project.xml | 0 test/servicesfuzztest/BUILD.gn | 1 + .../auth_message_processor_fuzzer.cpp | 82 ++++++++++++++++- .../devicenamemanager_fuzzer/BUILD.gn | 2 +- .../dmauthattestcommon_fuzzer/BUILD.gn | 80 +++++++++++++++++ .../dmauthattestcommon_fuzzer/corpus/init | 13 +++ .../dm_auth_attest_common_fuzzer.cpp | 54 ++++++++++++ .../dm_auth_attest_common_fuzzer.h | 21 +++++ .../dmauthattestcommon_fuzzer/project.xml | 25 ++++++ .../dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp | 27 ++++++ .../dm_transport_msg_fuzzer.cpp | 29 ++++++ 47 files changed, 1511 insertions(+), 37 deletions(-) create mode 100644 test/commonfuzztest/authacl_fuzzer/BUILD.gn create mode 100644 test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp create mode 100644 test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.h create mode 100644 test/commonfuzztest/authacl_fuzzer/corpus/init create mode 100644 test/commonfuzztest/authacl_fuzzer/project.xml create mode 100644 test/commonfuzztest/authcredential_fuzzer/BUILD.gn create mode 100644 test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp create mode 100644 test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.h create mode 100644 test/commonfuzztest/authcredential_fuzzer/corpus/init create mode 100644 test/commonfuzztest/authcredential_fuzzer/project.xml create mode 100644 test/commonfuzztest/authpinauth_fuzzer/BUILD.gn create mode 100644 test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp create mode 100644 test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.h create mode 100644 test/commonfuzztest/authpinauth_fuzzer/corpus/init create mode 100644 test/commonfuzztest/authpinauth_fuzzer/project.xml create mode 100644 test/commonfuzztest/dmanonyous_fuzzer/BUILD.gn create mode 100644 test/commonfuzztest/dmanonyous_fuzzer/corpus/init create mode 100644 test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp create mode 100644 test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.h create mode 100644 test/commonfuzztest/dmanonyous_fuzzer/project.xml create mode 100644 test/commonfuzztest/dmfreezeprocess_fuzzer/BUILD.gn create mode 100644 test/commonfuzztest/dmfreezeprocess_fuzzer/corpus/init create mode 100644 test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp create mode 100644 test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.h create mode 100644 test/commonfuzztest/dmfreezeprocess_fuzzer/project.xml mode change 100755 => 100644 test/commonunittest/UTTest_hichain_connector.cpp mode change 100755 => 100644 test/interfacesfuzztest/BUILD.gn mode change 100755 => 100644 test/interfacesfuzztest/devicemanagerimpl_fuzzer/BUILD.gn mode change 100755 => 100644 test/interfacesfuzztest/devicemanagerimpl_fuzzer/corpus/init mode change 100755 => 100644 test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp mode change 100755 => 100644 test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.h mode change 100755 => 100644 test/interfacesfuzztest/devicemanagerimpl_fuzzer/project.xml create mode 100644 test/servicesfuzztest/dmauthattestcommon_fuzzer/BUILD.gn create mode 100644 test/servicesfuzztest/dmauthattestcommon_fuzzer/corpus/init create mode 100644 test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.cpp create mode 100644 test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.h create mode 100644 test/servicesfuzztest/dmauthattestcommon_fuzzer/project.xml diff --git a/test/BUILD.gn b/test/BUILD.gn index c856a29d0..e5cb6fa45 100644 --- a/test/BUILD.gn +++ b/test/BUILD.gn @@ -1,28 +1,28 @@ -# Copyright (c) 2022-2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -group("test") { - testonly = true - - deps = [] - if (support_jsapi) { - deps += [ - "benchmarktest:benchmarktest", - "commonfuzztest:fuzztest", - "interfacesfuzztest:fuzztest", - "servicesfuzztest:fuzztest", - "softbusfuzztest:fuzztest", - "unittest:unittest", - ] - } -} +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +group("test") { + testonly = true + + deps = [] + if (support_jsapi) { + deps += [ + "benchmarktest:benchmarktest", + "commonfuzztest:fuzztest", + "interfacesfuzztest:fuzztest", + "servicesfuzztest:fuzztest", + "softbusfuzztest:fuzztest", + "unittest:unittest", + ] + } +} diff --git a/test/commonfuzztest/BUILD.gn b/test/commonfuzztest/BUILD.gn index c88c67ba2..393935132 100644 --- a/test/commonfuzztest/BUILD.gn +++ b/test/commonfuzztest/BUILD.gn @@ -15,13 +15,18 @@ group("fuzztest") { testonly = true deps = [ + "authacl_fuzzer:fuzztest", + "authcredential_fuzzer:fuzztest", "authenticatedevice_fuzzer:fuzztest", "authenticatedeviceservice_fuzzer:fuzztest", "authenticatedeviceserviceimpl_fuzzer:fuzztest", + "authpinauth_fuzzer:fuzztest", + "dmanonyous_fuzzer:fuzztest", "dmauthmanager_fuzzer:fuzztest", "dmauthmanagerv2_fuzzer:fuzztest", "dmcommoneventmanager_fuzzer:fuzztest", "dmcredentialimpl_fuzzer:fuzztest", + "dmfreezeprocess_fuzzer:fuzztest", "generateencrypteduuid_fuzzer:fuzztest", "getdeviceinfo_fuzzer:fuzztest", "hichainconnector_fuzzer:fuzztest", @@ -33,5 +38,6 @@ group("fuzztest") { "pinauth_fuzzer:fuzztest", "pinauthui_fuzzer:fuzztest", "pinholder_fuzzer:fuzztest", + ] } diff --git a/test/commonfuzztest/authacl_fuzzer/BUILD.gn b/test/commonfuzztest/authacl_fuzzer/BUILD.gn new file mode 100644 index 000000000..9b8b45671 --- /dev/null +++ b/test/commonfuzztest/authacl_fuzzer/BUILD.gn @@ -0,0 +1,82 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/distributedhardware/device_manager/device_manager.gni") + +##############################fuzztest########################################## +ohos_fuzztest("AuthAclFuzzTest") { + module_out_path = fuzz_test_output_path + fuzz_config_file = + "${devicemanager_path}/test/commonfuzztest/authacl_fuzzer" + + include_dirs = [ + "${innerkits_path}/native_cpp/include", + "${servicesimpl_path}/include/ability", + "${servicesimpl_path}/include/adapter", + "${servicesimpl_path}/include/authentication_v2", + "${servicesimpl_path}/include/dependency/hichain", + "${servicesimpl_path}/include/dependency/softbus", + "${servicesimpl_path}/include/dependency/timer", + ] + + cflags = [ + "-g", + "-O0", + "-Dprivate=public", + "-Dprotected=public", + "-Werror", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "auth_acl_fuzzer.cpp" ] + + deps = [ + "${innerkits_path}/native_cpp:devicemanagersdk", + "${services_path}:devicemanagerservicetest", + "${servicesimpl_path}:devicemanagerserviceimpl", + "${utils_path}:devicemanagerutilstest", + ] + + external_deps = [ + "cJSON:cjson", + "device_auth:deviceauth_sdk", + "device_info_manager:distributed_device_profile_common", + "device_info_manager:distributed_device_profile_sdk", + "dsoftbus:softbus_client", + "ffrt:libffrt", + "hilog:libhilog", + "init:libbegetutil", + "ipc:ipc_single", + "safwk:system_ability_fwk", + ] + + defines = [ + "HI_LOG_ENABLE", + "DH_LOG_TAG=\"AuthAclFuzzTest\"", + "LOG_DOMAIN=0xD004110", + ] + cflags_cc=[ "--coverage"] + ldflags = ["--coverage"] +} + +############################################################################### +group("fuzztest") { + testonly = true + + deps = [ ":AuthAclFuzzTest" ] +} +############################################################################### diff --git a/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp b/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp new file mode 100644 index 000000000..327347467 --- /dev/null +++ b/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2025-2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "auth_acl_fuzzer.h" + +#include +#include + +#include "device_manager_service_listener.h" +#include "dm_auth_state.h" +#include "dm_freeze_process.h" + +namespace OHOS { +namespace DistributedHardware { +void AuthAclFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + FuzzedDataProvider fdp(data, size); + int32_t sessionId = fdp.ConsumeIntegral(); + std::string result = fdp.ConsumeRandomLengthString(); + std::shared_ptr authSink = std::make_shared(); + std::shared_ptr authSrc = std::make_shared(); + + authSink->GetStateType(); + authSrc->GetStateType(); +} +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::DistributedHardware::AuthAclFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.h b/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.h new file mode 100644 index 000000000..6e30090a7 --- /dev/null +++ b/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef AUTH_ACL_FUZZER_H +#define AUTH_ACL_FUZZER_H + +#define FUZZ_PROJECT_NAME "authacl_fuzzer" + +#endif // AUTH_ACL_FUZZER_H \ No newline at end of file diff --git a/test/commonfuzztest/authacl_fuzzer/corpus/init b/test/commonfuzztest/authacl_fuzzer/corpus/init new file mode 100644 index 000000000..8f37f0925 --- /dev/null +++ b/test/commonfuzztest/authacl_fuzzer/corpus/init @@ -0,0 +1,13 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +FUZZ \ No newline at end of file diff --git a/test/commonfuzztest/authacl_fuzzer/project.xml b/test/commonfuzztest/authacl_fuzzer/project.xml new file mode 100644 index 000000000..500f6f414 --- /dev/null +++ b/test/commonfuzztest/authacl_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + \ No newline at end of file diff --git a/test/commonfuzztest/authcredential_fuzzer/BUILD.gn b/test/commonfuzztest/authcredential_fuzzer/BUILD.gn new file mode 100644 index 000000000..04f4d5c98 --- /dev/null +++ b/test/commonfuzztest/authcredential_fuzzer/BUILD.gn @@ -0,0 +1,83 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/distributedhardware/device_manager/device_manager.gni") + +##############################fuzztest########################################## +ohos_fuzztest("AuthCredentialFuzzTest") { + module_out_path = fuzz_test_output_path + fuzz_config_file = + "${devicemanager_path}/test/commonfuzztest/authcredential_fuzzer" + + include_dirs = [ + "${innerkits_path}/native_cpp/include", + "${servicesimpl_path}/include/ability", + "${servicesimpl_path}/include/adapter", + "${servicesimpl_path}/include/authentication_v2", + "${servicesimpl_path}/include/dependency/hichain", + "${servicesimpl_path}/include/dependency/softbus", + "${servicesimpl_path}/include/dependency/timer", + ] + + cflags = [ + "-g", + "-O0", + "-Dprivate=public", + "-Dprotected=public", + "-Werror", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "auth_credential_fuzzer.cpp" ] + + deps = [ + "${innerkits_path}/native_cpp:devicemanagersdk", + "${services_path}:devicemanagerservicetest", + "${servicesimpl_path}:devicemanagerserviceimpl", + "${utils_path}:devicemanagerutilstest", + ] + + external_deps = [ + "cJSON:cjson", + "device_auth:deviceauth_sdk", + "device_info_manager:distributed_device_profile_common", + "device_info_manager:distributed_device_profile_sdk", + "dsoftbus:softbus_client", + "ffrt:libffrt", + "hilog:libhilog", + "init:libbegetutil", + "ipc:ipc_single", + "safwk:system_ability_fwk", + ] + + defines = [ + "HI_LOG_ENABLE", + "DH_LOG_TAG=\"AuthCredentialFuzzTest\"", + "LOG_DOMAIN=0xD004110", + ] + + cflags_cc=[ "--coverage"] + ldflags = ["--coverage"] +} + +############################################################################### +group("fuzztest") { + testonly = true + + deps = [ ":AuthCredentialFuzzTest" ] +} +############################################################################### diff --git a/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp new file mode 100644 index 000000000..273bd1909 --- /dev/null +++ b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "auth_credential_fuzzer.h" + +#include +#include + +#include "device_manager_service_listener.h" +#include "dm_auth_state.h" +#include "dm_freeze_process.h" + +namespace OHOS { +namespace DistributedHardware { +constexpr uint32_t SERVICE = 2; + +void AuthCredentialFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + FreezeProcess freezeProcess; + FuzzedDataProvider fdp(data, size); + std::shared_ptr context = std::make_shared(); + context->transmitData = fdp.ConsumeRandomLengthString(); + context->requestId = fdp.ConsumeIntegral(); + context->accesser.userId = fdp.ConsumeIntegral(); + context->accesser.isGenerateLnnCredential = true; + context->isAppCredentialVerified = false; + context->accesser.bindLevel = SERVICE; + std::shared_ptr auth1 = std::make_shared(); + std::shared_ptr auth2 = std::make_shared(); + std::shared_ptr auth3 = std::make_shared(); + std::shared_ptr auth4 = std::make_shared(); + std::shared_ptr auth5 = std::make_shared(); + std::shared_ptr auth6 = std::make_shared(); + + auth1->Action(context); + auth2->Action(context); + context->isAppCredentialVerified = true; + auth2->Action(context); + context->accesser.isGenerateLnnCredential = false; + auth1->GetStateType(); + auth2->GetStateType(); + auth3->GetStateType(); + auth4->GetStateType(); + auth5->GetStateType(); + auth6->GetStateType(); +} +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::DistributedHardware::AuthCredentialFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.h b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.h new file mode 100644 index 000000000..6e30090a7 --- /dev/null +++ b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef AUTH_ACL_FUZZER_H +#define AUTH_ACL_FUZZER_H + +#define FUZZ_PROJECT_NAME "authacl_fuzzer" + +#endif // AUTH_ACL_FUZZER_H \ No newline at end of file diff --git a/test/commonfuzztest/authcredential_fuzzer/corpus/init b/test/commonfuzztest/authcredential_fuzzer/corpus/init new file mode 100644 index 000000000..8f37f0925 --- /dev/null +++ b/test/commonfuzztest/authcredential_fuzzer/corpus/init @@ -0,0 +1,13 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +FUZZ \ No newline at end of file diff --git a/test/commonfuzztest/authcredential_fuzzer/project.xml b/test/commonfuzztest/authcredential_fuzzer/project.xml new file mode 100644 index 000000000..500f6f414 --- /dev/null +++ b/test/commonfuzztest/authcredential_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + \ No newline at end of file diff --git a/test/commonfuzztest/authpinauth_fuzzer/BUILD.gn b/test/commonfuzztest/authpinauth_fuzzer/BUILD.gn new file mode 100644 index 000000000..9ab8575c5 --- /dev/null +++ b/test/commonfuzztest/authpinauth_fuzzer/BUILD.gn @@ -0,0 +1,80 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/distributedhardware/device_manager/device_manager.gni") + +##############################fuzztest########################################## +ohos_fuzztest("AuthPinAuthFuzzTest") { + module_out_path = fuzz_test_output_path + fuzz_config_file = + "${devicemanager_path}/test/commonfuzztest/authpinauth_fuzzer" + + include_dirs = [ + "${innerkits_path}/native_cpp/include", + "${servicesimpl_path}/include/ability", + "${servicesimpl_path}/include/adapter", + "${servicesimpl_path}/include/authentication_v2", + "${servicesimpl_path}/include/dependency/hichain", + "${servicesimpl_path}/include/dependency/softbus", + "${servicesimpl_path}/include/dependency/timer", + ] + + cflags = [ + "-g", + "-O0", + "-Dprivate=public", + "-Dprotected=public", + "-Werror", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "auth_pin_auth_fuzzer.cpp"] + + deps = [ + "${innerkits_path}/native_cpp:devicemanagersdk", + "${services_path}:devicemanagerservicetest", + "${servicesimpl_path}:devicemanagerserviceimpl", + "${utils_path}:devicemanagerutilstest", + ] + + external_deps = [ + "cJSON:cjson", + "device_auth:deviceauth_sdk", + "device_info_manager:distributed_device_profile_common", + "device_info_manager:distributed_device_profile_sdk", + "dsoftbus:softbus_client", + "ffrt:libffrt", + "hilog:libhilog", + "init:libbegetutil", + "ipc:ipc_single", + "safwk:system_ability_fwk", + ] + + defines = [ + "HI_LOG_ENABLE", + "DH_LOG_TAG=\"AuthPinAuthFuzzTest\"", + "LOG_DOMAIN=0xD004110", + ] +} + +############################################################################### +group("fuzztest") { + testonly = true + + deps = [ ":AuthPinAuthFuzzTest" ] +} +############################################################################### diff --git a/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp new file mode 100644 index 000000000..c04aa8541 --- /dev/null +++ b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2025-2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "auth_pin_auth_fuzzer.h" + +#include +#include + +#include "device_manager_service_listener.h" +#include "dm_auth_state.h" +#include "dm_auth_state_machine.h" +#include "dm_freeze_process.h" + +namespace OHOS { +namespace DistributedHardware { +constexpr uint32_t SERVICE = 2; + +void AuthPinAuthFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + FreezeProcess freezeProcess; + FuzzedDataProvider fdp(data, size); + std::shared_ptr context = std::make_shared(); + context->transmitData = fdp.ConsumeRandomLengthString(); + context->requestId = fdp.ConsumeIntegral(); + context->accesser.userId = fdp.ConsumeIntegral(); + + std::shared_ptr auth1 = std::make_shared(); + std::shared_ptr auth2 = std::make_shared(); + std::shared_ptr auth3 = std::make_shared(); + std::shared_ptr auth4 = std::make_shared(); + std::shared_ptr auth5 = std::make_shared(); + std::shared_ptr auth6 = std::make_shared(); + std::shared_ptr auth7 = std::make_shared(); + std::shared_ptr auth8 = std::make_shared(); + auth1->GetStateType(); + auth2->GetStateType(); + int32_t credType = fdp.ConsumeIntegral(); + auth3->GetCredIdByCredType(context, credType); + context->isAppCredentialVerified = true; + context->accesser.isGenerateLnnCredential = false; + auth4->ShowStartAuthDialog(context); + auth5->GetStateType(); + auth6->GetStateType(); + auth7->GetStateType(); + auth8->GetStateType(); +} +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::DistributedHardware::AuthPinAuthFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.h b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.h new file mode 100644 index 000000000..d9a1a29ba --- /dev/null +++ b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef AUTH_PIN_AUTH_FUZZER_H +#define AUTH_PIN_AUTH_FUZZER_H + +#define FUZZ_PROJECT_NAME "authpinauth_fuzzer" + +#endif // AUTH_PIN_AUTH_FUZZER_H \ No newline at end of file diff --git a/test/commonfuzztest/authpinauth_fuzzer/corpus/init b/test/commonfuzztest/authpinauth_fuzzer/corpus/init new file mode 100644 index 000000000..8f37f0925 --- /dev/null +++ b/test/commonfuzztest/authpinauth_fuzzer/corpus/init @@ -0,0 +1,13 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +FUZZ \ No newline at end of file diff --git a/test/commonfuzztest/authpinauth_fuzzer/project.xml b/test/commonfuzztest/authpinauth_fuzzer/project.xml new file mode 100644 index 000000000..500f6f414 --- /dev/null +++ b/test/commonfuzztest/authpinauth_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + \ No newline at end of file diff --git a/test/commonfuzztest/dmanonyous_fuzzer/BUILD.gn b/test/commonfuzztest/dmanonyous_fuzzer/BUILD.gn new file mode 100644 index 000000000..dfc1d5b80 --- /dev/null +++ b/test/commonfuzztest/dmanonyous_fuzzer/BUILD.gn @@ -0,0 +1,75 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/distributedhardware/device_manager/device_manager.gni") + +##############################fuzztest########################################## +ohos_fuzztest("DmAnonyousFuzzTest") { + module_out_path = fuzz_test_output_path + fuzz_config_file = "${devicemanager_path}/test/commonfuzztest/dmanonyous_fuzzer" + + include_dirs = [ + "${common_path}/include", + "${innerkits_path}/native_cpp/include", + "${services_path}/include/softbus", + ] + + cflags = [ + "-g", + "-O0", + "-Dprivate=public", + "-Dprotected=public", + "-Werror", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "dm_anonyous_fuzzer.cpp", + "${json_path}/src/json_object_cjson.cpp", ] + + deps = [ + "${innerkits_path}/native_cpp:devicemanagersdk", + "${services_path}:devicemanagerservicetest", + "${servicesimpl_path}:devicemanagerserviceimpl", + ] + + external_deps = [ + "cJSON:cjson", + "c_utils:utils", + "device_auth:deviceauth_sdk", + "device_info_manager:distributed_device_profile_common", + "device_info_manager:distributed_device_profile_sdk", + "dsoftbus:softbus_client", + "hilog:libhilog", + "ipc:ipc_single", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + ] + + defines = [ + "HI_LOG_ENABLE", + "DH_LOG_TAG=\"DmAnonyousFuzzTest\"", + "LOG_DOMAIN=0xD004110", + ] +} + +############################################################################### +group("fuzztest") { + testonly = true + + deps = [ ":DmAnonyousFuzzTest" ] +} +############################################################################### diff --git a/test/commonfuzztest/dmanonyous_fuzzer/corpus/init b/test/commonfuzztest/dmanonyous_fuzzer/corpus/init new file mode 100644 index 000000000..8f37f0925 --- /dev/null +++ b/test/commonfuzztest/dmanonyous_fuzzer/corpus/init @@ -0,0 +1,13 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +FUZZ \ No newline at end of file diff --git a/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp new file mode 100644 index 000000000..013a0c071 --- /dev/null +++ b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#include "device_manager_impl.h" +#include "dm_constants.h" +#include "softbus_listener.h" +#include "dm_anonymous.h" +namespace OHOS { +namespace DistributedHardware { + +void DmAnonyousFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + std::vector strList; + strList.push_back("test1"); + strList.push_back("test2"); + GetAnonyStringList(strList); + std::vector intList; + intList.push_back(1); + GetAnonyInt32List(intList); + JsonObject jsonObj; + jsonObj["key1"] = 123; + jsonObj["key2"] = "value2"; + jsonObj["key3"] = true; + IsUint32(jsonObj, "key1"); + IsUint64(jsonObj, "key1"); + IsBool(jsonObj, "key3"); + std::map paramMap; + paramMap["key1"] = "value1"; + paramMap["key2"] = "value2"; + std::map paramMap2 = {}; + std::string jsonStr = ConvertMapToJsonString(paramMap); + ParseMapFromJsonString(jsonStr, paramMap2); + StringToInt("123", 10); + StringToInt64("123", 10); + int32_t versionNum = 0; + GetVersionNumber("1.0.0", versionNum); + GetCallerPkgName("com.example.app#test"); + GetSubscribeId("123#12345"); + std::multimap unorderedmap; + unorderedmap.insert(std::make_pair("key1", 123)); + IsValueExist(unorderedmap, "key1", 123); + GetSubStr("test#123", "#", 0); + IsJsonValIntegerString(jsonObj, "key2"); +} +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::DistributedHardware::DmAnonyousFuzzTest(data, size); + + return 0; +} diff --git a/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.h b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.h new file mode 100644 index 000000000..45837bdba --- /dev/null +++ b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DM_ANONYOUS_Test_FUZZER_H +#define DM_ANONYOUS_Test_FUZZER_H + +#define FUZZ_PROJECT_NAME "dmanonyous_fuzzer" + +#endif // DM_ANONYOUS_Test_FUZZER_H \ No newline at end of file diff --git a/test/commonfuzztest/dmanonyous_fuzzer/project.xml b/test/commonfuzztest/dmanonyous_fuzzer/project.xml new file mode 100644 index 000000000..500f6f414 --- /dev/null +++ b/test/commonfuzztest/dmanonyous_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + \ No newline at end of file diff --git a/test/commonfuzztest/dmauthmanager_fuzzer/dm_auth_manager_fuzzer.cpp b/test/commonfuzztest/dmauthmanager_fuzzer/dm_auth_manager_fuzzer.cpp index 053f739b4..593378fa2 100644 --- a/test/commonfuzztest/dmauthmanager_fuzzer/dm_auth_manager_fuzzer.cpp +++ b/test/commonfuzztest/dmauthmanager_fuzzer/dm_auth_manager_fuzzer.cpp @@ -116,6 +116,5 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ OHOS::DistributedHardware::DmAuthManagerFuzzTest(data, size); - return 0; } \ No newline at end of file diff --git a/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn b/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn index fb2de39ca..7c6fff579 100644 --- a/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn +++ b/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn @@ -46,9 +46,9 @@ ohos_fuzztest("DmAuthManagerV2FuzzTest") { deps = [ "${innerkits_path}/native_cpp:devicemanagersdk", - "${services_path}:devicemanagerservice", + "${services_path}:devicemanagerservicetest", "${servicesimpl_path}:devicemanagerserviceimpl", - "${utils_path}:devicemanagerutils", + "${utils_path}:devicemanagerutilstest", ] external_deps = [ diff --git a/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp b/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp index 018ed3697..f955a2baa 100644 --- a/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp +++ b/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp @@ -13,11 +13,15 @@ * limitations under the License. */ -#include +#include "dm_auth_manager_fuzzer.h" + #include -#include "device_manager_service_listener.h" +#include + #include "auth_manager.h" -#include "dm_auth_manager_fuzzer.h" +#include "device_manager_service_listener.h" +#include "dm_auth_context.h" +#include "dm_auth_state_machine.h" namespace OHOS { namespace DistributedHardware { @@ -111,6 +115,56 @@ void DmAuthSinkManagerFuzzTest(const uint8_t* data, size_t size) authManager->OnDataReceived(g_sessionId, str); authManager->OnAuthDeviceDataReceived(g_sessionId, str); } + +void DmAuthManagerV2FuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + std::shared_ptr softbusConnector = std::make_shared(); + std::shared_ptr listener = std::make_shared(); + std::shared_ptr hiChainAuthConnector = std::make_shared(); + std::shared_ptr hiChainConnector = std::make_shared(); + FuzzedDataProvider fdp(data, size); + int32_t sessionId = fdp.ConsumeIntegral(); + int32_t sessionSide = fdp.ConsumeIntegral(); + int32_t result = fdp.ConsumeIntegral(); + int64_t requestId = fdp.ConsumeIntegral(); + int32_t errorCode = fdp.ConsumeIntegral(); + uint64_t logicalSessionId = fdp.ConsumeIntegral(); + int32_t authType = fdp.ConsumeIntegral(); + PeerTargetId targetId = { + .deviceId = fdp.ConsumeRandomLengthString(), + .brMac = fdp.ConsumeRandomLengthString(), + .bleMac = fdp.ConsumeRandomLengthString(), + .wifiIp = fdp.ConsumeRandomLengthString(), + .wifiPort = fdp.ConsumeIntegral(), + }; + std::map bindParam = { { "key1", fdp.ConsumeRandomLengthString() }, + { "key2", fdp.ConsumeRandomLengthString() }, { "key3", fdp.ConsumeRandomLengthString() } }; + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string deviceId = fdp.ConsumeRandomLengthString(); + std::string extra = fdp.ConsumeRandomLengthString(); + std::shared_ptr authSrcManager = + std::make_shared(softbusConnector, hiChainConnector, listener, hiChainAuthConnector); + std::shared_ptr authSinkManager = + std::make_shared(softbusConnector, hiChainConnector, listener, hiChainAuthConnector); + authSrcManager->BindTarget(pkgName, targetId, bindParam, sessionId, logicalSessionId); + authSrcManager->GetAuthParam(pkgName, authType, deviceId, extra); + authSinkManager->OnSessionOpened(sessionId, sessionSide, result); + authSrcManager->OnSessionDisable(); + authSrcManager->GetIsCryptoSupport(); + std::shared_ptr context = std::make_shared(); + authSinkManager->context_->authStateMachine->curState_ = DmAuthStateType::AUTH_SINK_PIN_AUTH_START_STATE; + authSinkManager->AuthDeviceError(requestId, errorCode); + authSinkManager->context_->authStateMachine->curState_ = DmAuthStateType::AUTH_SINK_FINISH_STATE; + authSinkManager->AuthDeviceError(requestId, errorCode); + authSinkManager->AuthDeviceFinish(requestId); + authSinkManager->GetBindTargetParams(pkgName, targetId, bindParam); + authSinkManager->SetBindTargetParams(targetId); + authSinkManager->ClearSoftbusSessionCallback(); + authSinkManager->PrepareSoftbusSessionCallback(); +} } } @@ -120,5 +174,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) /* Run your code on data */ OHOS::DistributedHardware::DmAuthSrcManagerFuzzTest(data, size); OHOS::DistributedHardware::DmAuthSinkManagerFuzzTest(data, size); + OHOS::DistributedHardware::DmAuthManagerV2FuzzTest(data, size); return 0; } \ No newline at end of file diff --git a/test/commonfuzztest/dmfreezeprocess_fuzzer/BUILD.gn b/test/commonfuzztest/dmfreezeprocess_fuzzer/BUILD.gn new file mode 100644 index 000000000..01ef24d27 --- /dev/null +++ b/test/commonfuzztest/dmfreezeprocess_fuzzer/BUILD.gn @@ -0,0 +1,80 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/distributedhardware/device_manager/device_manager.gni") + +##############################fuzztest########################################## +ohos_fuzztest("DmFreezeProcessFuzzTest") { + module_out_path = fuzz_test_output_path + fuzz_config_file = + "${devicemanager_path}/test/commonfuzztest/dmfreezeprocess_fuzzer" + + include_dirs = [ + "${innerkits_path}/native_cpp/include", + "${servicesimpl_path}/include/ability", + "${servicesimpl_path}/include/adapter", + "${servicesimpl_path}/include/authentication_v2", + "${servicesimpl_path}/include/dependency/hichain", + "${servicesimpl_path}/include/dependency/softbus", + "${servicesimpl_path}/include/dependency/timer", + ] + + cflags = [ + "-g", + "-O0", + "-Dprivate=public", + "-Dprotected=public", + "-Werror", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "dm_freeze_process_fuzzer.cpp" ] + + deps = [ + "${innerkits_path}/native_cpp:devicemanagersdk", + "${services_path}:devicemanagerservicetest", + "${servicesimpl_path}:devicemanagerserviceimpl", + "${utils_path}:devicemanagerutilstest", + ] + + external_deps = [ + "cJSON:cjson", + "device_auth:deviceauth_sdk", + "device_info_manager:distributed_device_profile_common", + "device_info_manager:distributed_device_profile_sdk", + "dsoftbus:softbus_client", + "ffrt:libffrt", + "hilog:libhilog", + "init:libbegetutil", + "ipc:ipc_single", + "safwk:system_ability_fwk", + ] + + defines = [ + "HI_LOG_ENABLE", + "DH_LOG_TAG=\"DmFreezeProcessFuzzTest\"", + "LOG_DOMAIN=0xD004110", + ] +} + +############################################################################### +group("fuzztest") { + testonly = true + + deps = [ ":DmFreezeProcessFuzzTest" ] +} +############################################################################### diff --git a/test/commonfuzztest/dmfreezeprocess_fuzzer/corpus/init b/test/commonfuzztest/dmfreezeprocess_fuzzer/corpus/init new file mode 100644 index 000000000..8f37f0925 --- /dev/null +++ b/test/commonfuzztest/dmfreezeprocess_fuzzer/corpus/init @@ -0,0 +1,13 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +FUZZ \ No newline at end of file diff --git a/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp b/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp new file mode 100644 index 000000000..08f2d5bc1 --- /dev/null +++ b/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp @@ -0,0 +1,88 @@ +/* + * Copyright (c) 2025-2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dm_freeze_process_fuzzer.h" + +#include +#include + +#include "device_manager_service_listener.h" +#include "dm_freeze_process.h" + +namespace OHOS { +namespace DistributedHardware { +namespace { +constexpr const char* BIND_FAILED_EVENTS_KEY = "bindFailedEvents"; +constexpr const char* FREEZE_STATE_KEY = "freezeState"; +constexpr const char* START_FREEZE_TIME_KEY = "startFreezeTimeStamp"; +constexpr const char* STOP_FREEZE_TIME_KEY = "stopFreezeTimeStamp"; +constexpr const char* FAILED_TIMES_STAMPS_KEY = "failedTimeStamps"; +constexpr const char* FREEZE_TIMES_STAMPS_KEY = "freezeTimeStamps"; +constexpr const char* CAST_BUNDLE_NAME = "cast_engine_service"; +constexpr int32_t MAX_CONTINUEOUS_BIND_FAILED_NUM = 2; +constexpr int64_t CONTINUEOUS_FAILED_INTERVAL = 6 * 60; +constexpr int64_t DATA_REFRESH_INTERVAL = 20 * 60; +constexpr int64_t NOT_FREEZE_TIME = 0; +constexpr int64_t FIRST_FREEZE_TIME = 60; +constexpr int64_t SECOND_FREEZE_TIME = 3 * 60; +constexpr int64_t THIRD_FREEZE_TIME = 5 * 60; +constexpr int64_t MAX_FREEZE_TIME = 10 * 60; +} // namespace + +void DmFreezeProcessFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) + { + return; + } + FuzzedDataProvider fdp(data, size); + int32_t sessionId = fdp.ConsumeIntegral(); + std::string result = fdp.ConsumeRandomLengthString(); + DeviceFreezeState freezeStateObj; + BindFailedEvents bindFailedEvents; + std::string bundleName = CAST_BUNDLE_NAME; + int32_t deviceType = DEVICE_TYPE_TV; + int64_t reservedDataTimeStamp = fdp.ConsumeIntegral(); + FreezeProcess::GetInstance().ConvertJsonToDeviceFreezeState(result, freezeStateObj); + FreezeProcess::GetInstance().ConvertJsonToBindFailedEvents(result, bindFailedEvents); + bundleName = fdp.ConsumeRandomLengthString(); + deviceType = fdp.ConsumeIntegral(); + FreezeProcess::GetInstance().CleanBindFailedEvents(reservedDataTimeStamp); + FreezeProcess::GetInstance().CleanFreezeState(reservedDataTimeStamp); + FreezeProcess::GetInstance().ConvertDeviceFreezeStateToJson(freezeStateObj, result); + int64_t nowTime = NOT_FREEZE_TIME; + + int64_t nextTime = fdp.ConsumeIntegral(); + FreezeProcess::GetInstance().CleanFreezeRecord(nowTime); + FreezeProcess::GetInstance().UpdateFreezeState(nowTime); + FreezeProcess::GetInstance().CalculateNextFreezeTime(nowTime, nextTime); + nowTime = FIRST_FREEZE_TIME; + FreezeProcess::GetInstance().CalculateNextFreezeTime(nowTime, nextTime); + nowTime = SECOND_FREEZE_TIME; + FreezeProcess::GetInstance().CalculateNextFreezeTime(nowTime, nextTime); + nowTime = MAX_FREEZE_TIME; + FreezeProcess::GetInstance().CalculateNextFreezeTime(nowTime, nextTime); + FreezeProcess::GetInstance().DeleteFreezeRecord(); +} +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::DistributedHardware::DmFreezeProcessFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.h b/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.h new file mode 100644 index 000000000..0628940ed --- /dev/null +++ b/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DM_FREE_PROCESS_FUZZER_H +#define DM_FREE_PROCESS_FUZZER_H + +#define FUZZ_PROJECT_NAME "dmfreezeprocess_fuzzer" + +#endif // DM_FREE_PROCESS_FUZZER_H \ No newline at end of file diff --git a/test/commonfuzztest/dmfreezeprocess_fuzzer/project.xml b/test/commonfuzztest/dmfreezeprocess_fuzzer/project.xml new file mode 100644 index 000000000..500f6f414 --- /dev/null +++ b/test/commonfuzztest/dmfreezeprocess_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + \ No newline at end of file diff --git a/test/commonunittest/UTTest_hichain_connector.cpp b/test/commonunittest/UTTest_hichain_connector.cpp old mode 100755 new mode 100644 diff --git a/test/interfacesfuzztest/BUILD.gn b/test/interfacesfuzztest/BUILD.gn old mode 100755 new mode 100644 diff --git a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/BUILD.gn b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/BUILD.gn old mode 100755 new mode 100644 index a706fd85f..a7e9c7038 --- a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/BUILD.gn +++ b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/BUILD.gn @@ -63,7 +63,7 @@ ohos_fuzztest("DeviceManagerImplFuzzTest") { deps = [ "${innerkits_path}/native_cpp:devicemanagersdk", - "${utils_path}:devicemanagerutils", + "${utils_path}:devicemanagerutilstest", ] defines = [ diff --git a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/corpus/init b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/corpus/init old mode 100755 new mode 100644 diff --git a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp old mode 100755 new mode 100644 index 69cebe8cf..098ef9b34 --- a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp +++ b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp @@ -235,6 +235,40 @@ std::string pkgName = fdp.ConsumeRandomLengthString(); DeviceManagerImpl::GetInstance().UnRegisterPinHolderCallback(pkgName); } + + void DeviceManagerImplFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string deviceName = fdp.ConsumeRandomLengthString(); + std::string deviceId = fdp.ConsumeRandomLengthString(); + std::string extra = fdp.ConsumeRandomLengthString(); + std::string bundleName = fdp.ConsumeRandomLengthString(); + int32_t pinExchangeType = fdp.ConsumeIntegral(); + // std::shared_ptr callback = std::make_shared(); + OHOS::DistributedHardware::DmDeviceIconInfoFilterOptions filterOptions; + DMLocalServiceInfo localServiceInfo; + DmAccessCaller caller; + DmAccessCallee callee; + DMIpcCmdInterfaceCode ipcCode = REGISTER_DEVICE_MANAGER_LISTENER; + DeviceManagerImpl::GetInstance().GetLocalDeviceName(pkgName, deviceName); + DeviceManagerImpl::GetInstance().UnBindDevice(pkgName, deviceId, extra); + DeviceManagerImpl::GetInstance().UnRegisterSinkBindCallback(pkgName); + // DeviceManagerImpl::GetInstance().GetDeviceIconInfo(pkgName, filterOptions, callback); + DeviceManagerImpl::GetInstance().RegisterLocalServiceInfo(localServiceInfo); + DeviceManagerImpl::GetInstance().UnRegisterLocalServiceInfo(bundleName, pinExchangeType); + DeviceManagerImpl::GetInstance().UpdateLocalServiceInfo(localServiceInfo); + DeviceManagerImpl::GetInstance().CheckAccessControl(caller, callee); + DeviceManagerImpl::GetInstance().CheckIsSameAccount(caller, callee); + DeviceManagerImpl::GetInstance().CheckSrcAccessControl(caller, callee); + DeviceManagerImpl::GetInstance().CheckSinkAccessControl(caller, callee); + DeviceManagerImpl::GetInstance().CheckSrcIsSameAccount(caller, callee); + DeviceManagerImpl::GetInstance().CheckSinkIsSameAccount(caller, callee); + DeviceManagerImpl::GetInstance().CheckAclByIpcCode(caller, callee, ipcCode); + } } } @@ -260,6 +294,7 @@ OHOS::DistributedHardware::RestoreLocalDeviceNameTest(data, size); OHOS::DistributedHardware::GetLocalServiceInfoByBundleNameAndPinExchangeTypeTest(data, size); OHOS::DistributedHardware::UnRegisterPinHolderCallbackTest(data, size); + OHOS::DistributedHardware::DeviceManagerImplFuzzTest(data, size); return 0; } \ No newline at end of file diff --git a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.h b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.h old mode 100755 new mode 100644 diff --git a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/project.xml b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/project.xml old mode 100755 new mode 100644 diff --git a/test/servicesfuzztest/BUILD.gn b/test/servicesfuzztest/BUILD.gn index 074d1cd33..e6a972d7f 100644 --- a/test/servicesfuzztest/BUILD.gn +++ b/test/servicesfuzztest/BUILD.gn @@ -28,6 +28,7 @@ group("fuzztest") { "devicenamemanagerone_fuzzer:fuzztest", "deviceprofileconnector_fuzzer:fuzztest", "devicepublish_fuzzer:fuzztest", + "dmauthattestcommon_fuzzer:fuzztest", "dmcommtool_fuzzer:fuzztest", "dmcommtooltwo_fuzzer:fuzztest", "dmtransport_fuzzer:fuzztest", diff --git a/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp b/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp index 73a030896..559cedfe4 100644 --- a/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp +++ b/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp @@ -151,7 +151,86 @@ void AuthMessageProcessorFuzzTest(const uint8_t* data, size_t size) dmAuthMessageProcessor_ -> SetLnnAccessControlList(context_, accesser, accessee); AuthMessageProcessorFuzzTestNext(jsonObject); } + +void AuthMessageProcessorFirstFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + FuzzedDataProvider fdp(data, size); + std::string message = fdp.ConsumeRandomLengthString(); + std::string inputStr = fdp.ConsumeRandomLengthString(); + std::string compressed = fdp.ConsumeRandomLengthString(); + std::string trustDeviceId = fdp.ConsumeRandomLengthString(); + std::string encSyncMsg = fdp.ConsumeRandomLengthString(); + std::string enSyncMsg = fdp.ConsumeRandomLengthString(); + std::string aclStr = fdp.ConsumeRandomLengthString(); + uint32_t keyLen = fdp.ConsumeIntegralInRange(0, 1024); + uint32_t oriLen = fdp.ConsumeIntegralInRange(0, 1024); + std::vector sessionKey = fdp.ConsumeBytes(keyLen); + int32_t userId = fdp.ConsumeIntegral(); + int32_t skId = fdp.ConsumeIntegral(); + DistributedDeviceProfile::AccessControlProfile acl; + DistributedDeviceProfile::Accesser accesser; + DistributedDeviceProfile::Accessee accessee; + acl.SetExtraData(fdp.ConsumeRandomLengthString()); + accesser.SetAccesserExtraData(fdp.ConsumeRandomLengthString()); + accessee.SetAccesseeExtraData(fdp.ConsumeRandomLengthString()); + DmAccess access; + JsonObject jsonObject; + GenerateJsonObject(jsonObject, fdp); + dmAuthMessageProcessor_->CheckLogicalSessionId(jsonObject, context_); + jsonObject[TAG_TRANSMIT_SK_ID] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_TRANSMIT_SK_TIMESTAMP] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_TRANSMIT_CREDENTIAL_ID] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_DMVERSION] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_LNN_SK_ID] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_LNN_SK_TIMESTAMP] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_LNN_CREDENTIAL_ID] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_ACCESS] = fdp.ConsumeRandomLengthString(); + // Run ParseDmAccessToSync + dmAuthMessageProcessor_->ParseSyncMessage(context_, access, jsonObject); + jsonObject[TAG_AUTH_TYPE_LIST] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_EXTRA_INFO] = fdp.ConsumeRandomLengthString(); + // Run stringToVectorAuthType + dmAuthMessageProcessor_->ParseMessageRespUserConfirm(jsonObject, context_); + } +void AuthMessageProcessorSecondFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + FuzzedDataProvider fdp(data, size); + JsonItemObject jsonItemObject; + DmAccessToSync sync_table = { .deviceName = fdp.ConsumeRandomLengthString(), + .deviceNameFull = fdp.ConsumeRandomLengthString(), + .deviceId = fdp.ConsumeRandomLengthString(), + .userId = fdp.ConsumeIntegral(), + .accountId = fdp.ConsumeRandomLengthString(), + .tokenId = fdp.ConsumeIntegral(), + .bundleName = fdp.ConsumeRandomLengthString(), + .pkgName = fdp.ConsumeRandomLengthString(), + .bindLevel = fdp.ConsumeIntegral(), + .sessionKeyId = fdp.ConsumeIntegral(), + .skTimeStamp = fdp.ConsumeIntegral() }; + FromJson(jsonItemObject, sync_table); + DmAccessControlTable control_table = { .accessControlId = fdp.ConsumeIntegral(), + .accesserId = fdp.ConsumeIntegral(), + .accesseeId = fdp.ConsumeIntegral(), + .deviceId = fdp.ConsumeRandomLengthString(), + .sessionKey = fdp.ConsumeRandomLengthString(), + .bindType = fdp.ConsumeIntegral(), + .authType = fdp.ConsumeIntegral(), + .deviceType = fdp.ConsumeIntegral(), + .deviceIdHash = fdp.ConsumeRandomLengthString(), + .status = fdp.ConsumeIntegral(), + .validPeriod = fdp.ConsumeIntegral(), + .lastAuthTime = fdp.ConsumeIntegral(), + .bindLevel = fdp.ConsumeIntegral() }; + FromJson(jsonItemObject, control_table); +} +} // namespace DistributedHardware } /* Fuzzer entry point */ @@ -159,6 +238,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ OHOS::DistributedHardware::AuthMessageProcessorFuzzTest(data, size); - + OHOS::DistributedHardware::AuthMessageProcessorFirstFuzzTest(data, size); + OHOS::DistributedHardware::AuthMessageProcessorSecondFuzzTest(data, size); return 0; } diff --git a/test/servicesfuzztest/devicenamemanager_fuzzer/BUILD.gn b/test/servicesfuzztest/devicenamemanager_fuzzer/BUILD.gn index e769025ec..a129f111d 100644 --- a/test/servicesfuzztest/devicenamemanager_fuzzer/BUILD.gn +++ b/test/servicesfuzztest/devicenamemanager_fuzzer/BUILD.gn @@ -63,7 +63,7 @@ ohos_fuzztest("DeviceNameManagerFuzzTest") { deps = [ "${devicemanager_path}/services/service:devicemanagerservice", - "${utils_path}:devicemanagerutils", + "${utils_path}:devicemanagerutilstest", ] defines = [ diff --git a/test/servicesfuzztest/dmauthattestcommon_fuzzer/BUILD.gn b/test/servicesfuzztest/dmauthattestcommon_fuzzer/BUILD.gn new file mode 100644 index 000000000..0b933d849 --- /dev/null +++ b/test/servicesfuzztest/dmauthattestcommon_fuzzer/BUILD.gn @@ -0,0 +1,80 @@ +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/distributedhardware/device_manager/device_manager.gni") + +##############################fuzztest########################################## +ohos_fuzztest("DmAuthAttestCommonFuzzTest") { + module_out_path = fuzz_test_output_path + fuzz_config_file = + "${devicemanager_path}/test/servicesfuzztest/dmauthattestcommon_fuzzer" + + include_dirs = [ + "${utils_path}/include", + "${common_path}/include", + "${common_path}/include/ipc", + "${common_path}/include/ipc/model", + "${utils_path}/include/ipc/standard", + "${servicesimpl_path}/include", + "${servicesimpl_path}/include/adapter", + "${servicesimpl_path}/include/ability", + "${servicesimpl_path}/include/config", + "${innerkits_path}/native_cpp/include", + "${servicesimpl_path}/include/attest", + "${utils_path}/include/kvadapter", + "${json_path}/include", + ] + + cflags = [ + "-g", + "-O0", + "-Dprivate=public", + "-Dprotected=public", + "-Werror", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "${servicesimpl_path}/src/adapter/standard/dm_adapter_manager.cpp", + "dm_auth_attest_common_fuzzer.cpp", + "${json_path}/src/json_object_cjson.cpp", + ] + + deps = [ + "${devicemanager_path}/services/implementation:devicemanagerserviceimpl", + ] + + defines = [ + "HI_LOG_ENABLE", + "DH_LOG_TAG=\"DmAuthAttestCommonFuzzTest\"", + "LOG_DOMAIN=0xD004110", + ] + + external_deps = [ + "cJSON:cjson", + "c_utils:utils", + "safwk:system_ability_fwk", + "hilog:libhilog", + ] +} + +############################################################################### +group("fuzztest") { + testonly = true + + deps = [ ":DmAuthAttestCommonFuzzTest" ] +} +############################################################################### diff --git a/test/servicesfuzztest/dmauthattestcommon_fuzzer/corpus/init b/test/servicesfuzztest/dmauthattestcommon_fuzzer/corpus/init new file mode 100644 index 000000000..9c560fe89 --- /dev/null +++ b/test/servicesfuzztest/dmauthattestcommon_fuzzer/corpus/init @@ -0,0 +1,13 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +FUZZ diff --git a/test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.cpp b/test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.cpp new file mode 100644 index 000000000..0f15314d0 --- /dev/null +++ b/test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.cpp @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dm_auth_attest_common_fuzzer.h" + +#include + +#include "dm_auth_attest_common.h" + +namespace OHOS { +namespace DistributedHardware { + +void DmAuthAttestCommonFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return; + } + FuzzedDataProvider fdp(data, size); + DmCertChain* chain = new DmCertChain; + chain->cert = new DmBlob[1]; + chain->certCount = 1; + chain->cert[0].size = 1; + chain->cert[0].data = new uint8_t[size]; + *chain->cert[0].data = fdp.ConsumeIntegral(); + std::string str_value = fdp.ConsumeRandomLengthString(); + JsonItemObject jsonItem; + jsonItem.PushBack(str_value); + + AuthAttestCommon::GetInstance().SerializeDmCertChain(nullptr); + AuthAttestCommon::GetInstance().SerializeDmCertChain(chain); + AuthAttestCommon::GetInstance().FreeDmCertChain(*chain); +} +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::DistributedHardware::DmAuthAttestCommonFuzzTest(data, size); + return 0; +} diff --git a/test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.h b/test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.h new file mode 100644 index 000000000..e4e5a1fff --- /dev/null +++ b/test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DM_AUTH_ATTEST_COMMON_FUZZ_TEST_H +#define DM_AUTH_ATTEST_COMMON_FUZZ_TEST_H + +#define FUZZ_PROJECT_NAME "dmauthattestcommon_fuzzer" + +#endif // DM_AUTH_ATTEST_COMMON_FUZZ_TEST_H diff --git a/test/servicesfuzztest/dmauthattestcommon_fuzzer/project.xml b/test/servicesfuzztest/dmauthattestcommon_fuzzer/project.xml new file mode 100644 index 000000000..500f6f414 --- /dev/null +++ b/test/servicesfuzztest/dmauthattestcommon_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + \ No newline at end of file diff --git a/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp b/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp index f8b0b9354..f8d04a6bd 100644 --- a/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp +++ b/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp @@ -62,6 +62,32 @@ void DmCommToolFuzzTest(const uint8_t* data, size_t size) dmCommToolPtr_->GetDMTransportPtr(); dmCommToolPtr_->GetEventHandler(); } + +void DmCommToolFirstFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + FuzzedDataProvider fdp(data, size); + DMCommTool::DMCommToolEventHandler dmCommToolEventHandler( + AppExecFwk::EventRunner::Create(FUZZ_PROJECT_NAME), dmCommToolPtr_); + + int32_t socketId = fdp.ConsumeIntegral(); + std::string rmtNetworkId = fdp.ConsumeRandomLengthString(); + int32_t code = fdp.ConsumeIntegral(); + std::string msg = fdp.ConsumeRandomLengthString(); + std::shared_ptr commMsg = std::make_shared(code, msg); + std::shared_ptr innrCommMsg = std::make_shared(rmtNetworkId, commMsg, socketId); + UserIdsMsg userIdsMsg; + userIdsMsg.foregroundUserIds.push_back(DATA_LEN); + dmCommToolEventHandler.ParseUserIdsMsg(innrCommMsg, userIdsMsg); + AppExecFwk::InnerEvent::Pointer event = AppExecFwk::InnerEvent::Get(commMsg->code, innrCommMsg); + dmCommToolEventHandler.ProcessEvent(event); + dmCommToolPtr_->ProcessResponseUserStopEvent(innrCommMsg); + std::string commonEventType; + EventCallback eventCallback; + dmCommToolPtr_->StartCommonEvent(commonEventType, eventCallback); +} } } @@ -70,5 +96,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ OHOS::DistributedHardware::DmCommToolFuzzTest(data, size); + OHOS::DistributedHardware::DmCommToolFirstFuzzTest(data, size); return 0; } diff --git a/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp b/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp index 663947393..54d374cd7 100644 --- a/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp +++ b/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp @@ -86,6 +86,34 @@ void DmTransPortMsgFuzzTest(const uint8_t* data, size_t size) notifyUserIds.ToString(); cJSON_Delete(jsonObject); } +void DmTransPortMsgFirstFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + FuzzedDataProvider fdp(data, size); + int32_t code = fdp.ConsumeIntegral(); + std::string msg(reinterpret_cast(data), size); + std::string remoteUdid(reinterpret_cast(data), size); + const char* jsonString = R"({ + "MsgType": "0", + "userId": "12345", + "accountId": "a******3", + "peerUdids": ["u******1", "u******2"], + "peerUdid": "p******d", + "accountName": "t******t", + "syncUserIdFlag": 1, + "userIds": [ + {"type": 1, "userId": 111}, + {"type": 0, "userId": 222} + ] + })"; + cJSON* jsonObject = nullptr; + LogoutAccountMsg accountInfo; + ToJson(jsonObject, accountInfo); + FromJson(jsonObject, accountInfo); + cJSON_Delete(jsonObject); +} } } @@ -94,5 +122,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { /* Run your code on data */ OHOS::DistributedHardware::DmTransPortMsgFuzzTest(data, size); + OHOS::DistributedHardware::DmTransPortMsgFirstFuzzTest(data, size); return 0; } -- Gitee From f0bebf07493a4168c3c5e481056b415be7302d3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=9F=A6=E5=9B=BD=E5=BA=86?= Date: Sat, 21 Jun 2025 21:15:09 +0800 Subject: [PATCH 2/8] add FUZZ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 韦国庆 --- .../auth_credential_fuzzer.cpp | 30 +- .../auth_pin_auth_fuzzer.cpp | 32 +- .../dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp | 12 +- .../dmanonyous_fuzzer/dm_anonyous_fuzzer.h | 6 +- .../dm_freeze_process_fuzzer.cpp | 3 +- .../device_manager_impl_fuzzer.cpp | 581 +++++++++--------- .../auth_message_processor_fuzzer.cpp | 2 +- .../dm_auth_attest_common_fuzzer.cpp | 14 +- 8 files changed, 351 insertions(+), 329 deletions(-) diff --git a/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp index 273bd1909..4f5e040fc 100644 --- a/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp +++ b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp @@ -40,24 +40,24 @@ void AuthCredentialFuzzTest(const uint8_t* data, size_t size) context->accesser.isGenerateLnnCredential = true; context->isAppCredentialVerified = false; context->accesser.bindLevel = SERVICE; - std::shared_ptr auth1 = std::make_shared(); - std::shared_ptr auth2 = std::make_shared(); - std::shared_ptr auth3 = std::make_shared(); - std::shared_ptr auth4 = std::make_shared(); - std::shared_ptr auth5 = std::make_shared(); - std::shared_ptr auth6 = std::make_shared(); + std::shared_ptr authFirst = std::make_shared(); + std::shared_ptr authSecond = std::make_shared(); + std::shared_ptr authThird = std::make_shared(); + std::shared_ptr authForth = std::make_shared(); + std::shared_ptr authFifth = std::make_shared(); + std::shared_ptr authSixth = std::make_shared(); - auth1->Action(context); - auth2->Action(context); + authFirst->Action(context); + authSecond->Action(context); context->isAppCredentialVerified = true; - auth2->Action(context); + authSecond->Action(context); context->accesser.isGenerateLnnCredential = false; - auth1->GetStateType(); - auth2->GetStateType(); - auth3->GetStateType(); - auth4->GetStateType(); - auth5->GetStateType(); - auth6->GetStateType(); + authFirst->GetStateType(); + authSecond->GetStateType(); + authThird->GetStateType(); + authForth->GetStateType(); + authFifth->GetStateType(); + authSixth->GetStateType(); } } } diff --git a/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp index c04aa8541..bed8e719e 100644 --- a/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp +++ b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp @@ -39,25 +39,25 @@ void AuthPinAuthFuzzTest(const uint8_t* data, size_t size) context->requestId = fdp.ConsumeIntegral(); context->accesser.userId = fdp.ConsumeIntegral(); - std::shared_ptr auth1 = std::make_shared(); - std::shared_ptr auth2 = std::make_shared(); - std::shared_ptr auth3 = std::make_shared(); - std::shared_ptr auth4 = std::make_shared(); - std::shared_ptr auth5 = std::make_shared(); - std::shared_ptr auth6 = std::make_shared(); - std::shared_ptr auth7 = std::make_shared(); - std::shared_ptr auth8 = std::make_shared(); - auth1->GetStateType(); - auth2->GetStateType(); + std::shared_ptr authFirst = std::make_shared(); + std::shared_ptr authSecond = std::make_shared(); + std::shared_ptr authThird = std::make_shared(); + std::shared_ptr authForth = std::make_shared(); + std::shared_ptr authFifth = std::make_shared(); + std::shared_ptr authSixth = std::make_shared(); + std::shared_ptr authSeventh = std::make_shared(); + std::shared_ptr authEighth = std::make_shared(); + authFirst->GetStateType(); + authSecond->GetStateType(); int32_t credType = fdp.ConsumeIntegral(); - auth3->GetCredIdByCredType(context, credType); + authThird->GetCredIdByCredType(context, credType); context->isAppCredentialVerified = true; context->accesser.isGenerateLnnCredential = false; - auth4->ShowStartAuthDialog(context); - auth5->GetStateType(); - auth6->GetStateType(); - auth7->GetStateType(); - auth8->GetStateType(); + authForth->ShowStartAuthDialog(context); + authFifth->GetStateType(); + authSixth->GetStateType(); + authSeventh->GetStateType(); + authEighth->GetStateType(); } } } diff --git a/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp index 013a0c071..dafa558a4 100644 --- a/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp +++ b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp @@ -30,6 +30,8 @@ void DmAnonyousFuzzTest(const uint8_t* data, size_t size) return; } std::vector strList; + int64_t testNumber = 123; + int64_t decimal = 10; strList.push_back("test1"); strList.push_back("test2"); GetAnonyStringList(strList); @@ -37,7 +39,7 @@ void DmAnonyousFuzzTest(const uint8_t* data, size_t size) intList.push_back(1); GetAnonyInt32List(intList); JsonObject jsonObj; - jsonObj["key1"] = 123; + jsonObj["key1"] = testNumber; jsonObj["key2"] = "value2"; jsonObj["key3"] = true; IsUint32(jsonObj, "key1"); @@ -49,15 +51,15 @@ void DmAnonyousFuzzTest(const uint8_t* data, size_t size) std::map paramMap2 = {}; std::string jsonStr = ConvertMapToJsonString(paramMap); ParseMapFromJsonString(jsonStr, paramMap2); - StringToInt("123", 10); - StringToInt64("123", 10); + StringToInt("123", decimal); + StringToInt64("123", decimal); int32_t versionNum = 0; GetVersionNumber("1.0.0", versionNum); GetCallerPkgName("com.example.app#test"); GetSubscribeId("123#12345"); std::multimap unorderedmap; - unorderedmap.insert(std::make_pair("key1", 123)); - IsValueExist(unorderedmap, "key1", 123); + unorderedmap.insert(std::make_pair("key1", testNumber)); + IsValueExist(unorderedmap, "key1", testNumber); GetSubStr("test#123", "#", 0); IsJsonValIntegerString(jsonObj, "key2"); } diff --git a/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.h b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.h index 45837bdba..8047cdb14 100644 --- a/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.h +++ b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.h @@ -13,9 +13,9 @@ * limitations under the License. */ -#ifndef DM_ANONYOUS_Test_FUZZER_H -#define DM_ANONYOUS_Test_FUZZER_H +#ifndef DM_ANONYOUS_TEST_FUZZER_H +#define DM_ANONYOUS_TEST_FUZZER_H #define FUZZ_PROJECT_NAME "dmanonyous_fuzzer" -#endif // DM_ANONYOUS_Test_FUZZER_H \ No newline at end of file +#endif // DM_ANONYOUS_TEST_FUZZER_H diff --git a/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp b/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp index 08f2d5bc1..b4c2c902e 100644 --- a/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp +++ b/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp @@ -43,8 +43,7 @@ constexpr int64_t MAX_FREEZE_TIME = 10 * 60; void DmFreezeProcessFuzzTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FuzzedDataProvider fdp(data, size); diff --git a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp index 098ef9b34..984ba1982 100644 --- a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp +++ b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp @@ -13,288 +13,305 @@ * limitations under the License. */ - #include - #include - #include - #include - #include - #include - #include +#include +#include +#include +#include +#include +#include +#include - #include "device_manager_impl.h" - - namespace OHOS { - namespace DistributedHardware { - - namespace { - - } - - void StopAuthenticateDeviceTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - DeviceManagerImpl::GetInstance().StopAuthenticateDevice(pkgName); - DeviceManagerImpl::GetInstance().OnDmServiceDied(); - } - - void UnBindDeviceTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - std::string deviceId = fdp.ConsumeRandomLengthString(); - DeviceManagerImpl::GetInstance().UnBindDevice(pkgName, deviceId); - } - - void ShiftLNNGearTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - DeviceManagerImpl::GetInstance().ShiftLNNGear(pkgName); - } - - void RegDevTrustChangeCallbackTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::shared_ptr callback = nullptr; - std::string pkgName = fdp.ConsumeRandomLengthString(); - DeviceManagerImpl::GetInstance().RegDevTrustChangeCallback(pkgName, callback); - } - - void GetNetworkIdByUdidTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - std::string udid = fdp.ConsumeRandomLengthString(); - std::string networkId = fdp.ConsumeRandomLengthString(); - DeviceManagerImpl::GetInstance().GetNetworkIdByUdid(pkgName, udid, networkId); - } - - void RegisterCredentialAuthStatusCallbackTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - std::shared_ptr callback = nullptr; - DeviceManagerImpl::GetInstance().RegisterCredentialAuthStatusCallback(pkgName, callback); - } - - void GetAllTrustedDeviceListTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - std::string extra = fdp.ConsumeRandomLengthString(); - std::vector deviceList; - DeviceManagerImpl::GetInstance().GetAllTrustedDeviceList(pkgName, extra, deviceList); - } - - void RegisterSinkBindCallbackTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - std::shared_ptr callback = nullptr; - DeviceManagerImpl::GetInstance().RegisterSinkBindCallback(pkgName, callback); - } - - void GetDeviceProfileInfoListTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - DmDeviceProfileInfoFilterOptions filterOptions; - std::shared_ptr callback = nullptr; - DeviceManagerImpl::GetInstance().GetDeviceProfileInfoList(pkgName, filterOptions, callback); - } - - void GetDeviceIconInfoTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - DmDeviceProfileInfoFilterOptions filterOptions; - std::shared_ptr callback = nullptr; - DeviceManagerImpl::GetInstance().GetDeviceProfileInfoList(pkgName, filterOptions, callback); - } - - void PutDeviceProfileInfoListTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - std::vector deviceProfileInfoList; - DeviceManagerImpl::GetInstance().PutDeviceProfileInfoList(pkgName, deviceProfileInfoList); - } - - void GetLocalDisplayDeviceNameTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size < sizeof(int32_t))) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - std::string displayName = fdp.ConsumeRandomLengthString(); - int32_t maxNameLength = fdp.ConsumeIntegral(); - DeviceManagerImpl::GetInstance().GetLocalDisplayDeviceName(pkgName, maxNameLength, displayName); - } - - void GetDeviceNetworkIdListTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string bundleName = fdp.ConsumeRandomLengthString(); - NetworkIdQueryFilter queryFilter; - std::vector networkIds; - DeviceManagerImpl::GetInstance().GetDeviceNetworkIdList(bundleName, queryFilter, networkIds); - } - - void SetLocalDeviceNameTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - std::string deviceName = fdp.ConsumeRandomLengthString(); - std::shared_ptr callback = nullptr; - DeviceManagerImpl::GetInstance().SetLocalDeviceName(pkgName, deviceName, callback); - } - - void SetRemoteDeviceNameTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - std::string deviceId = fdp.ConsumeRandomLengthString(); - std::string deviceName = fdp.ConsumeRandomLengthString(); - std::shared_ptr callback = nullptr; - DeviceManagerImpl::GetInstance().SetRemoteDeviceName(pkgName, deviceId, deviceName, callback); - } - - void RestoreLocalDeviceNameTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - DeviceManagerImpl::GetInstance().RestoreLocalDeviceName(pkgName); - } - - void GetLocalServiceInfoByBundleNameAndPinExchangeTypeTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size < sizeof(int32_t))) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string bundleName = fdp.ConsumeRandomLengthString(); - int32_t maxNameLength = fdp.ConsumeIntegral(); - DMLocalServiceInfo info; - DeviceManagerImpl::GetInstance(). - GetLocalServiceInfoByBundleNameAndPinExchangeType(bundleName, maxNameLength, info); - } - - void UnRegisterPinHolderCallbackTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - DeviceManagerImpl::GetInstance().UnRegisterPinHolderCallback(pkgName); - } +#include "device_manager_impl.h" - void DeviceManagerImplFuzzTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size < sizeof(int32_t))) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string pkgName = fdp.ConsumeRandomLengthString(); - std::string deviceName = fdp.ConsumeRandomLengthString(); - std::string deviceId = fdp.ConsumeRandomLengthString(); - std::string extra = fdp.ConsumeRandomLengthString(); - std::string bundleName = fdp.ConsumeRandomLengthString(); - int32_t pinExchangeType = fdp.ConsumeIntegral(); - // std::shared_ptr callback = std::make_shared(); - OHOS::DistributedHardware::DmDeviceIconInfoFilterOptions filterOptions; - DMLocalServiceInfo localServiceInfo; - DmAccessCaller caller; - DmAccessCallee callee; - DMIpcCmdInterfaceCode ipcCode = REGISTER_DEVICE_MANAGER_LISTENER; - DeviceManagerImpl::GetInstance().GetLocalDeviceName(pkgName, deviceName); - DeviceManagerImpl::GetInstance().UnBindDevice(pkgName, deviceId, extra); - DeviceManagerImpl::GetInstance().UnRegisterSinkBindCallback(pkgName); - // DeviceManagerImpl::GetInstance().GetDeviceIconInfo(pkgName, filterOptions, callback); - DeviceManagerImpl::GetInstance().RegisterLocalServiceInfo(localServiceInfo); - DeviceManagerImpl::GetInstance().UnRegisterLocalServiceInfo(bundleName, pinExchangeType); - DeviceManagerImpl::GetInstance().UpdateLocalServiceInfo(localServiceInfo); - DeviceManagerImpl::GetInstance().CheckAccessControl(caller, callee); - DeviceManagerImpl::GetInstance().CheckIsSameAccount(caller, callee); - DeviceManagerImpl::GetInstance().CheckSrcAccessControl(caller, callee); - DeviceManagerImpl::GetInstance().CheckSinkAccessControl(caller, callee); - DeviceManagerImpl::GetInstance().CheckSrcIsSameAccount(caller, callee); - DeviceManagerImpl::GetInstance().CheckSinkIsSameAccount(caller, callee); - DeviceManagerImpl::GetInstance().CheckAclByIpcCode(caller, callee, ipcCode); - } - } - } +namespace OHOS { +namespace DistributedHardware { - /* Fuzzer entry point */ - extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) - { - /* Run your code on data */ - OHOS::DistributedHardware::StopAuthenticateDeviceTest(data, size); - OHOS::DistributedHardware::UnBindDeviceTest(data, size); - OHOS::DistributedHardware::ShiftLNNGearTest(data, size); - OHOS::DistributedHardware::RegDevTrustChangeCallbackTest(data, size); - OHOS::DistributedHardware::GetNetworkIdByUdidTest(data, size); - OHOS::DistributedHardware::RegisterCredentialAuthStatusCallbackTest(data, size); - OHOS::DistributedHardware::GetAllTrustedDeviceListTest(data, size); - OHOS::DistributedHardware::RegisterSinkBindCallbackTest(data, size); - OHOS::DistributedHardware::GetDeviceProfileInfoListTest(data, size); - OHOS::DistributedHardware::GetDeviceIconInfoTest(data, size); - OHOS::DistributedHardware::PutDeviceProfileInfoListTest(data, size); - OHOS::DistributedHardware::GetLocalDisplayDeviceNameTest(data, size); - OHOS::DistributedHardware::GetDeviceNetworkIdListTest(data, size); - OHOS::DistributedHardware::SetLocalDeviceNameTest(data, size); - OHOS::DistributedHardware::SetRemoteDeviceNameTest(data, size); - OHOS::DistributedHardware::RestoreLocalDeviceNameTest(data, size); - OHOS::DistributedHardware::GetLocalServiceInfoByBundleNameAndPinExchangeTypeTest(data, size); - OHOS::DistributedHardware::UnRegisterPinHolderCallbackTest(data, size); - OHOS::DistributedHardware::DeviceManagerImplFuzzTest(data, size); - return 0; - } - \ No newline at end of file +namespace {} + +void StopAuthenticateDeviceTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + DeviceManagerImpl::GetInstance().StopAuthenticateDevice(pkgName); + DeviceManagerImpl::GetInstance().OnDmServiceDied(); +} + +void UnBindDeviceTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string deviceId = fdp.ConsumeRandomLengthString(); + DeviceManagerImpl::GetInstance().UnBindDevice(pkgName, deviceId); +} + +void ShiftLNNGearTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + DeviceManagerImpl::GetInstance().ShiftLNNGear(pkgName); +} + +void RegDevTrustChangeCallbackTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::shared_ptr callback = nullptr; + std::string pkgName = fdp.ConsumeRandomLengthString(); + DeviceManagerImpl::GetInstance().RegDevTrustChangeCallback(pkgName, callback); +} + +void GetNetworkIdByUdidTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string udid = fdp.ConsumeRandomLengthString(); + std::string networkId = fdp.ConsumeRandomLengthString(); + DeviceManagerImpl::GetInstance().GetNetworkIdByUdid(pkgName, udid, networkId); +} + +void RegisterCredentialAuthStatusCallbackTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::shared_ptr callback = nullptr; + DeviceManagerImpl::GetInstance().RegisterCredentialAuthStatusCallback(pkgName, callback); +} + +void GetAllTrustedDeviceListTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string extra = fdp.ConsumeRandomLengthString(); + std::vector deviceList; + DeviceManagerImpl::GetInstance().GetAllTrustedDeviceList(pkgName, extra, deviceList); +} + +void RegisterSinkBindCallbackTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::shared_ptr callback = nullptr; + DeviceManagerImpl::GetInstance().RegisterSinkBindCallback(pkgName, callback); +} + +void GetDeviceProfileInfoListTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + DmDeviceProfileInfoFilterOptions filterOptions; + std::shared_ptr callback = nullptr; + DeviceManagerImpl::GetInstance().GetDeviceProfileInfoList(pkgName, filterOptions, callback); +} + +void GetDeviceIconInfoTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + DmDeviceProfileInfoFilterOptions filterOptions; + std::shared_ptr callback = nullptr; + DeviceManagerImpl::GetInstance().GetDeviceProfileInfoList(pkgName, filterOptions, callback); +} + +void PutDeviceProfileInfoListTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::vector deviceProfileInfoList; + DeviceManagerImpl::GetInstance().PutDeviceProfileInfoList(pkgName, deviceProfileInfoList); +} + +void GetLocalDisplayDeviceNameTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string displayName = fdp.ConsumeRandomLengthString(); + int32_t maxNameLength = fdp.ConsumeIntegral(); + DeviceManagerImpl::GetInstance().GetLocalDisplayDeviceName(pkgName, maxNameLength, displayName); +} + +void GetDeviceNetworkIdListTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string bundleName = fdp.ConsumeRandomLengthString(); + NetworkIdQueryFilter queryFilter; + std::vector networkIds; + DeviceManagerImpl::GetInstance().GetDeviceNetworkIdList(bundleName, queryFilter, networkIds); +} + +void SetLocalDeviceNameTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string deviceName = fdp.ConsumeRandomLengthString(); + std::shared_ptr callback = nullptr; + DeviceManagerImpl::GetInstance().SetLocalDeviceName(pkgName, deviceName, callback); +} + +void SetRemoteDeviceNameTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string deviceId = fdp.ConsumeRandomLengthString(); + std::string deviceName = fdp.ConsumeRandomLengthString(); + std::shared_ptr callback = nullptr; + DeviceManagerImpl::GetInstance().SetRemoteDeviceName(pkgName, deviceId, deviceName, callback); +} + +void RestoreLocalDeviceNameTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + DeviceManagerImpl::GetInstance().RestoreLocalDeviceName(pkgName); +} + +void GetLocalServiceInfoByBundleNameAndPinExchangeTypeTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string bundleName = fdp.ConsumeRandomLengthString(); + int32_t maxNameLength = fdp.ConsumeIntegral(); + DMLocalServiceInfo info; + DeviceManagerImpl::GetInstance().GetLocalServiceInfoByBundleNameAndPinExchangeType(bundleName, maxNameLength, info); +} + +void UnRegisterPinHolderCallbackTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + DeviceManagerImpl::GetInstance().UnRegisterPinHolderCallback(pkgName); +} + +void DeviceManagerImplFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) + { + return; + } + if ((data == nullptr) || (size < sizeof(int32_t))) + { + return; + } + FuzzedDataProvider fdp(data, size); + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string deviceName = fdp.ConsumeRandomLengthString(); + std::string deviceId = fdp.ConsumeRandomLengthString(); + std::string extra = fdp.ConsumeRandomLengthString(); + std::string bundleName = fdp.ConsumeRandomLengthString(); + int32_t pinExchangeType = fdp.ConsumeIntegral(); + OHOS::DistributedHardware::DmDeviceIconInfoFilterOptions filterOptions; + DMLocalServiceInfo localServiceInfo; + DmAccessCaller caller; + DmAccessCallee callee; + DMIpcCmdInterfaceCode ipcCode = REGISTER_DEVICE_MANAGER_LISTENER; + DeviceManagerImpl::GetInstance().GetLocalDeviceName(pkgName, deviceName); + DeviceManagerImpl::GetInstance().UnBindDevice(pkgName, deviceId, extra); + DeviceManagerImpl::GetInstance().UnRegisterSinkBindCallback(pkgName); + DeviceManagerImpl::GetInstance().RegisterLocalServiceInfo(localServiceInfo); + DeviceManagerImpl::GetInstance().UnRegisterLocalServiceInfo(bundleName, pinExchangeType); + DeviceManagerImpl::GetInstance().UpdateLocalServiceInfo(localServiceInfo); + DeviceManagerImpl::GetInstance().CheckAccessControl(caller, callee); + DeviceManagerImpl::GetInstance().CheckIsSameAccount(caller, callee); + DeviceManagerImpl::GetInstance().CheckSrcAccessControl(caller, callee); + DeviceManagerImpl::GetInstance().CheckSinkAccessControl(caller, callee); + DeviceManagerImpl::GetInstance().CheckSrcIsSameAccount(caller, callee); + DeviceManagerImpl::GetInstance().CheckSinkIsSameAccount(caller, callee); + DeviceManagerImpl::GetInstance().CheckAclByIpcCode(caller, callee, ipcCode); +} +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + OHOS::DistributedHardware::StopAuthenticateDeviceTest(data, size); + OHOS::DistributedHardware::UnBindDeviceTest(data, size); + OHOS::DistributedHardware::ShiftLNNGearTest(data, size); + OHOS::DistributedHardware::RegDevTrustChangeCallbackTest(data, size); + OHOS::DistributedHardware::GetNetworkIdByUdidTest(data, size); + OHOS::DistributedHardware::RegisterCredentialAuthStatusCallbackTest(data, size); + OHOS::DistributedHardware::GetAllTrustedDeviceListTest(data, size); + OHOS::DistributedHardware::RegisterSinkBindCallbackTest(data, size); + OHOS::DistributedHardware::GetDeviceProfileInfoListTest(data, size); + OHOS::DistributedHardware::GetDeviceIconInfoTest(data, size); + OHOS::DistributedHardware::PutDeviceProfileInfoListTest(data, size); + OHOS::DistributedHardware::GetLocalDisplayDeviceNameTest(data, size); + OHOS::DistributedHardware::GetDeviceNetworkIdListTest(data, size); + OHOS::DistributedHardware::SetLocalDeviceNameTest(data, size); + OHOS::DistributedHardware::SetRemoteDeviceNameTest(data, size); + OHOS::DistributedHardware::RestoreLocalDeviceNameTest(data, size); + OHOS::DistributedHardware::GetLocalServiceInfoByBundleNameAndPinExchangeTypeTest(data, size); + OHOS::DistributedHardware::UnRegisterPinHolderCallbackTest(data, size); + OHOS::DistributedHardware::DeviceManagerImplFuzzTest(data, size); + return 0; +} diff --git a/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp b/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp index 559cedfe4..679739aed 100644 --- a/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp +++ b/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp @@ -194,8 +194,8 @@ void AuthMessageProcessorFirstFuzzTest(const uint8_t* data, size_t size) jsonObject[TAG_EXTRA_INFO] = fdp.ConsumeRandomLengthString(); // Run stringToVectorAuthType dmAuthMessageProcessor_->ParseMessageRespUserConfirm(jsonObject, context_); - } + void AuthMessageProcessorSecondFuzzTest(const uint8_t* data, size_t size) { if ((data == nullptr) || (size < sizeof(int32_t))) { diff --git a/test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.cpp b/test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.cpp index 0f15314d0..8cdc2812e 100644 --- a/test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.cpp +++ b/test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.cpp @@ -24,20 +24,24 @@ namespace DistributedHardware { void DmAuthAttestCommonFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size == 0)) { + if ((data == nullptr) || (size == 0)) + { return; } FuzzedDataProvider fdp(data, size); DmCertChain* chain = new DmCertChain; chain->cert = new DmBlob[1]; chain->certCount = 1; - chain->cert[0].size = 1; - chain->cert[0].data = new uint8_t[size]; - *chain->cert[0].data = fdp.ConsumeIntegral(); + int32_t maxLen = 65535; + chain->cert[0].size = size; + if (size > 0 && size <= maxLen) + { + chain->cert[0].data = new uint8_t[size]; + *chain->cert[0].data = fdp.ConsumeIntegral(); + } std::string str_value = fdp.ConsumeRandomLengthString(); JsonItemObject jsonItem; jsonItem.PushBack(str_value); - AuthAttestCommon::GetInstance().SerializeDmCertChain(nullptr); AuthAttestCommon::GetInstance().SerializeDmCertChain(chain); AuthAttestCommon::GetInstance().FreeDmCertChain(*chain); -- Gitee From e32c2338dacf30712714f797acda0c0b2d9da41d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=9F=A6=E5=9B=BD=E5=BA=86?= Date: Sat, 21 Jun 2025 21:37:03 +0800 Subject: [PATCH 3/8] add FUZZ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 韦国庆 --- test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp | 3 ++- .../authcredential_fuzzer/auth_credential_fuzzer.cpp | 3 ++- .../authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp | 3 ++- .../dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp | 3 ++- .../dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp | 9 ++++++--- .../dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp | 3 ++- .../device_manager_impl_fuzzer.cpp | 4 ---- .../auth_message_processor_fuzzer.cpp | 9 ++++++--- .../dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp | 8 +++++--- .../dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp | 6 ++++-- 10 files changed, 31 insertions(+), 20 deletions(-) diff --git a/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp b/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp index 327347467..048314bc0 100644 --- a/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp +++ b/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp @@ -26,7 +26,8 @@ namespace OHOS { namespace DistributedHardware { void AuthAclFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } FuzzedDataProvider fdp(data, size); diff --git a/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp index 4f5e040fc..3c4dced64 100644 --- a/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp +++ b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp @@ -28,7 +28,8 @@ constexpr uint32_t SERVICE = 2; void AuthCredentialFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } FreezeProcess freezeProcess; diff --git a/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp index bed8e719e..c238a8584 100644 --- a/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp +++ b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp @@ -29,7 +29,8 @@ constexpr uint32_t SERVICE = 2; void AuthPinAuthFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } FreezeProcess freezeProcess; diff --git a/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp index dafa558a4..01d4a5369 100644 --- a/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp +++ b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp @@ -26,7 +26,8 @@ namespace DistributedHardware { void DmAnonyousFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } std::vector strList; diff --git a/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp b/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp index f955a2baa..eed2f8f9c 100644 --- a/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp +++ b/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp @@ -53,7 +53,8 @@ PeerTargetId g_targetId = { // AuthSrcManager fuzz void DmAuthSrcManagerFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } std::shared_ptr softbusConnector = std::make_shared(); @@ -86,7 +87,8 @@ void DmAuthSrcManagerFuzzTest(const uint8_t* data, size_t size) // AuthSinkManager fuzz void DmAuthSinkManagerFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } std::shared_ptr softbusConnector = std::make_shared(); @@ -118,7 +120,8 @@ void DmAuthSinkManagerFuzzTest(const uint8_t* data, size_t size) void DmAuthManagerV2FuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } std::shared_ptr softbusConnector = std::make_shared(); diff --git a/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp b/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp index b4c2c902e..6d0eea46c 100644 --- a/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp +++ b/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp @@ -43,7 +43,8 @@ constexpr int64_t MAX_FREEZE_TIME = 10 * 60; void DmFreezeProcessFuzzTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } FuzzedDataProvider fdp(data, size); diff --git a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp index 984ba1982..92ada101c 100644 --- a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp +++ b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp @@ -253,10 +253,6 @@ void UnRegisterPinHolderCallbackTest(const uint8_t *data, size_t size) void DeviceManagerImplFuzzTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { - return; - } if ((data == nullptr) || (size < sizeof(int32_t))) { return; diff --git a/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp b/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp index 679739aed..e4347edc3 100644 --- a/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp +++ b/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp @@ -105,7 +105,8 @@ void AuthMessageProcessorFuzzTestNext(JsonObject &jsonObject) void AuthMessageProcessorFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } FuzzedDataProvider fdp(data, size); @@ -154,7 +155,8 @@ void AuthMessageProcessorFuzzTest(const uint8_t* data, size_t size) void AuthMessageProcessorFirstFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } FuzzedDataProvider fdp(data, size); @@ -198,7 +200,8 @@ void AuthMessageProcessorFirstFuzzTest(const uint8_t* data, size_t size) void AuthMessageProcessorSecondFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } FuzzedDataProvider fdp(data, size); diff --git a/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp b/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp index f8d04a6bd..4007ba45c 100644 --- a/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp +++ b/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp @@ -36,7 +36,8 @@ std::shared_ptr dmCommToolPtr_ = std::make_shared(); void DmCommToolFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } FuzzedDataProvider fdp(data, size); @@ -64,8 +65,9 @@ void DmCommToolFuzzTest(const uint8_t* data, size_t size) } void DmCommToolFirstFuzzTest(const uint8_t* data, size_t size) -{ - if ((data == nullptr) || (size < sizeof(int32_t))) { +{ + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } FuzzedDataProvider fdp(data, size); diff --git a/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp b/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp index 54d374cd7..683494f28 100644 --- a/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp +++ b/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp @@ -38,7 +38,8 @@ namespace { void DmTransPortMsgFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } FuzzedDataProvider fdp(data, size); @@ -88,7 +89,8 @@ void DmTransPortMsgFuzzTest(const uint8_t* data, size_t size) } void DmTransPortMsgFirstFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) { + if ((data == nullptr) || (size < sizeof(int32_t))) + { return; } FuzzedDataProvider fdp(data, size); -- Gitee From 62ba86352f1b3249ebcc123ce01fe63a5f0af796 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=9F=A6=E5=9B=BD=E5=BA=86?= Date: Sat, 21 Jun 2025 21:47:59 +0800 Subject: [PATCH 4/8] add FUZZ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 韦国庆 --- test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp | 3 +-- .../authcredential_fuzzer/auth_credential_fuzzer.cpp | 3 +-- .../authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp | 3 +-- .../dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp | 3 +-- .../dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp | 9 +++------ .../dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp | 3 +-- .../device_manager_impl_fuzzer.cpp | 9 +++------ .../auth_message_processor_fuzzer.cpp | 9 +++------ .../dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp | 6 ++---- .../dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp | 6 ++---- 10 files changed, 18 insertions(+), 36 deletions(-) diff --git a/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp b/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp index 048314bc0..327347467 100644 --- a/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp +++ b/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp @@ -26,8 +26,7 @@ namespace OHOS { namespace DistributedHardware { void AuthAclFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FuzzedDataProvider fdp(data, size); diff --git a/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp index 3c4dced64..4f5e040fc 100644 --- a/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp +++ b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp @@ -28,8 +28,7 @@ constexpr uint32_t SERVICE = 2; void AuthCredentialFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FreezeProcess freezeProcess; diff --git a/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp index c238a8584..bed8e719e 100644 --- a/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp +++ b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp @@ -29,8 +29,7 @@ constexpr uint32_t SERVICE = 2; void AuthPinAuthFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FreezeProcess freezeProcess; diff --git a/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp index 01d4a5369..dafa558a4 100644 --- a/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp +++ b/test/commonfuzztest/dmanonyous_fuzzer/dm_anonyous_fuzzer.cpp @@ -26,8 +26,7 @@ namespace DistributedHardware { void DmAnonyousFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } std::vector strList; diff --git a/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp b/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp index eed2f8f9c..f955a2baa 100644 --- a/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp +++ b/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp @@ -53,8 +53,7 @@ PeerTargetId g_targetId = { // AuthSrcManager fuzz void DmAuthSrcManagerFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } std::shared_ptr softbusConnector = std::make_shared(); @@ -87,8 +86,7 @@ void DmAuthSrcManagerFuzzTest(const uint8_t* data, size_t size) // AuthSinkManager fuzz void DmAuthSinkManagerFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } std::shared_ptr softbusConnector = std::make_shared(); @@ -120,8 +118,7 @@ void DmAuthSinkManagerFuzzTest(const uint8_t* data, size_t size) void DmAuthManagerV2FuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } std::shared_ptr softbusConnector = std::make_shared(); diff --git a/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp b/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp index 6d0eea46c..b4c2c902e 100644 --- a/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp +++ b/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp @@ -43,8 +43,7 @@ constexpr int64_t MAX_FREEZE_TIME = 10 * 60; void DmFreezeProcessFuzzTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FuzzedDataProvider fdp(data, size); diff --git a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp index 92ada101c..79c51092a 100644 --- a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp +++ b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp @@ -165,8 +165,7 @@ void PutDeviceProfileInfoListTest(const uint8_t *data, size_t size) void GetLocalDisplayDeviceNameTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FuzzedDataProvider fdp(data, size); @@ -229,8 +228,7 @@ void RestoreLocalDeviceNameTest(const uint8_t *data, size_t size) void GetLocalServiceInfoByBundleNameAndPinExchangeTypeTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FuzzedDataProvider fdp(data, size); @@ -253,8 +251,7 @@ void UnRegisterPinHolderCallbackTest(const uint8_t *data, size_t size) void DeviceManagerImplFuzzTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FuzzedDataProvider fdp(data, size); diff --git a/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp b/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp index e4347edc3..679739aed 100644 --- a/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp +++ b/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp @@ -105,8 +105,7 @@ void AuthMessageProcessorFuzzTestNext(JsonObject &jsonObject) void AuthMessageProcessorFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FuzzedDataProvider fdp(data, size); @@ -155,8 +154,7 @@ void AuthMessageProcessorFuzzTest(const uint8_t* data, size_t size) void AuthMessageProcessorFirstFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FuzzedDataProvider fdp(data, size); @@ -200,8 +198,7 @@ void AuthMessageProcessorFirstFuzzTest(const uint8_t* data, size_t size) void AuthMessageProcessorSecondFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FuzzedDataProvider fdp(data, size); diff --git a/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp b/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp index 4007ba45c..011d68722 100644 --- a/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp +++ b/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp @@ -36,8 +36,7 @@ std::shared_ptr dmCommToolPtr_ = std::make_shared(); void DmCommToolFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FuzzedDataProvider fdp(data, size); @@ -66,8 +65,7 @@ void DmCommToolFuzzTest(const uint8_t* data, size_t size) void DmCommToolFirstFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FuzzedDataProvider fdp(data, size); diff --git a/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp b/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp index 683494f28..54d374cd7 100644 --- a/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp +++ b/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp @@ -38,8 +38,7 @@ namespace { void DmTransPortMsgFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FuzzedDataProvider fdp(data, size); @@ -89,8 +88,7 @@ void DmTransPortMsgFuzzTest(const uint8_t* data, size_t size) } void DmTransPortMsgFirstFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size < sizeof(int32_t))) - { + if ((data == nullptr) || (size < sizeof(int32_t))) { return; } FuzzedDataProvider fdp(data, size); -- Gitee From b6f2ed85977d735e7778a65580f7d28b99feeb00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=9F=A6=E5=9B=BD=E5=BA=86?= Date: Sat, 21 Jun 2025 22:01:39 +0800 Subject: [PATCH 5/8] add FUZZ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 韦国庆 --- .../device_manager_impl_fuzzer.cpp | 48 +++++++------------ .../dm_auth_attest_common_fuzzer.cpp | 6 +-- 2 files changed, 18 insertions(+), 36 deletions(-) diff --git a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp index 79c51092a..a42e45145 100644 --- a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp +++ b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp @@ -30,8 +30,7 @@ namespace {} void StopAuthenticateDeviceTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -42,8 +41,7 @@ void StopAuthenticateDeviceTest(const uint8_t *data, size_t size) void UnBindDeviceTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -54,8 +52,7 @@ void UnBindDeviceTest(const uint8_t *data, size_t size) void ShiftLNNGearTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -65,8 +62,7 @@ void ShiftLNNGearTest(const uint8_t *data, size_t size) void RegDevTrustChangeCallbackTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -77,8 +73,7 @@ void RegDevTrustChangeCallbackTest(const uint8_t *data, size_t size) void GetNetworkIdByUdidTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -90,8 +85,7 @@ void GetNetworkIdByUdidTest(const uint8_t *data, size_t size) void RegisterCredentialAuthStatusCallbackTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -102,8 +96,7 @@ void RegisterCredentialAuthStatusCallbackTest(const uint8_t *data, size_t size) void GetAllTrustedDeviceListTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -115,8 +108,7 @@ void GetAllTrustedDeviceListTest(const uint8_t *data, size_t size) void RegisterSinkBindCallbackTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -127,8 +119,7 @@ void RegisterSinkBindCallbackTest(const uint8_t *data, size_t size) void GetDeviceProfileInfoListTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -140,8 +131,7 @@ void GetDeviceProfileInfoListTest(const uint8_t *data, size_t size) void GetDeviceIconInfoTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -153,8 +143,7 @@ void GetDeviceIconInfoTest(const uint8_t *data, size_t size) void PutDeviceProfileInfoListTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -177,8 +166,7 @@ void GetLocalDisplayDeviceNameTest(const uint8_t *data, size_t size) void GetDeviceNetworkIdListTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -190,8 +178,7 @@ void GetDeviceNetworkIdListTest(const uint8_t *data, size_t size) void SetLocalDeviceNameTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -203,8 +190,7 @@ void SetLocalDeviceNameTest(const uint8_t *data, size_t size) void SetRemoteDeviceNameTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -217,8 +203,7 @@ void SetRemoteDeviceNameTest(const uint8_t *data, size_t size) void RestoreLocalDeviceNameTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -240,8 +225,7 @@ void GetLocalServiceInfoByBundleNameAndPinExchangeTypeTest(const uint8_t *data, void UnRegisterPinHolderCallbackTest(const uint8_t *data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); diff --git a/test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.cpp b/test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.cpp index 8cdc2812e..799eed03b 100644 --- a/test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.cpp +++ b/test/servicesfuzztest/dmauthattestcommon_fuzzer/dm_auth_attest_common_fuzzer.cpp @@ -24,8 +24,7 @@ namespace DistributedHardware { void DmAuthAttestCommonFuzzTest(const uint8_t* data, size_t size) { - if ((data == nullptr) || (size == 0)) - { + if ((data == nullptr) || (size == 0)) { return; } FuzzedDataProvider fdp(data, size); @@ -34,8 +33,7 @@ void DmAuthAttestCommonFuzzTest(const uint8_t* data, size_t size) chain->certCount = 1; int32_t maxLen = 65535; chain->cert[0].size = size; - if (size > 0 && size <= maxLen) - { + if (size > 0 && size <= maxLen) { chain->cert[0].data = new uint8_t[size]; *chain->cert[0].data = fdp.ConsumeIntegral(); } -- Gitee From 2567580f3b9781bef0a9a1676fb29d5e12f2fb2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=9F=A6=E5=9B=BD=E5=BA=86?= Date: Sat, 21 Jun 2025 22:09:08 +0800 Subject: [PATCH 6/8] add FUZZ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 韦国庆 --- test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp b/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp index 011d68722..f8d04a6bd 100644 --- a/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp +++ b/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp @@ -64,7 +64,7 @@ void DmCommToolFuzzTest(const uint8_t* data, size_t size) } void DmCommToolFirstFuzzTest(const uint8_t* data, size_t size) -{ +{ if ((data == nullptr) || (size < sizeof(int32_t))) { return; } -- Gitee From 3eba765483897e6df41a5f6a1c11ec61970477c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E9=9B=B7?= Date: Sun, 22 Jun 2025 19:17:42 +0800 Subject: [PATCH 7/8] add FUZZ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 张雷 --- test/commonfuzztest/BUILD.gn | 2 - .../dmauthmanager_fuzzer/BUILD.gn | 79 -------- .../dmauthmanager_fuzzer/corpus/init | 13 -- .../dm_auth_manager_fuzzer.cpp | 120 ------------ .../dm_auth_manager_fuzzer.h | 21 -- .../dmauthmanager_fuzzer/project.xml | 25 --- .../dmauthmanagerv2_fuzzer/BUILD.gn | 80 -------- .../dmauthmanagerv2_fuzzer/corpus/init | 13 -- .../dm_auth_manager_fuzzer.cpp | 179 ------------------ .../dm_auth_manager_fuzzer.h | 21 -- .../dmauthmanagerv2_fuzzer/project.xml | 25 --- 11 files changed, 578 deletions(-) delete mode 100644 test/commonfuzztest/dmauthmanager_fuzzer/BUILD.gn delete mode 100644 test/commonfuzztest/dmauthmanager_fuzzer/corpus/init delete mode 100644 test/commonfuzztest/dmauthmanager_fuzzer/dm_auth_manager_fuzzer.cpp delete mode 100644 test/commonfuzztest/dmauthmanager_fuzzer/dm_auth_manager_fuzzer.h delete mode 100644 test/commonfuzztest/dmauthmanager_fuzzer/project.xml delete mode 100644 test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn delete mode 100644 test/commonfuzztest/dmauthmanagerv2_fuzzer/corpus/init delete mode 100644 test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp delete mode 100644 test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.h delete mode 100644 test/commonfuzztest/dmauthmanagerv2_fuzzer/project.xml diff --git a/test/commonfuzztest/BUILD.gn b/test/commonfuzztest/BUILD.gn index 393935132..22280d471 100644 --- a/test/commonfuzztest/BUILD.gn +++ b/test/commonfuzztest/BUILD.gn @@ -22,8 +22,6 @@ group("fuzztest") { "authenticatedeviceserviceimpl_fuzzer:fuzztest", "authpinauth_fuzzer:fuzztest", "dmanonyous_fuzzer:fuzztest", - "dmauthmanager_fuzzer:fuzztest", - "dmauthmanagerv2_fuzzer:fuzztest", "dmcommoneventmanager_fuzzer:fuzztest", "dmcredentialimpl_fuzzer:fuzztest", "dmfreezeprocess_fuzzer:fuzztest", diff --git a/test/commonfuzztest/dmauthmanager_fuzzer/BUILD.gn b/test/commonfuzztest/dmauthmanager_fuzzer/BUILD.gn deleted file mode 100644 index 1d394b8ad..000000000 --- a/test/commonfuzztest/dmauthmanager_fuzzer/BUILD.gn +++ /dev/null @@ -1,79 +0,0 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#####################hydra-fuzz################### -import("//build/config/features.gni") -import("//build/test.gni") -import("//foundation/distributedhardware/device_manager/device_manager.gni") - -##############################fuzztest########################################## -ohos_fuzztest("DmAuthManagerFuzzTest") { - module_out_path = fuzz_test_output_path - fuzz_config_file = - "${devicemanager_path}/test/commonfuzztest/dmauthmanager_fuzzer" - - include_dirs = [ - "${innerkits_path}/native_cpp/include", - "${servicesimpl_path}/include/ability", - "${servicesimpl_path}/include/adapter", - "${servicesimpl_path}/include/authentication", - "${servicesimpl_path}/include/dependency/hichain", - "${servicesimpl_path}/include/dependency/softbus", - "${servicesimpl_path}/include/dependency/timer", - ] - - cflags = [ - "-g", - "-O0", - "-Dprivate=public", - "-Dprotected=public", - "-Werror", - "-Wno-unused-variable", - "-fno-omit-frame-pointer", - ] - - sources = [ "dm_auth_manager_fuzzer.cpp" ] - - deps = [ - "${innerkits_path}/native_cpp:devicemanagersdk", - "${services_path}:devicemanagerservicetest", - "${servicesimpl_path}:devicemanagerserviceimpl", - "${utils_path}:devicemanagerutilstest", - ] - - external_deps = [ - "device_auth:deviceauth_sdk", - "device_info_manager:distributed_device_profile_common", - "device_info_manager:distributed_device_profile_sdk", - "dsoftbus:softbus_client", - "ffrt:libffrt", - "hilog:libhilog", - "init:libbegetutil", - "ipc:ipc_single", - "safwk:system_ability_fwk", - ] - - defines = [ - "HI_LOG_ENABLE", - "DH_LOG_TAG=\"DmAuthManagerFuzzTest\"", - "LOG_DOMAIN=0xD004110", - ] -} - -############################################################################### -group("fuzztest") { - testonly = true - - deps = [ ":DmAuthManagerFuzzTest" ] -} -############################################################################### diff --git a/test/commonfuzztest/dmauthmanager_fuzzer/corpus/init b/test/commonfuzztest/dmauthmanager_fuzzer/corpus/init deleted file mode 100644 index d9719cafa..000000000 --- a/test/commonfuzztest/dmauthmanager_fuzzer/corpus/init +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -FUZZ \ No newline at end of file diff --git a/test/commonfuzztest/dmauthmanager_fuzzer/dm_auth_manager_fuzzer.cpp b/test/commonfuzztest/dmauthmanager_fuzzer/dm_auth_manager_fuzzer.cpp deleted file mode 100644 index 593378fa2..000000000 --- a/test/commonfuzztest/dmauthmanager_fuzzer/dm_auth_manager_fuzzer.cpp +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright (c) 2023-2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include "device_manager_service_listener.h" -#include "auth_message_processor.h" -#include "dm_auth_manager.h" -#include "dm_auth_manager_fuzzer.h" -#include "dm_timer.h" -#include "hichain_connector.h" - -namespace OHOS { -namespace DistributedHardware { - -std::shared_ptr g_softbusConnector = std::make_shared(); -std::shared_ptr g_listener = std::make_shared(); -std::shared_ptr g_hiChainConnector = std::make_shared(); -std::shared_ptr g_hiChainAuthConnector = std::make_shared(); -std::shared_ptr g_authRequestState = std::make_shared(); -std::shared_ptr g_authResponseState = std::make_shared(); -std::shared_ptr g_authManager = - std::make_shared(g_softbusConnector, g_hiChainConnector, g_listener, g_hiChainAuthConnector); - -int32_t g_sessionId = 1; -int32_t g_sessionSide = 0; -int32_t g_result = 1; -int32_t g_authType = 1; -int32_t g_status = 1; -std::string g_pinCode = "111111"; -int32_t g_action = 1; -int32_t g_userId = 1; -int32_t g_pageId = 1; -int32_t g_reason = 1; -int32_t g_state = 1; -int64_t g_requestId = 1; -int64_t g_localSessionId = 1; - -std::map g_bindParam; - -PeerTargetId g_targetId = { - .deviceId = "deviceId", - .brMac = "brMac", - .bleMac = "bleMac", - .wifiIp = "wifiIp", -}; - -void DmAuthManagerFuzzTest(const uint8_t* data, size_t size) -{ - if ((data == nullptr) || (size < sizeof(int32_t))) { - return; - } - FuzzedDataProvider fdp(data, size); - std::string str(reinterpret_cast(data), size); - int32_t bindLevel = fdp.ConsumeIntegral(); - g_authManager->authMessageProcessor_ = std::make_shared(g_authManager); - g_authManager->authMessageProcessor_->authResponseContext_ = std::make_shared(); - g_authManager->authRequestContext_ = std::make_shared(); - g_authManager->authRequestState_ = std::make_shared(); - g_authManager->authResponseContext_ = std::make_shared(); - g_authManager->authResponseState_ = std::make_shared(); - g_authManager->hiChainAuthConnector_ = std::make_shared(); - g_authManager->softbusConnector_ = std::make_shared(); - g_authManager->softbusConnector_->GetSoftbusSession()-> - RegisterSessionCallback(std::shared_ptr(g_authManager)); - g_authManager->timer_ = std::make_shared(); - - g_authManager->InitAuthState(str, g_authType, str, str); - g_authManager->OnSessionOpened(g_sessionId, g_sessionSide, g_result); - g_authManager->AuthenticateDevice(str, g_authType, str, str); - g_authManager->ImportAuthCode(str, str); - g_authManager->BindTarget(str, g_targetId, g_bindParam, g_sessionId, g_localSessionId); - g_authManager->ShowConfigDialog(); - g_authManager->ShowAuthInfoDialog(); - g_authManager->ShowStartAuthDialog(); - g_authManager->OnDataReceived(g_sessionId, str); - g_authManager->OnGroupCreated(g_requestId, str); - g_authManager->OnMemberJoin(g_requestId, g_status); - g_authManager->StartNegotiate(g_sessionId); - g_authManager->RespNegotiate(g_sessionId); - g_authManager->SendAuthRequest(g_sessionId); - g_authManager->SetAuthRequestState(g_authRequestState); - g_authManager->SetAuthResponseState(g_authResponseState); - g_authManager->StartAuthProcess(g_action); - g_authManager->StartRespAuthProcess(); - g_authManager->CreateGroup(); - g_authManager->ProcessPincode(g_pinCode); - g_authManager->SetPageId(g_pageId); - g_authManager->SetReasonAndFinish(g_reason, g_state); - g_authManager->IsIdenticalAccount(); - g_authManager->OnSessionClosed(g_sessionId); - g_authManager->OnUserOperation(g_action, str); - g_authManager->GetConnectAddr(str); - g_authManager->HandleAuthenticateTimeout(str); - g_authManager->RegisterUiStateCallback(str); - g_authManager->UnRegisterUiStateCallback(str); - g_authManager->UnAuthenticateDevice(str, str, bindLevel); -} -} -} - -/* Fuzzer entry point */ -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) -{ - /* Run your code on data */ - OHOS::DistributedHardware::DmAuthManagerFuzzTest(data, size); - return 0; -} \ No newline at end of file diff --git a/test/commonfuzztest/dmauthmanager_fuzzer/dm_auth_manager_fuzzer.h b/test/commonfuzztest/dmauthmanager_fuzzer/dm_auth_manager_fuzzer.h deleted file mode 100644 index 96688394c..000000000 --- a/test/commonfuzztest/dmauthmanager_fuzzer/dm_auth_manager_fuzzer.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (c) 2023 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef DM_AUTH_MANAGER_FUZZER_H -#define DM_AUTH_MANAGER_FUZZER_H - -#define FUZZ_PROJECT_NAME "dmauthmanager_fuzzer" - -#endif // DM_AUTH_MANAGER_FUZZER_H \ No newline at end of file diff --git a/test/commonfuzztest/dmauthmanager_fuzzer/project.xml b/test/commonfuzztest/dmauthmanager_fuzzer/project.xml deleted file mode 100644 index bac4974e9..000000000 --- a/test/commonfuzztest/dmauthmanager_fuzzer/project.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - 1000 - - 300 - - 4096 - - \ No newline at end of file diff --git a/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn b/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn deleted file mode 100644 index 7c6fff579..000000000 --- a/test/commonfuzztest/dmauthmanagerv2_fuzzer/BUILD.gn +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright (c) 2023-2024 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#####################hydra-fuzz################### -import("//build/config/features.gni") -import("//build/test.gni") -import("//foundation/distributedhardware/device_manager/device_manager.gni") - -##############################fuzztest########################################## -ohos_fuzztest("DmAuthManagerV2FuzzTest") { - module_out_path = fuzz_test_output_path - fuzz_config_file = - "${devicemanager_path}/test/commonfuzztest/dmauthmanagerv2_fuzzer" - - include_dirs = [ - "${innerkits_path}/native_cpp/include", - "${servicesimpl_path}/include/ability", - "${servicesimpl_path}/include/adapter", - "${servicesimpl_path}/include/authentication_v2", - "${servicesimpl_path}/include/dependency/hichain", - "${servicesimpl_path}/include/dependency/softbus", - "${servicesimpl_path}/include/dependency/timer", - ] - - cflags = [ - "-g", - "-O0", - "-Dprivate=public", - "-Dprotected=public", - "-Werror", - "-Wno-unused-variable", - "-fno-omit-frame-pointer", - ] - - sources = [ "dm_auth_manager_fuzzer.cpp" ] - - deps = [ - "${innerkits_path}/native_cpp:devicemanagersdk", - "${services_path}:devicemanagerservicetest", - "${servicesimpl_path}:devicemanagerserviceimpl", - "${utils_path}:devicemanagerutilstest", - ] - - external_deps = [ - "cJSON:cjson", - "device_auth:deviceauth_sdk", - "device_info_manager:distributed_device_profile_common", - "device_info_manager:distributed_device_profile_sdk", - "dsoftbus:softbus_client", - "ffrt:libffrt", - "hilog:libhilog", - "init:libbegetutil", - "ipc:ipc_single", - "safwk:system_ability_fwk", - ] - - defines = [ - "HI_LOG_ENABLE", - "DH_LOG_TAG=\"DmAuthManagerV2FuzzTest\"", - "LOG_DOMAIN=0xD004110", - ] -} - -############################################################################### -group("fuzztest") { - testonly = true - - deps = [ ":DmAuthManagerV2FuzzTest" ] -} -############################################################################### diff --git a/test/commonfuzztest/dmauthmanagerv2_fuzzer/corpus/init b/test/commonfuzztest/dmauthmanagerv2_fuzzer/corpus/init deleted file mode 100644 index d9719cafa..000000000 --- a/test/commonfuzztest/dmauthmanagerv2_fuzzer/corpus/init +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -FUZZ \ No newline at end of file diff --git a/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp b/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp deleted file mode 100644 index f955a2baa..000000000 --- a/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp +++ /dev/null @@ -1,179 +0,0 @@ -/* - * Copyright (c) 2025-2025 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "dm_auth_manager_fuzzer.h" - -#include -#include - -#include "auth_manager.h" -#include "device_manager_service_listener.h" -#include "dm_auth_context.h" -#include "dm_auth_state_machine.h" - -namespace OHOS { -namespace DistributedHardware { - -int32_t g_sessionId = 1; -int32_t g_sessionSide = 0; -int32_t g_result = 1; -int32_t g_authType = 1; -int32_t g_status = 1; -int32_t g_pinCode = 1; -int32_t g_action = 1; -int32_t g_userId = 1; -int32_t g_pageId = 1; -int32_t g_reason = 1; -int32_t g_state = 1; -int64_t g_requestId = 1; -int64_t g_operationCode = 1; -int64_t g_localSessionId = 1; - -std::map g_bindParam; - -PeerTargetId g_targetId = { - .deviceId = "deviceId", - .brMac = "brMac", - .bleMac = "bleMac", - .wifiIp = "wifiIp", -}; - -// AuthSrcManager fuzz -void DmAuthSrcManagerFuzzTest(const uint8_t* data, size_t size) -{ - if ((data == nullptr) || (size < sizeof(int32_t))) { - return; - } - std::shared_ptr softbusConnector = std::make_shared(); - std::shared_ptr listener = std::make_shared(); - std::shared_ptr hiChainAuthConnector = std::make_shared(); - std::shared_ptr hiChainConnector = std::make_shared(); - FuzzedDataProvider fdp(data, size); - std::string str(reinterpret_cast(data), size); - int32_t bindLevel = fdp.ConsumeIntegral(); - std::shared_ptr authManager = std::make_shared(softbusConnector, hiChainConnector, - listener, hiChainAuthConnector); - - authManager->OnUserOperation(g_action, str); - authManager->BindTarget(str, g_targetId, g_bindParam, g_sessionId, g_localSessionId); - authManager->StopAuthenticateDevice(str); - authManager->ImportAuthCode(str, str); - authManager->RegisterUiStateCallback(str); - authManager->UnRegisterUiStateCallback(str); - authManager->UnAuthenticateDevice(str, str, bindLevel); - authManager->UnBindDevice(str, str, bindLevel, str); - authManager->HandleDeviceNotTrust(str); - authManager->DeleteGroup(str, str); - authManager->AuthDeviceTransmit(g_requestId, data, size); - authManager->AuthDeviceSessionKey(g_requestId, data, size); - authManager->AuthDeviceRequest(g_requestId, g_operationCode, str.c_str()); - authManager->OnDataReceived(g_sessionId, str); - authManager->OnAuthDeviceDataReceived(g_sessionId, str); -} - -// AuthSinkManager fuzz -void DmAuthSinkManagerFuzzTest(const uint8_t* data, size_t size) -{ - if ((data == nullptr) || (size < sizeof(int32_t))) { - return; - } - std::shared_ptr softbusConnector = std::make_shared(); - std::shared_ptr listener = std::make_shared(); - std::shared_ptr hiChainAuthConnector = std::make_shared(); - std::shared_ptr hiChainConnector = std::make_shared(); - FuzzedDataProvider fdp(data, size); - std::string str(reinterpret_cast(data), size); - int32_t bindLevel = fdp.ConsumeIntegral(); - std::shared_ptr authManager = std::make_shared(softbusConnector, hiChainConnector, - listener, hiChainAuthConnector); - - authManager->OnUserOperation(g_action, str); - authManager->BindTarget(str, g_targetId, g_bindParam, g_sessionId, g_localSessionId); - authManager->StopAuthenticateDevice(str); - authManager->ImportAuthCode(str, str); - authManager->RegisterUiStateCallback(str); - authManager->UnRegisterUiStateCallback(str); - authManager->UnAuthenticateDevice(str, str, bindLevel); - authManager->UnBindDevice(str, str, bindLevel, str); - authManager->HandleDeviceNotTrust(str); - authManager->DeleteGroup(str, str); - authManager->AuthDeviceTransmit(g_requestId, data, size); - authManager->AuthDeviceSessionKey(g_requestId, data, size); - authManager->AuthDeviceRequest(g_requestId, g_operationCode, str.c_str()); - authManager->OnDataReceived(g_sessionId, str); - authManager->OnAuthDeviceDataReceived(g_sessionId, str); -} - -void DmAuthManagerV2FuzzTest(const uint8_t* data, size_t size) -{ - if ((data == nullptr) || (size < sizeof(int32_t))) { - return; - } - std::shared_ptr softbusConnector = std::make_shared(); - std::shared_ptr listener = std::make_shared(); - std::shared_ptr hiChainAuthConnector = std::make_shared(); - std::shared_ptr hiChainConnector = std::make_shared(); - FuzzedDataProvider fdp(data, size); - int32_t sessionId = fdp.ConsumeIntegral(); - int32_t sessionSide = fdp.ConsumeIntegral(); - int32_t result = fdp.ConsumeIntegral(); - int64_t requestId = fdp.ConsumeIntegral(); - int32_t errorCode = fdp.ConsumeIntegral(); - uint64_t logicalSessionId = fdp.ConsumeIntegral(); - int32_t authType = fdp.ConsumeIntegral(); - PeerTargetId targetId = { - .deviceId = fdp.ConsumeRandomLengthString(), - .brMac = fdp.ConsumeRandomLengthString(), - .bleMac = fdp.ConsumeRandomLengthString(), - .wifiIp = fdp.ConsumeRandomLengthString(), - .wifiPort = fdp.ConsumeIntegral(), - }; - std::map bindParam = { { "key1", fdp.ConsumeRandomLengthString() }, - { "key2", fdp.ConsumeRandomLengthString() }, { "key3", fdp.ConsumeRandomLengthString() } }; - std::string pkgName = fdp.ConsumeRandomLengthString(); - std::string deviceId = fdp.ConsumeRandomLengthString(); - std::string extra = fdp.ConsumeRandomLengthString(); - std::shared_ptr authSrcManager = - std::make_shared(softbusConnector, hiChainConnector, listener, hiChainAuthConnector); - std::shared_ptr authSinkManager = - std::make_shared(softbusConnector, hiChainConnector, listener, hiChainAuthConnector); - authSrcManager->BindTarget(pkgName, targetId, bindParam, sessionId, logicalSessionId); - authSrcManager->GetAuthParam(pkgName, authType, deviceId, extra); - authSinkManager->OnSessionOpened(sessionId, sessionSide, result); - authSrcManager->OnSessionDisable(); - authSrcManager->GetIsCryptoSupport(); - std::shared_ptr context = std::make_shared(); - authSinkManager->context_->authStateMachine->curState_ = DmAuthStateType::AUTH_SINK_PIN_AUTH_START_STATE; - authSinkManager->AuthDeviceError(requestId, errorCode); - authSinkManager->context_->authStateMachine->curState_ = DmAuthStateType::AUTH_SINK_FINISH_STATE; - authSinkManager->AuthDeviceError(requestId, errorCode); - authSinkManager->AuthDeviceFinish(requestId); - authSinkManager->GetBindTargetParams(pkgName, targetId, bindParam); - authSinkManager->SetBindTargetParams(targetId); - authSinkManager->ClearSoftbusSessionCallback(); - authSinkManager->PrepareSoftbusSessionCallback(); -} -} -} - -/* Fuzzer entry point */ -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) -{ - /* Run your code on data */ - OHOS::DistributedHardware::DmAuthSrcManagerFuzzTest(data, size); - OHOS::DistributedHardware::DmAuthSinkManagerFuzzTest(data, size); - OHOS::DistributedHardware::DmAuthManagerV2FuzzTest(data, size); - return 0; -} \ No newline at end of file diff --git a/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.h b/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.h deleted file mode 100644 index 35643d1c4..000000000 --- a/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (c) 2025 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef DM_AUTH_MANAGER_FUZZER_H -#define DM_AUTH_MANAGER_FUZZER_H - -#define FUZZ_PROJECT_NAME "dmauthmanagerv2_fuzzer" - -#endif // DM_AUTH_MANAGER_FUZZER_H \ No newline at end of file diff --git a/test/commonfuzztest/dmauthmanagerv2_fuzzer/project.xml b/test/commonfuzztest/dmauthmanagerv2_fuzzer/project.xml deleted file mode 100644 index bac4974e9..000000000 --- a/test/commonfuzztest/dmauthmanagerv2_fuzzer/project.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - 1000 - - 300 - - 4096 - - \ No newline at end of file -- Gitee From 23ffda9a7978fbcaa158b07e375143f482b8bac2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E9=9B=B7?= Date: Sun, 22 Jun 2025 19:28:33 +0800 Subject: [PATCH 8/8] add FUZZ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 张雷 --- test/commonfuzztest/BUILD.gn | 1 - .../authpinauth_fuzzer/BUILD.gn | 80 ------------------- .../auth_pin_auth_fuzzer.cpp | 71 ---------------- .../authpinauth_fuzzer/auth_pin_auth_fuzzer.h | 21 ----- .../authpinauth_fuzzer/corpus/init | 13 --- .../authpinauth_fuzzer/project.xml | 25 ------ 6 files changed, 211 deletions(-) delete mode 100644 test/commonfuzztest/authpinauth_fuzzer/BUILD.gn delete mode 100644 test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp delete mode 100644 test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.h delete mode 100644 test/commonfuzztest/authpinauth_fuzzer/corpus/init delete mode 100644 test/commonfuzztest/authpinauth_fuzzer/project.xml diff --git a/test/commonfuzztest/BUILD.gn b/test/commonfuzztest/BUILD.gn index 22280d471..72dc45f2b 100644 --- a/test/commonfuzztest/BUILD.gn +++ b/test/commonfuzztest/BUILD.gn @@ -20,7 +20,6 @@ group("fuzztest") { "authenticatedevice_fuzzer:fuzztest", "authenticatedeviceservice_fuzzer:fuzztest", "authenticatedeviceserviceimpl_fuzzer:fuzztest", - "authpinauth_fuzzer:fuzztest", "dmanonyous_fuzzer:fuzztest", "dmcommoneventmanager_fuzzer:fuzztest", "dmcredentialimpl_fuzzer:fuzztest", diff --git a/test/commonfuzztest/authpinauth_fuzzer/BUILD.gn b/test/commonfuzztest/authpinauth_fuzzer/BUILD.gn deleted file mode 100644 index 9ab8575c5..000000000 --- a/test/commonfuzztest/authpinauth_fuzzer/BUILD.gn +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright (c) 2025 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#####################hydra-fuzz################### -import("//build/config/features.gni") -import("//build/test.gni") -import("//foundation/distributedhardware/device_manager/device_manager.gni") - -##############################fuzztest########################################## -ohos_fuzztest("AuthPinAuthFuzzTest") { - module_out_path = fuzz_test_output_path - fuzz_config_file = - "${devicemanager_path}/test/commonfuzztest/authpinauth_fuzzer" - - include_dirs = [ - "${innerkits_path}/native_cpp/include", - "${servicesimpl_path}/include/ability", - "${servicesimpl_path}/include/adapter", - "${servicesimpl_path}/include/authentication_v2", - "${servicesimpl_path}/include/dependency/hichain", - "${servicesimpl_path}/include/dependency/softbus", - "${servicesimpl_path}/include/dependency/timer", - ] - - cflags = [ - "-g", - "-O0", - "-Dprivate=public", - "-Dprotected=public", - "-Werror", - "-Wno-unused-variable", - "-fno-omit-frame-pointer", - ] - - sources = [ "auth_pin_auth_fuzzer.cpp"] - - deps = [ - "${innerkits_path}/native_cpp:devicemanagersdk", - "${services_path}:devicemanagerservicetest", - "${servicesimpl_path}:devicemanagerserviceimpl", - "${utils_path}:devicemanagerutilstest", - ] - - external_deps = [ - "cJSON:cjson", - "device_auth:deviceauth_sdk", - "device_info_manager:distributed_device_profile_common", - "device_info_manager:distributed_device_profile_sdk", - "dsoftbus:softbus_client", - "ffrt:libffrt", - "hilog:libhilog", - "init:libbegetutil", - "ipc:ipc_single", - "safwk:system_ability_fwk", - ] - - defines = [ - "HI_LOG_ENABLE", - "DH_LOG_TAG=\"AuthPinAuthFuzzTest\"", - "LOG_DOMAIN=0xD004110", - ] -} - -############################################################################### -group("fuzztest") { - testonly = true - - deps = [ ":AuthPinAuthFuzzTest" ] -} -############################################################################### diff --git a/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp deleted file mode 100644 index bed8e719e..000000000 --- a/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2025-2025 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "auth_pin_auth_fuzzer.h" - -#include -#include - -#include "device_manager_service_listener.h" -#include "dm_auth_state.h" -#include "dm_auth_state_machine.h" -#include "dm_freeze_process.h" - -namespace OHOS { -namespace DistributedHardware { -constexpr uint32_t SERVICE = 2; - -void AuthPinAuthFuzzTest(const uint8_t* data, size_t size) -{ - if ((data == nullptr) || (size < sizeof(int32_t))) { - return; - } - FreezeProcess freezeProcess; - FuzzedDataProvider fdp(data, size); - std::shared_ptr context = std::make_shared(); - context->transmitData = fdp.ConsumeRandomLengthString(); - context->requestId = fdp.ConsumeIntegral(); - context->accesser.userId = fdp.ConsumeIntegral(); - - std::shared_ptr authFirst = std::make_shared(); - std::shared_ptr authSecond = std::make_shared(); - std::shared_ptr authThird = std::make_shared(); - std::shared_ptr authForth = std::make_shared(); - std::shared_ptr authFifth = std::make_shared(); - std::shared_ptr authSixth = std::make_shared(); - std::shared_ptr authSeventh = std::make_shared(); - std::shared_ptr authEighth = std::make_shared(); - authFirst->GetStateType(); - authSecond->GetStateType(); - int32_t credType = fdp.ConsumeIntegral(); - authThird->GetCredIdByCredType(context, credType); - context->isAppCredentialVerified = true; - context->accesser.isGenerateLnnCredential = false; - authForth->ShowStartAuthDialog(context); - authFifth->GetStateType(); - authSixth->GetStateType(); - authSeventh->GetStateType(); - authEighth->GetStateType(); -} -} -} - -/* Fuzzer entry point */ -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) -{ - /* Run your code on data */ - OHOS::DistributedHardware::AuthPinAuthFuzzTest(data, size); - return 0; -} \ No newline at end of file diff --git a/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.h b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.h deleted file mode 100644 index d9a1a29ba..000000000 --- a/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (c) 2025 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef AUTH_PIN_AUTH_FUZZER_H -#define AUTH_PIN_AUTH_FUZZER_H - -#define FUZZ_PROJECT_NAME "authpinauth_fuzzer" - -#endif // AUTH_PIN_AUTH_FUZZER_H \ No newline at end of file diff --git a/test/commonfuzztest/authpinauth_fuzzer/corpus/init b/test/commonfuzztest/authpinauth_fuzzer/corpus/init deleted file mode 100644 index 8f37f0925..000000000 --- a/test/commonfuzztest/authpinauth_fuzzer/corpus/init +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright (c) 2025 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -FUZZ \ No newline at end of file diff --git a/test/commonfuzztest/authpinauth_fuzzer/project.xml b/test/commonfuzztest/authpinauth_fuzzer/project.xml deleted file mode 100644 index 500f6f414..000000000 --- a/test/commonfuzztest/authpinauth_fuzzer/project.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - 1000 - - 300 - - 4096 - - \ No newline at end of file -- Gitee