From e88097bc9657c24ced284c747beb7de6e77f2a35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E9=9B=B7?= Date: Thu, 3 Jul 2025 09:54:53 +0800 Subject: [PATCH 1/3] add fuzz MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 张雷 --- .../authacl_fuzzer/auth_acl_fuzzer.cpp | 16 +++++++-- .../authenticate_device_fuzzer.cpp | 19 ++++++++++ .../dm_freeze_process_fuzzer.cpp | 4 +++ .../hichain_connector_fuzzer.cpp | 15 ++++++++ .../device_manager_impl_fuzzer.cpp | 35 +++++++++++++++++-- .../auth_confirm_fuzzer.cpp | 22 ++++++++++++ .../auth_manager_fuzzer.cpp | 34 ++++++++++++++++++ .../auth_message_processor_fuzzer.cpp | 14 ++++++++ .../devicelist_fuzzer/device_list_fuzzer.cpp | 2 ++ .../dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp | 12 +++++++ .../dm_transport_msg_fuzzer.cpp | 28 +++++++++------ .../init_device_manager_fuzzer.cpp | 4 +++ 12 files changed, 190 insertions(+), 15 deletions(-) diff --git a/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp b/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp index aa4d0fd09..3576ae7c2 100644 --- a/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp +++ b/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp @@ -32,11 +32,23 @@ void AuthAclFuzzTest(const uint8_t* data, size_t size) FuzzedDataProvider fdp(data, size); int32_t sessionId = fdp.ConsumeIntegral(); std::string result = fdp.ConsumeRandomLengthString(); - std::shared_ptr authSink = std::make_shared(); - std::shared_ptr authSrc = std::make_shared(); + std::shared_ptr authSink = std::make_shared(); + std::shared_ptr authSrc = std::make_shared(); authSink->GetStateType(); authSrc->GetStateType(); + + std::shared_ptr context = std::make_shared(); + context->accesser.dmVersion = DM_VERSION_5_1_0; + context->accesser.isCommonFlag = true; + authSink->VerifyCertificate(context); + context->accesser.isCommonFlag = false; + authSink->VerifyCertificate(context); + context->accesser.dmVersion = DM_VERSION_5_0_1; + authSink->Action(context); + + authSrc->Action(context); + authSrc->Action(nullptr); } } } diff --git a/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp b/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp index a0b1e8738..19c12ca7d 100644 --- a/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp +++ b/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp @@ -86,6 +86,12 @@ public: void OnCall(const std::string ¶mJson) override {} }; +class DeviceScreenStatusCallbackTest : public DeviceScreenStatusCallback { +public: + virtual ~DeviceScreenStatusCallbackTest() {} + void OnDeviceScreenStatus(const DmDeviceInfo &deviceInfo) override {} +}; + std::string g_returnStr; std::string g_reqJsonStr = R"( { @@ -216,6 +222,7 @@ void AuthenticateDeviceFirstFuzzTest(const uint8_t* data, size_t size) DeviceManager::GetInstance().RegisterDevStatusCallback(str, str, g_statusCallback); DeviceManager::GetInstance().RegisterDeviceManagerFaCallback(str, g_Uicallback); std::string emptyStr = ""; + DeviceManager::GetInstance().RegisterDevStateCallback(emptyStr, str, g_stateCallback); DeviceManager::GetInstance().AuthenticateDevice(str, g_authType, g_deviceInfo, emptyStr, g_callbackk); DeviceManager::GetInstance().UnAuthenticateDevice(str, g_deviceInfo); std::string pkgName = "pkgName"; @@ -278,6 +285,7 @@ void AuthenticateDeviceThirdFuzzTest(const uint8_t* data, size_t size) DeviceManager::GetInstance().UnBindDevice(str, g_deviceInfo.deviceId); DeviceManager::GetInstance().UnRegisterDeviceManagerFaCallback(str); DeviceManager::GetInstance().UnRegisterDevStateCallback(str); + DeviceManager::GetInstance().UnRegisterDevStateCallback(emptyStr); DeviceManager::GetInstance().UnRegisterDevStatusCallback(str); std::map authParam; authParam[DM_AUTHENTICATION_TYPE] = str; @@ -332,6 +340,7 @@ void AuthenticateDeviceFourthFuzzTest(const uint8_t* data, size_t size) DeviceManagerImpl::GetInstance().RemovePublishCallback("test"); DeviceManagerImpl::GetInstance().RegisterPinHolderCallback(str, nullptr); DeviceManagerImpl::GetInstance().GetDeviceSecurityLevel(str, emptyStr, indexTwo); + DeviceManagerImpl::GetInstance().GetDeviceSecurityLevel(str, str, indexTwo); DeviceManagerImpl::GetInstance().IsSameAccount(emptyStr); } @@ -371,19 +380,29 @@ void AuthenticateDeviceFifthFuzzTest(const uint8_t* data, size_t size) DeviceManagerImpl::GetInstance().BindDevice(str, 1, emptyStr, emptyStr, nullptr); DeviceManagerImpl::GetInstance().UnBindDevice(str, emptyStr); DeviceManagerImpl::GetInstance().GetNetworkTypeByNetworkId(str, emptyStr, indexTwo); + DeviceManagerImpl::GetInstance().GetNetworkTypeByNetworkId(str, str, indexTwo); DeviceManagerImpl::GetInstance().ImportAuthCode(emptyStr, emptyStr); + DeviceManagerImpl::GetInstance().ImportAuthCode(str, str); + std::string authCode = "123456"; + DeviceManagerImpl::GetInstance().ImportAuthCode(str, authCode); DeviceManagerImpl::GetInstance().ExportAuthCode(g_returnStr); std::map discoverParam; DeviceManagerImpl::GetInstance().StartDiscovering(str, discoverParam, discoverParam, nullptr); DeviceManagerImpl::GetInstance().StopDiscovering(str, discoverParam); DeviceManagerImpl::GetInstance().RegisterDiscoveryCallback(str, discoverParam, discoverParam, nullptr); DeviceManagerImpl::GetInstance().UnRegisterDiscoveryCallback(str); + DeviceManagerImpl::GetInstance().UnRegisterDiscoveryCallback(emptyStr); DeviceManagerImpl::GetInstance().StartAdvertising(str, discoverParam, nullptr); + DeviceManagerImpl::GetInstance().StartAdvertising(str, discoverParam, g_publishCallback); DeviceManagerImpl::GetInstance().StopAdvertising(str, discoverParam); DeviceManagerImpl::GetInstance().SetDnPolicy(str, discoverParam); DeviceManagerImpl::GetInstance().RegisterDeviceScreenStatusCallback(emptyStr, nullptr); DeviceManagerImpl::GetInstance().UnRegisterDeviceScreenStatusCallback(emptyStr); + std::shared_prt callback = std::make_shared(); + DeviceManagerImpl::GetInstance().RegisterDeviceScreenStatusCallback(str, callback); + DeviceManagerImpl::GetInstance().UnRegisterDeviceScreenStatusCallback(str); DeviceManagerImpl::GetInstance().GetDeviceScreenStatus(emptyStr, emptyStr, indexTwo); + DeviceManagerImpl::GetInstance().GetDeviceScreenStatus(str, str, indexTwo); } } } diff --git a/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp b/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp index b839f6b47..da9dccfd8 100644 --- a/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp +++ b/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp @@ -58,6 +58,8 @@ void DmFreezeProcessFuzzTest(const uint8_t *data, size_t size) FreezeProcess::GetInstance().ConvertJsonToBindFailedEvents(result, bindFailedEvents); bundleName = fdp.ConsumeRandomLengthString(); deviceType = fdp.ConsumeIntegral(); + freezeStateObj.startFreezeTimeStamp = fdp.ConsumeIntegral(); + FreezeProcess::GetInstance().freezeStateCache_ = freezeStateObj; FreezeProcess::GetInstance().CleanBindFailedEvents(reservedDataTimeStamp); FreezeProcess::GetInstance().CleanFreezeState(reservedDataTimeStamp); FreezeProcess::GetInstance().ConvertDeviceFreezeStateToJson(freezeStateObj, result); @@ -74,6 +76,8 @@ void DmFreezeProcessFuzzTest(const uint8_t *data, size_t size) nowTime = MAX_FREEZE_TIME; FreezeProcess::GetInstance().CalculateNextFreezeTime(nowTime, nextTime); FreezeProcess::GetInstance().DeleteFreezeRecord(); + FreezeProcess::GetInstance().UpdateFreezeRecord(); + FreezeProcess::GetInstance().ConvertBindFailedEventsToJson(bindFailedEvents, result); } } } diff --git a/test/commonfuzztest/hichainconnector_fuzzer/hichain_connector_fuzzer.cpp b/test/commonfuzztest/hichainconnector_fuzzer/hichain_connector_fuzzer.cpp index 4e8f14801..ff7223ad4 100644 --- a/test/commonfuzztest/hichainconnector_fuzzer/hichain_connector_fuzzer.cpp +++ b/test/commonfuzztest/hichainconnector_fuzzer/hichain_connector_fuzzer.cpp @@ -72,6 +72,16 @@ void AddGroupInfo(std::vector &groupList) groupList.push_back(groupInfo2); } +void GenerateJsonObject(JsonObject &jsonObject, FuzzedDataProvider &fdp) +{ + jsonObject[FIELD_GROUP_NAME] = fdp.ConsumeRandomLengthString(); + jsonObject[FIELD_GROUP_ID] = fdp.ConsumeRandomLengthString(); + jsonObject[FIELD_GROUP_OWNER] = fdp.ConsumeRandomLengthString(); + jsonObject[FIELD_GROUP_TYPE] = fdp.ConsumeIntegral(); + jsonObject[FIELD_GROUP_VISIBILITY] = fdp.ConsumeIntegral(); + jsonObject[FIELD_USER_ID] = fdp.ConsumeRandomLengthString(); +} + void AddAclInfo(std::vector> &delACLInfoVec, std::vector &userIdVec) { int32_t key = 12; @@ -200,6 +210,9 @@ void HiChainConnectorThirdFuzzTest(const uint8_t* data, size_t size) hichainConnector->GetJsonInt(jsonOutObj, "key"); hichainConnector->deleteMultiMembers(groupType, userId, jsonOutObj); hichainConnector->DeleteAllGroupByUdid(reqParams); + JsonObject jsonObj; + GenerateJsonObject(jsonObj, fdp); + FromJson(jsonObj, groupInfo); } void HiChainConnectorForthFuzzTest(const uint8_t* data, size_t size) @@ -229,6 +242,8 @@ void HiChainConnectorForthFuzzTest(const uint8_t* data, size_t size) AddAclInfo(delACLInfoVec, userIdVec); hichainConnector->DeleteGroup(groupId); hichainConnector->DeleteGroupExt(groupId); + int32_t userIdInt = fdp.ConsumeIntegral(); + hichainConnector->DeleteGroupExt(userIdInt, groupId); hichainConnector->DeleteGroup(authType, groupId); hichainConnector->DeleteGroup(requestId, userId, authType); hichainConnector->DelMemberFromGroup(groupId, deviceId); diff --git a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp index a42e45145..31ae16e39 100755 --- a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp +++ b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp @@ -27,6 +27,17 @@ namespace OHOS { namespace DistributedHardware { namespace {} +class DevTrustChangeCallbackTest : public DevTrustChangeCallback { +public: + virtual ~DevTrustChangeCallbackTest() {} + void OnDeviceTrustChange(const std::string &udid, const std::string &uuid, DmAuthForm authForm) override {} +}; + +class CredentialAuthStatusCallbackTest : public CredentialAuthStatusCallback { +public: + virtual ~CredentialAuthStatusCallbackTest() {} + void OOnCredentialAuthStatus(const std::string &deviceList, uint16_t deviceTypeId, int32_t errcode) override {} +}; void StopAuthenticateDeviceTest(const uint8_t *data, size_t size) { @@ -69,6 +80,8 @@ void RegDevTrustChangeCallbackTest(const uint8_t *data, size_t size) std::shared_ptr callback = nullptr; std::string pkgName = fdp.ConsumeRandomLengthString(); DeviceManagerImpl::GetInstance().RegDevTrustChangeCallback(pkgName, callback); + callback = std::make_shared(); + DeviceManagerImpl::GetInstance().RegDevTrustChangeCallback(pkgName, callback); } void GetNetworkIdByUdidTest(const uint8_t *data, size_t size) @@ -92,6 +105,10 @@ void RegisterCredentialAuthStatusCallbackTest(const uint8_t *data, size_t size) std::string pkgName = fdp.ConsumeRandomLengthString(); std::shared_ptr callback = nullptr; DeviceManagerImpl::GetInstance().RegisterCredentialAuthStatusCallback(pkgName, callback); + callback = std::make_shared(); + DeviceManagerImpl::GetInstance().RegisterCredentialAuthStatusCallback(pkgName, callback); + DeviceManagerImpl::GetInstance().UnRegisterCredentialAuthStatusCallback(pkgName); + DeviceManagerImpl::GetInstance().UnRegisterCredentialAuthStatusCallback(""); } void GetAllTrustedDeviceListTest(const uint8_t *data, size_t size) @@ -136,9 +153,9 @@ void GetDeviceIconInfoTest(const uint8_t *data, size_t size) } FuzzedDataProvider fdp(data, size); std::string pkgName = fdp.ConsumeRandomLengthString(); - DmDeviceProfileInfoFilterOptions filterOptions; - std::shared_ptr callback = nullptr; - DeviceManagerImpl::GetInstance().GetDeviceProfileInfoList(pkgName, filterOptions, callback); + DmDeviceIconInfoFilterOptions filterOptions; + std::shared_ptr callback = nullptr; + DeviceManagerImpl::GetInstance().GetGetDeviceIconInfo(pkgName, filterOptions, callback); } void PutDeviceProfileInfoListTest(const uint8_t *data, size_t size) @@ -223,6 +240,16 @@ void GetLocalServiceInfoByBundleNameAndPinExchangeTypeTest(const uint8_t *data, DeviceManagerImpl::GetInstance().GetLocalServiceInfoByBundleNameAndPinExchangeType(bundleName, maxNameLength, info); } +void GetErrorCodeTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + FuzzedDataProvider fdp(data, size); + int32_t errCode = fdp.ConsumeIntegral(); + DeviceManagerImpl::GetInstance().GetErrCode(errCode); +} + void UnRegisterPinHolderCallbackTest(const uint8_t *data, size_t size) { if ((data == nullptr) || (size == 0)) { @@ -251,6 +278,7 @@ void DeviceManagerImplFuzzTest(const uint8_t *data, size_t size) DmAccessCallee callee; DMIpcCmdInterfaceCode ipcCode = REGISTER_DEVICE_MANAGER_LISTENER; DeviceManagerImpl::GetInstance().GetLocalDeviceName(pkgName, deviceName); + DeviceManagerImpl::GetInstance().GetLocalDeviceName(pkgName); DeviceManagerImpl::GetInstance().UnBindDevice(pkgName, deviceId, extra); DeviceManagerImpl::GetInstance().UnRegisterSinkBindCallback(pkgName); DeviceManagerImpl::GetInstance().RegisterLocalServiceInfo(localServiceInfo); @@ -290,5 +318,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::DistributedHardware::GetLocalServiceInfoByBundleNameAndPinExchangeTypeTest(data, size); OHOS::DistributedHardware::UnRegisterPinHolderCallbackTest(data, size); OHOS::DistributedHardware::DeviceManagerImplFuzzTest(data, size); + OHOS::DistributedHardware::GetErrorCodeTest(data, size); return 0; } diff --git a/test/servicesfuzztest/authconfirm_fuzzer/auth_confirm_fuzzer.cpp b/test/servicesfuzztest/authconfirm_fuzzer/auth_confirm_fuzzer.cpp index 631ee616c..6c56aef49 100644 --- a/test/servicesfuzztest/authconfirm_fuzzer/auth_confirm_fuzzer.cpp +++ b/test/servicesfuzztest/authconfirm_fuzzer/auth_confirm_fuzzer.cpp @@ -118,6 +118,7 @@ void GenerateJsonObject(JsonObject &jsonObject, FuzzedDataProvider &fdp) jsonObject[TAG_PEER_BUNDLE_NAME_V2] = fdp.ConsumeRandomLengthString(); jsonObject[DM_TAG_LOGICAL_SESSION_ID] = fdp.ConsumeIntegral(); jsonObject[TAG_PEER_DISPLAY_ID] = fdp.ConsumeIntegral(); + jsonObject[DM_BUSINESS_ID] = fdp.ConsumeRandomLengthString(); } void ActionFuzzTest() @@ -187,6 +188,12 @@ void AuthConfirmFuzzTestNext(JsonObject &jsonObject, FuzzedDataProvider &fdp) authSinkNegotiateStateMachine_->ShareAclCompare(context_, accesser, accessee); authSinkNegotiateStateMachine_->Point2PointAclCompare(context_, accesser, accessee); authSinkNegotiateStateMachine_->LnnAclCompare(context_, accesser, accessee); + authSrcPinInputState_->ShowStartAuthDialog(context_); + authSrcPinInputState_->Action(context_); + context_->importAuthCode = "123456"; + context_->importPkgName = "pkgName"; + authSinkStatePinAuthComm_->IsAuthCodeReady(context_); + authSinkStatePinAuthComm_->IsPinCodeValid(context_->importAuthCode); } void AuthConfirmFuzzTest(const uint8_t* data, size_t size) @@ -236,6 +243,21 @@ void AuthConfirmFuzzTest(const uint8_t* data, size_t size) authSinkNegotiateStateMachine_->GetSinkCredTypeForP2P(context_, jsonObject, jsonObjectTwo, jsonObjectThree, credType, deleteCredInfo); authSrcConfirmState_->GetSrcAclInfo(context_, jsonObject, jsonObjectTwo); + authSrcNegotiateStateMachine_->GetStateType(); + authSrcPinAuthStartState_->GetStateType(); + authSinkPinAuthDoneState_->GetStateType(); + authSrcReverseUltrasonicStartState_->GetStateType(); + authSrcForwardUltrasonicStartState_->GetStateType(); + authSinkReverseUltrasonicStartState_->GetStateType(); + authSinkForwardUltrasonicDoneState_->GetStateType(); + authSrcPinNegotiateStartState_->ProcessCredAuth(context_); + authSrcPinNegotiateStartState_->GetCredIdByCredType(context_, credType); + std::string businessId = fdp.ConsumeRandomLengthString(); + std::string businessValue = fdp.ConsumeRandomLengthString(); + authSinkNegotiateStateMachine_->ParseAndCheckAntiDisturbanceMode(businessId, businessValue); + businessId = "test_business_id"; + businessValue = "{\"business_id\":\"test_business_id\",\"is_in_anti_disturbance_mode\":true}"; + authSinkNegotiateStateMachine_->ParseAndCheckAntiDisturbanceMode(businessId, businessValue); ActionFuzzTest(); AuthConfirmFuzzTestNext(jsonObject, fdp); } diff --git a/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp b/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp index fae170d20..594728573 100644 --- a/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp +++ b/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp @@ -148,6 +148,8 @@ void CheckAuthParamVaildFuzzTest(FuzzedDataProvider &fdp) std::string extra = fdp.ConsumeRandomLengthString(); int32_t authType = fdp.ConsumeIntegral(); authManager->CheckAuthParamVaild(pkgName, authType, deviceId, extra); + authType = 1; + authManager->CheckAuthParamVaild(pkgName, authType, deviceId, extra); } void ParseHmlInfoInJsonObjectFuzzTest(FuzzedDataProvider &fdp) @@ -167,6 +169,7 @@ void ParseJsonObjectFuzzTest(FuzzedDataProvider &fdp) jsonObject[TAG_APP_THUMBNAIL2] = fdp.ConsumeRandomLengthString(); jsonObject[PARAM_CLOSE_SESSION_DELAY_SECONDS] = fdp.ConsumeRandomLengthString(); jsonObject[TAG_PEER_PKG_NAME] = fdp.ConsumeRandomLengthString(); + jsonObject[DM_BUSINESS_ID] = fdp.ConsumeRandomLengthString(); authManager->ParseJsonObject(jsonObject); } @@ -183,6 +186,10 @@ void GetAuthParamFuzzTest(FuzzedDataProvider &fdp) std::string deviceId = fdp.ConsumeRandomLengthString(); std::string extra = fdp.ConsumeRandomLengthString(); authManager->GetAuthParam(pkgName, authType, deviceId, extra); + JsonObject jsonObject; + jsonObject[TAG_BIND_LEVEL] = fdp.ConsumeIntegral(); + extra = jsonObject.Dump(); + authManager->GetAuthParam(pkgName, authType, deviceId, extra); } void InitAuthStateFuzzTest(FuzzedDataProvider &fdp) @@ -208,12 +215,16 @@ void AuthDeviceErrorFuzzTest(FuzzedDataProvider &fdp) int64_t requestId = fdp.ConsumeIntegral(); int32_t errorCode = fdp.ConsumeIntegral(); authManager->AuthDeviceError(requestId, errorCode); + authSinkManager->AuthDeviceError(requestId, errorCode); + requestId = context_->requestId; + authManager->AuthDeviceError(requestId, errorCode); } void AuthDeviceFinishFuzzTest(FuzzedDataProvider &fdp) { int64_t requestId = fdp.ConsumeIntegral(); authManager->AuthDeviceFinish(requestId); + authSinkManager->AuthDeviceFinish(requestId); } void GetPinCodeFuzzTest(FuzzedDataProvider &fdp) @@ -250,6 +261,10 @@ void BindTargetFuzzTest(FuzzedDataProvider &fdp) int sessionId = fdp.ConsumeIntegral(); uint64_t logicalSessionId = fdp.ConsumeIntegral(); authManager->BindTarget(pkgName, targetId, bindParam, sessionId, logicalSessionId); + bindParam[PARAM_KEY_AUTH_TYPE] = "1"; + authManager->BindTarget(pkgName, targetId, bindParam, sessionId, logicalSessionId); + authManager->GetBindTargetParams(pkgName, targetId, bindParam); + authManager->SetBindTargetParams(targetId); } void OnSessionClosedFuzzTest(FuzzedDataProvider &fdp) @@ -277,6 +292,10 @@ void OnUserOperationFuzzTest(FuzzedDataProvider &fdp) int32_t action = fdp.ConsumeIntegral(); std::string params = fdp.ConsumeRandomLengthString(); authSinkManager->OnUserOperation(action, params); + action = USER_OPERATION_TYPE_AUTH_CONFIRM_TIMEOUT; + authSinkManager->OnUserOperation(action, params); + action = USER_OPERATION_TYPE_CANCEL_PINCODE_DISPLAY; + authSinkManager->OnUserOperation(action, params); } void OnSessionOpenedFuzzTest(FuzzedDataProvider &fdp) @@ -285,6 +304,7 @@ void OnSessionOpenedFuzzTest(FuzzedDataProvider &fdp) int32_t sessionSide = fdp.ConsumeIntegral(); int32_t result = fdp.ConsumeIntegral(); authManager->OnSessionOpened(sessionId, sessionSide, result); + authSinkManager->OnSessionOpened(sessionId, sessionSide, result); } void OnSrcSessionClosedFuzzTest(FuzzedDataProvider &fdp) @@ -307,6 +327,10 @@ void OnSrcUserOperationFuzzTest(FuzzedDataProvider &fdp) int32_t action = fdp.ConsumeIntegral(); std::string params = fdp.ConsumeRandomLengthString(); authManager->OnUserOperation(action, params); + action = USER_OPERATION_TYPE_CANCEL_PINCODE_INPUT; + authManager->OnUserOperation(action, params); + action = USER_OPERATION_TYPE_DONE_PINCODE_INPUT; + authManager->OnUserOperation(action, params); } void AuthDeviceTransmitFuzzTest(FuzzedDataProvider &fdp) @@ -343,6 +367,15 @@ void AuthSinkDeviceRequestFuzzTest(FuzzedDataProvider &fdp) authManager->GetBindCallerInfo(); } +void HandleBusinessEventsFuzzTest(FuzzedDataProvider &fdp) +{ + std::string businessId = fdp.ConsumeRandomLengthString(); + int action = fdp.ConsumeIntegral(); + authManager->HandleBusinessEvents(businessId, action); + authManager->ClearSoftbusSessionCallback(); + authManager->PrepareSoftbusSessionCallback(); +} + void AuthManagerFuzzTest(const uint8_t* data, size_t size) { if ((data == nullptr) || (size == 0)) { @@ -388,6 +421,7 @@ void AuthManagerFuzzTest(const uint8_t* data, size_t size) AuthSinkDeviceTransmitFuzzTest(fdp); AuthSinkDeviceSessionKeyFuzzTest(fdp); AuthSinkDeviceRequestFuzzTest(fdp); + HandleBusinessEventsFuzzTest(fdp); } } } diff --git a/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp b/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp index 73a030896..7504623f6 100644 --- a/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp +++ b/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp @@ -57,6 +57,14 @@ void GenerateJsonObject(JsonObject &jsonObject, FuzzedDataProvider &fdp) jsonObject[TAG_PEER_BUNDLE_NAME_V2] = fdp.ConsumeRandomLengthString(); jsonObject[DM_TAG_LOGICAL_SESSION_ID] = fdp.ConsumeIntegral(); jsonObject[TAG_PEER_DISPLAY_ID] = fdp.ConsumeIntegral(); + jsonObject[TAG_TRANSMIT_SK_ID] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_TRANSMIT_SK_TIMESTAMP] = fdp.ConsumeIntegral(); + jsonObject[TAG_TRANSMIT_CREDENTIAL_ID] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_DMVERSION] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_LNN_SK_ID] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_LNN_SK_TIMESTAMP] = fdp.ConsumeIntegral(); + jsonObject[TAG_LNN_CREDENTIAL_ID] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_MSG_TYPE] = fdp.ConsumeIntegral(); } void AuthMessageProcessorFuzzTestNext(JsonObject &jsonObject) @@ -129,8 +137,14 @@ void AuthMessageProcessorFuzzTest(const uint8_t* data, size_t size) accessee.SetAccesseeExtraData(fdp.ConsumeRandomLengthString()); DmAccess access; JsonObject jsonObject; + DmAccessControlTable table; + FromJson(jsonObject, table); + DmAccessToSync sync; + FromJson(jsonObject, sync); GenerateJsonObject(jsonObject, fdp); dmAuthMessageProcessor_ -> ParseMessage(context_, message); + message = jsonObject.Dump(); + dmAuthMessageProcessor_ -> ParseMessage(context_, message); dmAuthMessageProcessor_ -> CreateMessage(DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, context_); dmAuthMessageProcessor_ -> CreateAndSendMsg(DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, context_); dmAuthMessageProcessor_ -> SaveSessionKey(sessionKey.data(), keyLen); diff --git a/test/servicesfuzztest/devicelist_fuzzer/device_list_fuzzer.cpp b/test/servicesfuzztest/devicelist_fuzzer/device_list_fuzzer.cpp index 264b6eb84..30ed2397b 100644 --- a/test/servicesfuzztest/devicelist_fuzzer/device_list_fuzzer.cpp +++ b/test/servicesfuzztest/devicelist_fuzzer/device_list_fuzzer.cpp @@ -38,6 +38,8 @@ void DeviceListFuzzTest(const uint8_t* data, size_t size) std::make_shared(std::make_shared()); DeviceManager::GetInstance().GetTrustedDeviceList(bundleName, extra, devList); DeviceManager::GetInstance().GetLocalDeviceInfo(bundleName, deviceInfo); + bundleName = ""; + DeviceManager::GetInstance().GetTrustedDeviceList(bundleName, extra, devList); } } } diff --git a/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp b/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp index f8d04a6bd..bcb2049b2 100644 --- a/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp +++ b/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp @@ -59,6 +59,10 @@ void DmCommToolFuzzTest(const uint8_t* data, size_t size) dmCommToolPtr_->ProcessResponseUserIdsEvent(innerCommMsg); dmCommToolPtr_->ProcessReceiveCommonEvent(innerCommMsg); dmCommToolPtr_->ProcessResponseCommonEvent(innerCommMsg); + dmCommToolPtr_->ProcessReceiveUninstAppEvent(innerCommMsg); + dmCommToolPtr_->ProcessReceiveUnBindAppEvent(innerCommMsg); + dmCommToolPtr_->ProcessReceiveRspAppUninstallEvent(innerCommMsg); + dmCommToolPtr_->ProcessReceiveRspAppUnbindEvent(innerCommMsg); dmCommToolPtr_->GetDMTransportPtr(); dmCommToolPtr_->GetEventHandler(); } @@ -87,6 +91,14 @@ void DmCommToolFirstFuzzTest(const uint8_t* data, size_t size) std::string commonEventType; EventCallback eventCallback; dmCommToolPtr_->StartCommonEvent(commonEventType, eventCallback); + int32_t userId = fdp.ConsumeIntegral(); + int32_t tokenId = fdp.ConsumeIntegral(); + dmCommToolPtr_->SendUninstAppObj(userId, tokenId, rmtNetworkId); + dmCommToolPtr_->RspAppUninstall(rmtNetworkId, socketId); + dmCommToolPtr_->RspAppUnbind(rmtNetworkId, socketId); + std::string udid = fdp.ConsumeRandomLengthString(); + dmCommToolPtr_->SendUnBindAppObj(userId, tokenId, msg, rmtNetworkId, udid); + dmCommToolPtr_->StopSocket(rmtNetworkId); } } } diff --git a/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp b/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp index ec35472c8..eac32294c 100644 --- a/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp +++ b/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp @@ -97,22 +97,30 @@ void DmTransPortMsgFirstFuzzTest(const uint8_t* data, size_t size) std::string msg(reinterpret_cast(data), size); std::string remoteUdid(reinterpret_cast(data), size); const char* jsonString = R"({ - "MsgType": "0", - "userId": "12345", "accountId": "a******3", - "peerUdids": ["u******1", "u******2"], - "peerUdid": "p******d", - "accountName": "t******t", - "syncUserIdFlag": 1, - "userIds": [ - {"type": 1, "userId": 111}, - {"type": 0, "userId": 222} - ] + "userId": 123, + "tokenId": 123456, + "extra": "extra", + "udid": "p******d", })"; cJSON* jsonObject = nullptr; LogoutAccountMsg accountInfo; ToJson(jsonObject, accountInfo); FromJson(jsonObject, accountInfo); + UninstAppMsg uninstAppMsg; + ToJson(jsonObject, uninstAppMsg); + FromJson(jsonObject, uninstAppMsg); + UnBindAppMsg unBindAppMsg; + ToJson(jsonObject, unBindAppMsg); + FromJson(jsonObject, unBindAppMsg); + + jsonObject = cJSON_Parse(jsonString); + ToJson(jsonObject, accountInfo); + FromJson(jsonObject, accountInfo); + ToJson(jsonObject, uninstAppMsg); + FromJson(jsonObject, uninstAppMsg); + ToJson(jsonObject, unBindAppMsg); + FromJson(jsonObject, unBindAppMsg); cJSON_Delete(jsonObject); } } diff --git a/test/servicesfuzztest/initdevicemanager_fuzzer/init_device_manager_fuzzer.cpp b/test/servicesfuzztest/initdevicemanager_fuzzer/init_device_manager_fuzzer.cpp index a55ca54c4..a51309f62 100644 --- a/test/servicesfuzztest/initdevicemanager_fuzzer/init_device_manager_fuzzer.cpp +++ b/test/servicesfuzztest/initdevicemanager_fuzzer/init_device_manager_fuzzer.cpp @@ -41,6 +41,10 @@ void InitDeviceManagerFuzzTest(const uint8_t* data, size_t size) DeviceManager::GetInstance().InitDeviceManager(packName, callback); DeviceManager::GetInstance().UnInitDeviceManager(packName); + packName = ""; + callback = nullptr; + DeviceManager::GetInstance().InitDeviceManager(packName, callback); + DeviceManager::GetInstance().UnInitDeviceManager(packName); } } } -- Gitee From 6546c13cc1206710a63b75b2ffc1d6e233c80a11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E9=9B=B7?= Date: Thu, 3 Jul 2025 12:28:10 +0800 Subject: [PATCH 2/3] modify fuzz MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 张雷 --- .../authenticate_device_fuzzer.cpp | 31 +++++++++++++++++++ .../hichain_connector_fuzzer.cpp | 7 +++++ .../auth_confirm_fuzzer.cpp | 21 +++++++++++++ .../auth_message_processor_fuzzer.cpp | 12 +++++++ 4 files changed, 71 insertions(+) diff --git a/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp b/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp index 19c12ca7d..2f8acdf1b 100644 --- a/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp +++ b/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp @@ -15,6 +15,7 @@ #include #include +#include #include #include @@ -404,6 +405,35 @@ void AuthenticateDeviceFifthFuzzTest(const uint8_t* data, size_t size) DeviceManagerImpl::GetInstance().GetDeviceScreenStatus(emptyStr, emptyStr, indexTwo); DeviceManagerImpl::GetInstance().GetDeviceScreenStatus(str, str, indexTwo); } +void AuthenticateDeviceSixthFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return; + } + AddPermission(); + FuzzedDataProvider fdp(data, size); + std::string str = fdp.ConsumeRandomLengthString(); + + std::string emptyStr = ""; + int32_t indexTwo = 2; + std::map discoverParam; + DeviceManagerImpl::GetInstance().StartDiscovering(str, discoverParam, discoverParam, nullptr); + DeviceManagerImpl::GetInstance().StopDiscovering(str, discoverParam); + DeviceManagerImpl::GetInstance().RegisterDiscoveryCallback(str, discoverParam, discoverParam, nullptr); + DeviceManagerImpl::GetInstance().UnRegisterDiscoveryCallback(str); + DeviceManagerImpl::GetInstance().UnRegisterDiscoveryCallback(emptyStr); + DeviceManagerImpl::GetInstance().StartAdvertising(str, discoverParam, nullptr); + DeviceManagerImpl::GetInstance().StartAdvertising(str, discoverParam, g_publishCallback); + DeviceManagerImpl::GetInstance().StopAdvertising(str, discoverParam); + DeviceManagerImpl::GetInstance().SetDnPolicy(str, discoverParam); + DeviceManagerImpl::GetInstance().RegisterDeviceScreenStatusCallback(emptyStr, nullptr); + DeviceManagerImpl::GetInstance().UnRegisterDeviceScreenStatusCallback(emptyStr); + std::shared_ptr callback = std::make_shared(); + DeviceManagerImpl::GetInstance().RegisterDeviceScreenStatusCallback(str, callback); + DeviceManagerImpl::GetInstance().UnRegisterDeviceScreenStatusCallback(str); + DeviceManagerImpl::GetInstance().GetDeviceScreenStatus(emptyStr, emptyStr, indexTwo); + DeviceManagerImpl::GetInstance().GetDeviceScreenStatus(str, str, indexTwo); +} } } @@ -416,5 +446,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) OHOS::DistributedHardware::AuthenticateDeviceThirdFuzzTest(data, size); OHOS::DistributedHardware::AuthenticateDeviceFourthFuzzTest(data, size); OHOS::DistributedHardware::AuthenticateDeviceFifthFuzzTest(data, size); + OHOS::DistributedHardware::AuthenticateDeviceSixthFuzzTest(data, size); return 0; } diff --git a/test/commonfuzztest/hichainconnector_fuzzer/hichain_connector_fuzzer.cpp b/test/commonfuzztest/hichainconnector_fuzzer/hichain_connector_fuzzer.cpp index ff7223ad4..9ff7df963 100644 --- a/test/commonfuzztest/hichainconnector_fuzzer/hichain_connector_fuzzer.cpp +++ b/test/commonfuzztest/hichainconnector_fuzzer/hichain_connector_fuzzer.cpp @@ -364,6 +364,13 @@ void HiChainConnectorSixthFuzzTest(const uint8_t* data, size_t size) std::vector fieldDeviceList = {"deviceList"}; jsonDeviceList[FIELD_DEVICE_LIST] = fieldDeviceList; hichainConnector->ParseRemoteCredential(groupType, userId, jsonDeviceList, params, osAccountUserId); + FuzzedDataProvider fdp(data, size); + int32_t userIdInt = fdp.ConsumeIntegral(); + std::string groupId = fdp.ConsumeRandomLengthString(); + hichainConnector->DeleteGroupExt(userIdInt, groupId); + GroupInfo groupInfo; + GenerateJsonObject(jsonObj, fdp); + FromJson(jsonObj, groupInfo); } void HiChainConnectorSevenhFuzzTest(const uint8_t* data, size_t size) diff --git a/test/servicesfuzztest/authconfirm_fuzzer/auth_confirm_fuzzer.cpp b/test/servicesfuzztest/authconfirm_fuzzer/auth_confirm_fuzzer.cpp index 6c56aef49..a4cf2d298 100644 --- a/test/servicesfuzztest/authconfirm_fuzzer/auth_confirm_fuzzer.cpp +++ b/test/servicesfuzztest/authconfirm_fuzzer/auth_confirm_fuzzer.cpp @@ -196,6 +196,26 @@ void AuthConfirmFuzzTestNext(JsonObject &jsonObject, FuzzedDataProvider &fdp) authSinkStatePinAuthComm_->IsPinCodeValid(context_->importAuthCode); } +void AuthConfirmFuzzTestThird(FuzzedDataProvider &fdp) +{ + std::string businessId = fdp.ConsumeRandomLengthString(); + std::string businessValue = fdp.ConsumeRandomLengthString(); + authSinkNegotiateStateMachine_->ParseAndCheckAntiDisturbanceMode(businessId, businessValue); + businessId = "test_business_id"; + businessValue = "{\"business_id\":\"test_business_id\",\"is_in_anti_disturbance_mode\":true}"; + authSinkNegotiateStateMachine_->ParseAndCheckAntiDisturbanceMode(businessId, businessValue); + authSrcNegotiateStateMachine_->GetStateType(); + authSrcPinAuthStartState_->GetStateType(); + authSinkPinAuthDoneState_->GetStateType(); + authSrcReverseUltrasonicStartState_->GetStateType(); + authSrcForwardUltrasonicStartState_->GetStateType(); + authSinkReverseUltrasonicStartState_->GetStateType(); + authSinkForwardUltrasonicDoneState_->GetStateType(); + authSrcPinNegotiateStartState_->ProcessCredAuth(context_); + int32_t credType = fdp.ConsumeIntegral(); + authSrcPinNegotiateStartState_->GetCredIdByCredType(context_, credType); +} + void AuthConfirmFuzzTest(const uint8_t* data, size_t size) { if ((data == nullptr) || (size < sizeof(int32_t))) { @@ -260,6 +280,7 @@ void AuthConfirmFuzzTest(const uint8_t* data, size_t size) authSinkNegotiateStateMachine_->ParseAndCheckAntiDisturbanceMode(businessId, businessValue); ActionFuzzTest(); AuthConfirmFuzzTestNext(jsonObject, fdp); + AuthConfirmFuzzTestThird(fdp); } } } diff --git a/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp b/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp index 7504623f6..80150be52 100644 --- a/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp +++ b/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp @@ -65,6 +65,11 @@ void GenerateJsonObject(JsonObject &jsonObject, FuzzedDataProvider &fdp) jsonObject[TAG_LNN_SK_TIMESTAMP] = fdp.ConsumeIntegral(); jsonObject[TAG_LNN_CREDENTIAL_ID] = fdp.ConsumeRandomLengthString(); jsonObject[TAG_MSG_TYPE] = fdp.ConsumeIntegral(); + jsonObject[TAG_SYNC] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_ACCESS] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_DEVICE_VERSION] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_DEVICE_NAME] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_NETWORKID_ID] = fdp.ConsumeRandomLengthString(); } void AuthMessageProcessorFuzzTestNext(JsonObject &jsonObject) @@ -109,6 +114,13 @@ void AuthMessageProcessorFuzzTestNext(JsonObject &jsonObject) dmAuthMessageProcessor_ -> CreateMessageReverseUltrasonicStart(context_, jsonObject); dmAuthMessageProcessor_ -> CreateMessageForwardUltrasonicNegotiate(context_, jsonObject); dmAuthMessageProcessor_ -> CreateMessageReverseUltrasonicDone(context_, jsonObject); + dmAuthMessageProcessor_ -> CheckLogicalSessionId(jsonObject, context_); + std::string message = jsonObject.Dump(); + dmAuthMessageProcessor_ -> ParseMessage(context_, message); + DmAccessControlTable table; + FromJson(jsonObject, table); + DmAccessToSync sync; + FromJson(jsonObject, sync); } void AuthMessageProcessorFuzzTest(const uint8_t* data, size_t size) -- Gitee From e4be3808e0b6ccf8780f000224303fece28f7278 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E9=9B=B7?= Date: Thu, 3 Jul 2025 13:47:48 +0800 Subject: [PATCH 3/3] update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 张雷 --- .../authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp b/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp index 2f8acdf1b..c1702c1c5 100644 --- a/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp +++ b/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp @@ -399,7 +399,7 @@ void AuthenticateDeviceFifthFuzzTest(const uint8_t* data, size_t size) DeviceManagerImpl::GetInstance().SetDnPolicy(str, discoverParam); DeviceManagerImpl::GetInstance().RegisterDeviceScreenStatusCallback(emptyStr, nullptr); DeviceManagerImpl::GetInstance().UnRegisterDeviceScreenStatusCallback(emptyStr); - std::shared_prt callback = std::make_shared(); + std::shared_ptr callback = std::make_shared(); DeviceManagerImpl::GetInstance().RegisterDeviceScreenStatusCallback(str, callback); DeviceManagerImpl::GetInstance().UnRegisterDeviceScreenStatusCallback(str); DeviceManagerImpl::GetInstance().GetDeviceScreenStatus(emptyStr, emptyStr, indexTwo); -- Gitee