From fda548ca55c6b605edd91bcf745cb8f5c6905943 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E9=9B=B7?= Date: Thu, 3 Jul 2025 14:48:31 +0800 Subject: [PATCH 1/2] add fuzz MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 张雷 --- .../authacl_fuzzer/auth_acl_fuzzer.cpp | 16 +++++++-- .../authenticate_device_fuzzer.cpp | 34 ++++++++++++++++++ .../dm_freeze_process_fuzzer.cpp | 4 +++ .../hichain_connector_fuzzer.cpp | 17 +++++++++ .../device_manager_impl_fuzzer.cpp | 35 +++++++++++++++++-- .../auth_confirm_fuzzer.cpp | 28 +++++++++++++++ .../auth_manager_fuzzer.cpp | 34 ++++++++++++++++++ .../auth_message_processor_fuzzer.cpp | 20 +++++++++++ .../devicelist_fuzzer/device_list_fuzzer.cpp | 2 ++ .../dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp | 12 +++++++ .../dm_transport_msg_fuzzer.cpp | 28 +++++++++------ .../init_device_manager_fuzzer.cpp | 4 +++ 12 files changed, 219 insertions(+), 15 deletions(-) diff --git a/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp b/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp index aa4d0fd09..3576ae7c2 100644 --- a/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp +++ b/test/commonfuzztest/authacl_fuzzer/auth_acl_fuzzer.cpp @@ -32,11 +32,23 @@ void AuthAclFuzzTest(const uint8_t* data, size_t size) FuzzedDataProvider fdp(data, size); int32_t sessionId = fdp.ConsumeIntegral(); std::string result = fdp.ConsumeRandomLengthString(); - std::shared_ptr authSink = std::make_shared(); - std::shared_ptr authSrc = std::make_shared(); + std::shared_ptr authSink = std::make_shared(); + std::shared_ptr authSrc = std::make_shared(); authSink->GetStateType(); authSrc->GetStateType(); + + std::shared_ptr context = std::make_shared(); + context->accesser.dmVersion = DM_VERSION_5_1_0; + context->accesser.isCommonFlag = true; + authSink->VerifyCertificate(context); + context->accesser.isCommonFlag = false; + authSink->VerifyCertificate(context); + context->accesser.dmVersion = DM_VERSION_5_0_1; + authSink->Action(context); + + authSrc->Action(context); + authSrc->Action(nullptr); } } } diff --git a/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp b/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp index a0b1e8738..0303783de 100644 --- a/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp +++ b/test/commonfuzztest/authenticatedevice_fuzzer/authenticate_device_fuzzer.cpp @@ -15,6 +15,7 @@ #include #include +#include #include #include @@ -86,6 +87,12 @@ public: void OnCall(const std::string ¶mJson) override {} }; +class DeviceScreenStatusCallbackTest : public DeviceScreenStatusCallback { +public: + virtual ~DeviceScreenStatusCallbackTest() {} + void OnDeviceScreenStatus(const DmDeviceInfo &deviceInfo) override {} +}; + std::string g_returnStr; std::string g_reqJsonStr = R"( { @@ -216,6 +223,7 @@ void AuthenticateDeviceFirstFuzzTest(const uint8_t* data, size_t size) DeviceManager::GetInstance().RegisterDevStatusCallback(str, str, g_statusCallback); DeviceManager::GetInstance().RegisterDeviceManagerFaCallback(str, g_Uicallback); std::string emptyStr = ""; + DeviceManager::GetInstance().RegisterDevStateCallback(emptyStr, str, g_stateCallback); DeviceManager::GetInstance().AuthenticateDevice(str, g_authType, g_deviceInfo, emptyStr, g_callbackk); DeviceManager::GetInstance().UnAuthenticateDevice(str, g_deviceInfo); std::string pkgName = "pkgName"; @@ -278,6 +286,7 @@ void AuthenticateDeviceThirdFuzzTest(const uint8_t* data, size_t size) DeviceManager::GetInstance().UnBindDevice(str, g_deviceInfo.deviceId); DeviceManager::GetInstance().UnRegisterDeviceManagerFaCallback(str); DeviceManager::GetInstance().UnRegisterDevStateCallback(str); + DeviceManager::GetInstance().UnRegisterDevStateCallback(emptyStr); DeviceManager::GetInstance().UnRegisterDevStatusCallback(str); std::map authParam; authParam[DM_AUTHENTICATION_TYPE] = str; @@ -332,6 +341,7 @@ void AuthenticateDeviceFourthFuzzTest(const uint8_t* data, size_t size) DeviceManagerImpl::GetInstance().RemovePublishCallback("test"); DeviceManagerImpl::GetInstance().RegisterPinHolderCallback(str, nullptr); DeviceManagerImpl::GetInstance().GetDeviceSecurityLevel(str, emptyStr, indexTwo); + DeviceManagerImpl::GetInstance().GetDeviceSecurityLevel(str, str, indexTwo); DeviceManagerImpl::GetInstance().IsSameAccount(emptyStr); } @@ -371,19 +381,42 @@ void AuthenticateDeviceFifthFuzzTest(const uint8_t* data, size_t size) DeviceManagerImpl::GetInstance().BindDevice(str, 1, emptyStr, emptyStr, nullptr); DeviceManagerImpl::GetInstance().UnBindDevice(str, emptyStr); DeviceManagerImpl::GetInstance().GetNetworkTypeByNetworkId(str, emptyStr, indexTwo); + DeviceManagerImpl::GetInstance().GetNetworkTypeByNetworkId(str, str, indexTwo); DeviceManagerImpl::GetInstance().ImportAuthCode(emptyStr, emptyStr); + DeviceManagerImpl::GetInstance().ImportAuthCode(str, str); + std::string authCode = "123456"; + DeviceManagerImpl::GetInstance().ImportAuthCode(str, authCode); DeviceManagerImpl::GetInstance().ExportAuthCode(g_returnStr); +} + +void AuthenticateDeviceSixthFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return; + } + AddPermission(); + FuzzedDataProvider fdp(data, size); + std::string str = fdp.ConsumeRandomLengthString(); + + std::string emptyStr = ""; + int32_t indexTwo = 2; std::map discoverParam; DeviceManagerImpl::GetInstance().StartDiscovering(str, discoverParam, discoverParam, nullptr); DeviceManagerImpl::GetInstance().StopDiscovering(str, discoverParam); DeviceManagerImpl::GetInstance().RegisterDiscoveryCallback(str, discoverParam, discoverParam, nullptr); DeviceManagerImpl::GetInstance().UnRegisterDiscoveryCallback(str); + DeviceManagerImpl::GetInstance().UnRegisterDiscoveryCallback(emptyStr); DeviceManagerImpl::GetInstance().StartAdvertising(str, discoverParam, nullptr); + DeviceManagerImpl::GetInstance().StartAdvertising(str, discoverParam, g_publishCallback); DeviceManagerImpl::GetInstance().StopAdvertising(str, discoverParam); DeviceManagerImpl::GetInstance().SetDnPolicy(str, discoverParam); DeviceManagerImpl::GetInstance().RegisterDeviceScreenStatusCallback(emptyStr, nullptr); DeviceManagerImpl::GetInstance().UnRegisterDeviceScreenStatusCallback(emptyStr); + std::shared_ptr callback = std::make_shared(); + DeviceManagerImpl::GetInstance().RegisterDeviceScreenStatusCallback(str, callback); + DeviceManagerImpl::GetInstance().UnRegisterDeviceScreenStatusCallback(str); DeviceManagerImpl::GetInstance().GetDeviceScreenStatus(emptyStr, emptyStr, indexTwo); + DeviceManagerImpl::GetInstance().GetDeviceScreenStatus(str, str, indexTwo); } } } @@ -397,5 +430,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) OHOS::DistributedHardware::AuthenticateDeviceThirdFuzzTest(data, size); OHOS::DistributedHardware::AuthenticateDeviceFourthFuzzTest(data, size); OHOS::DistributedHardware::AuthenticateDeviceFifthFuzzTest(data, size); + OHOS::DistributedHardware::AuthenticateDeviceSixthFuzzTest(data, size); return 0; } diff --git a/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp b/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp index b839f6b47..da9dccfd8 100644 --- a/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp +++ b/test/commonfuzztest/dmfreezeprocess_fuzzer/dm_freeze_process_fuzzer.cpp @@ -58,6 +58,8 @@ void DmFreezeProcessFuzzTest(const uint8_t *data, size_t size) FreezeProcess::GetInstance().ConvertJsonToBindFailedEvents(result, bindFailedEvents); bundleName = fdp.ConsumeRandomLengthString(); deviceType = fdp.ConsumeIntegral(); + freezeStateObj.startFreezeTimeStamp = fdp.ConsumeIntegral(); + FreezeProcess::GetInstance().freezeStateCache_ = freezeStateObj; FreezeProcess::GetInstance().CleanBindFailedEvents(reservedDataTimeStamp); FreezeProcess::GetInstance().CleanFreezeState(reservedDataTimeStamp); FreezeProcess::GetInstance().ConvertDeviceFreezeStateToJson(freezeStateObj, result); @@ -74,6 +76,8 @@ void DmFreezeProcessFuzzTest(const uint8_t *data, size_t size) nowTime = MAX_FREEZE_TIME; FreezeProcess::GetInstance().CalculateNextFreezeTime(nowTime, nextTime); FreezeProcess::GetInstance().DeleteFreezeRecord(); + FreezeProcess::GetInstance().UpdateFreezeRecord(); + FreezeProcess::GetInstance().ConvertBindFailedEventsToJson(bindFailedEvents, result); } } } diff --git a/test/commonfuzztest/hichainconnector_fuzzer/hichain_connector_fuzzer.cpp b/test/commonfuzztest/hichainconnector_fuzzer/hichain_connector_fuzzer.cpp index 4e8f14801..856d739cf 100644 --- a/test/commonfuzztest/hichainconnector_fuzzer/hichain_connector_fuzzer.cpp +++ b/test/commonfuzztest/hichainconnector_fuzzer/hichain_connector_fuzzer.cpp @@ -72,6 +72,16 @@ void AddGroupInfo(std::vector &groupList) groupList.push_back(groupInfo2); } +void GenerateJsonObject(JsonObject &jsonObject, FuzzedDataProvider &fdp) +{ + jsonObject[FIELD_GROUP_NAME] = fdp.ConsumeRandomLengthString(); + jsonObject[FIELD_GROUP_ID] = fdp.ConsumeRandomLengthString(); + jsonObject[FIELD_GROUP_OWNER] = fdp.ConsumeRandomLengthString(); + jsonObject[FIELD_GROUP_TYPE] = fdp.ConsumeIntegral(); + jsonObject[FIELD_GROUP_VISIBILITY] = fdp.ConsumeIntegral(); + jsonObject[FIELD_USER_ID] = fdp.ConsumeRandomLengthString(); +} + void AddAclInfo(std::vector> &delACLInfoVec, std::vector &userIdVec) { int32_t key = 12; @@ -349,6 +359,13 @@ void HiChainConnectorSixthFuzzTest(const uint8_t* data, size_t size) std::vector fieldDeviceList = {"deviceList"}; jsonDeviceList[FIELD_DEVICE_LIST] = fieldDeviceList; hichainConnector->ParseRemoteCredential(groupType, userId, jsonDeviceList, params, osAccountUserId); + FuzzedDataProvider fdp(data, size); + int32_t userIdInt = fdp.ConsumeIntegral(); + std::string groupId = fdp.ConsumeRandomLengthString(); + hichainConnector->DeleteGroupExt(userIdInt, groupId); + GroupInfo groupInfo; + GenerateJsonObject(jsonObj, fdp); + FromJson(jsonObj, groupInfo); } void HiChainConnectorSevenhFuzzTest(const uint8_t* data, size_t size) diff --git a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp index a42e45145..a9285a436 100755 --- a/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp +++ b/test/interfacesfuzztest/devicemanagerimpl_fuzzer/device_manager_impl_fuzzer.cpp @@ -27,6 +27,17 @@ namespace OHOS { namespace DistributedHardware { namespace {} +class DevTrustChangeCallbackTest : public DevTrustChangeCallback { +public: + virtual ~DevTrustChangeCallbackTest() {} + void OnDeviceTrustChange(const std::string &udid, const std::string &uuid, DmAuthForm authForm) override {} +}; + +class CredentialAuthStatusCallbackTest : public CredentialAuthStatusCallback { +public: + virtual ~CredentialAuthStatusCallbackTest() {} + void OnCredentialAuthStatus(const std::string &deviceList, uint16_t deviceTypeId, int32_t errcode) override {} +}; void StopAuthenticateDeviceTest(const uint8_t *data, size_t size) { @@ -69,6 +80,8 @@ void RegDevTrustChangeCallbackTest(const uint8_t *data, size_t size) std::shared_ptr callback = nullptr; std::string pkgName = fdp.ConsumeRandomLengthString(); DeviceManagerImpl::GetInstance().RegDevTrustChangeCallback(pkgName, callback); + callback = std::make_shared(); + DeviceManagerImpl::GetInstance().RegDevTrustChangeCallback(pkgName, callback); } void GetNetworkIdByUdidTest(const uint8_t *data, size_t size) @@ -92,6 +105,10 @@ void RegisterCredentialAuthStatusCallbackTest(const uint8_t *data, size_t size) std::string pkgName = fdp.ConsumeRandomLengthString(); std::shared_ptr callback = nullptr; DeviceManagerImpl::GetInstance().RegisterCredentialAuthStatusCallback(pkgName, callback); + callback = std::make_shared(); + DeviceManagerImpl::GetInstance().RegisterCredentialAuthStatusCallback(pkgName, callback); + DeviceManagerImpl::GetInstance().UnRegisterCredentialAuthStatusCallback(pkgName); + DeviceManagerImpl::GetInstance().UnRegisterCredentialAuthStatusCallback(""); } void GetAllTrustedDeviceListTest(const uint8_t *data, size_t size) @@ -136,9 +153,9 @@ void GetDeviceIconInfoTest(const uint8_t *data, size_t size) } FuzzedDataProvider fdp(data, size); std::string pkgName = fdp.ConsumeRandomLengthString(); - DmDeviceProfileInfoFilterOptions filterOptions; - std::shared_ptr callback = nullptr; - DeviceManagerImpl::GetInstance().GetDeviceProfileInfoList(pkgName, filterOptions, callback); + DmDeviceIconInfoFilterOptions filterOptions; + std::shared_ptr callback = nullptr; + DeviceManagerImpl::GetInstance().GetDeviceIconInfo(pkgName, filterOptions, callback); } void PutDeviceProfileInfoListTest(const uint8_t *data, size_t size) @@ -223,6 +240,16 @@ void GetLocalServiceInfoByBundleNameAndPinExchangeTypeTest(const uint8_t *data, DeviceManagerImpl::GetInstance().GetLocalServiceInfoByBundleNameAndPinExchangeType(bundleName, maxNameLength, info); } +void GetErrorCodeTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < sizeof(int32_t))) { + return; + } + FuzzedDataProvider fdp(data, size); + int32_t errCode = fdp.ConsumeIntegral(); + DeviceManagerImpl::GetInstance().GetErrCode(errCode); +} + void UnRegisterPinHolderCallbackTest(const uint8_t *data, size_t size) { if ((data == nullptr) || (size == 0)) { @@ -251,6 +278,7 @@ void DeviceManagerImplFuzzTest(const uint8_t *data, size_t size) DmAccessCallee callee; DMIpcCmdInterfaceCode ipcCode = REGISTER_DEVICE_MANAGER_LISTENER; DeviceManagerImpl::GetInstance().GetLocalDeviceName(pkgName, deviceName); + DeviceManagerImpl::GetInstance().GetLocalDeviceName(pkgName); DeviceManagerImpl::GetInstance().UnBindDevice(pkgName, deviceId, extra); DeviceManagerImpl::GetInstance().UnRegisterSinkBindCallback(pkgName); DeviceManagerImpl::GetInstance().RegisterLocalServiceInfo(localServiceInfo); @@ -290,5 +318,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::DistributedHardware::GetLocalServiceInfoByBundleNameAndPinExchangeTypeTest(data, size); OHOS::DistributedHardware::UnRegisterPinHolderCallbackTest(data, size); OHOS::DistributedHardware::DeviceManagerImplFuzzTest(data, size); + OHOS::DistributedHardware::GetErrorCodeTest(data, size); return 0; } diff --git a/test/servicesfuzztest/authconfirm_fuzzer/auth_confirm_fuzzer.cpp b/test/servicesfuzztest/authconfirm_fuzzer/auth_confirm_fuzzer.cpp index 631ee616c..f8e9d3b62 100644 --- a/test/servicesfuzztest/authconfirm_fuzzer/auth_confirm_fuzzer.cpp +++ b/test/servicesfuzztest/authconfirm_fuzzer/auth_confirm_fuzzer.cpp @@ -118,6 +118,7 @@ void GenerateJsonObject(JsonObject &jsonObject, FuzzedDataProvider &fdp) jsonObject[TAG_PEER_BUNDLE_NAME_V2] = fdp.ConsumeRandomLengthString(); jsonObject[DM_TAG_LOGICAL_SESSION_ID] = fdp.ConsumeIntegral(); jsonObject[TAG_PEER_DISPLAY_ID] = fdp.ConsumeIntegral(); + jsonObject[DM_BUSINESS_ID] = fdp.ConsumeRandomLengthString(); } void ActionFuzzTest() @@ -187,6 +188,32 @@ void AuthConfirmFuzzTestNext(JsonObject &jsonObject, FuzzedDataProvider &fdp) authSinkNegotiateStateMachine_->ShareAclCompare(context_, accesser, accessee); authSinkNegotiateStateMachine_->Point2PointAclCompare(context_, accesser, accessee); authSinkNegotiateStateMachine_->LnnAclCompare(context_, accesser, accessee); + authSrcPinInputState_->ShowStartAuthDialog(context_); + authSrcPinInputState_->Action(context_); + context_->importAuthCode = "123456"; + context_->importPkgName = "pkgName"; + authSinkStatePinAuthComm_->IsAuthCodeReady(context_); + authSinkStatePinAuthComm_->IsPinCodeValid(context_->importAuthCode); +} + +void AuthConfirmFuzzTestThird(FuzzedDataProvider &fdp) +{ + std::string businessId = fdp.ConsumeRandomLengthString(); + std::string businessValue = fdp.ConsumeRandomLengthString(); + authSinkNegotiateStateMachine_->ParseAndCheckAntiDisturbanceMode(businessId, businessValue); + businessId = "test_business_id"; + businessValue = "{\"business_id\":\"test_business_id\",\"is_in_anti_disturbance_mode\":true}"; + authSinkNegotiateStateMachine_->ParseAndCheckAntiDisturbanceMode(businessId, businessValue); + authSrcNegotiateStateMachine_->GetStateType(); + authSrcPinAuthStartState_->GetStateType(); + authSinkPinAuthDoneState_->GetStateType(); + authSrcReverseUltrasonicStartState_->GetStateType(); + authSrcForwardUltrasonicStartState_->GetStateType(); + authSinkReverseUltrasonicStartState_->GetStateType(); + authSinkForwardUltrasonicDoneState_->GetStateType(); + authSrcPinNegotiateStartState_->ProcessCredAuth(context_); + int32_t credType = fdp.ConsumeIntegral(); + authSrcPinNegotiateStartState_->GetCredIdByCredType(context_, credType); } void AuthConfirmFuzzTest(const uint8_t* data, size_t size) @@ -238,6 +265,7 @@ void AuthConfirmFuzzTest(const uint8_t* data, size_t size) authSrcConfirmState_->GetSrcAclInfo(context_, jsonObject, jsonObjectTwo); ActionFuzzTest(); AuthConfirmFuzzTestNext(jsonObject, fdp); + AuthConfirmFuzzTestThird(fdp); } } } diff --git a/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp b/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp index fae170d20..594728573 100644 --- a/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp +++ b/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp @@ -148,6 +148,8 @@ void CheckAuthParamVaildFuzzTest(FuzzedDataProvider &fdp) std::string extra = fdp.ConsumeRandomLengthString(); int32_t authType = fdp.ConsumeIntegral(); authManager->CheckAuthParamVaild(pkgName, authType, deviceId, extra); + authType = 1; + authManager->CheckAuthParamVaild(pkgName, authType, deviceId, extra); } void ParseHmlInfoInJsonObjectFuzzTest(FuzzedDataProvider &fdp) @@ -167,6 +169,7 @@ void ParseJsonObjectFuzzTest(FuzzedDataProvider &fdp) jsonObject[TAG_APP_THUMBNAIL2] = fdp.ConsumeRandomLengthString(); jsonObject[PARAM_CLOSE_SESSION_DELAY_SECONDS] = fdp.ConsumeRandomLengthString(); jsonObject[TAG_PEER_PKG_NAME] = fdp.ConsumeRandomLengthString(); + jsonObject[DM_BUSINESS_ID] = fdp.ConsumeRandomLengthString(); authManager->ParseJsonObject(jsonObject); } @@ -183,6 +186,10 @@ void GetAuthParamFuzzTest(FuzzedDataProvider &fdp) std::string deviceId = fdp.ConsumeRandomLengthString(); std::string extra = fdp.ConsumeRandomLengthString(); authManager->GetAuthParam(pkgName, authType, deviceId, extra); + JsonObject jsonObject; + jsonObject[TAG_BIND_LEVEL] = fdp.ConsumeIntegral(); + extra = jsonObject.Dump(); + authManager->GetAuthParam(pkgName, authType, deviceId, extra); } void InitAuthStateFuzzTest(FuzzedDataProvider &fdp) @@ -208,12 +215,16 @@ void AuthDeviceErrorFuzzTest(FuzzedDataProvider &fdp) int64_t requestId = fdp.ConsumeIntegral(); int32_t errorCode = fdp.ConsumeIntegral(); authManager->AuthDeviceError(requestId, errorCode); + authSinkManager->AuthDeviceError(requestId, errorCode); + requestId = context_->requestId; + authManager->AuthDeviceError(requestId, errorCode); } void AuthDeviceFinishFuzzTest(FuzzedDataProvider &fdp) { int64_t requestId = fdp.ConsumeIntegral(); authManager->AuthDeviceFinish(requestId); + authSinkManager->AuthDeviceFinish(requestId); } void GetPinCodeFuzzTest(FuzzedDataProvider &fdp) @@ -250,6 +261,10 @@ void BindTargetFuzzTest(FuzzedDataProvider &fdp) int sessionId = fdp.ConsumeIntegral(); uint64_t logicalSessionId = fdp.ConsumeIntegral(); authManager->BindTarget(pkgName, targetId, bindParam, sessionId, logicalSessionId); + bindParam[PARAM_KEY_AUTH_TYPE] = "1"; + authManager->BindTarget(pkgName, targetId, bindParam, sessionId, logicalSessionId); + authManager->GetBindTargetParams(pkgName, targetId, bindParam); + authManager->SetBindTargetParams(targetId); } void OnSessionClosedFuzzTest(FuzzedDataProvider &fdp) @@ -277,6 +292,10 @@ void OnUserOperationFuzzTest(FuzzedDataProvider &fdp) int32_t action = fdp.ConsumeIntegral(); std::string params = fdp.ConsumeRandomLengthString(); authSinkManager->OnUserOperation(action, params); + action = USER_OPERATION_TYPE_AUTH_CONFIRM_TIMEOUT; + authSinkManager->OnUserOperation(action, params); + action = USER_OPERATION_TYPE_CANCEL_PINCODE_DISPLAY; + authSinkManager->OnUserOperation(action, params); } void OnSessionOpenedFuzzTest(FuzzedDataProvider &fdp) @@ -285,6 +304,7 @@ void OnSessionOpenedFuzzTest(FuzzedDataProvider &fdp) int32_t sessionSide = fdp.ConsumeIntegral(); int32_t result = fdp.ConsumeIntegral(); authManager->OnSessionOpened(sessionId, sessionSide, result); + authSinkManager->OnSessionOpened(sessionId, sessionSide, result); } void OnSrcSessionClosedFuzzTest(FuzzedDataProvider &fdp) @@ -307,6 +327,10 @@ void OnSrcUserOperationFuzzTest(FuzzedDataProvider &fdp) int32_t action = fdp.ConsumeIntegral(); std::string params = fdp.ConsumeRandomLengthString(); authManager->OnUserOperation(action, params); + action = USER_OPERATION_TYPE_CANCEL_PINCODE_INPUT; + authManager->OnUserOperation(action, params); + action = USER_OPERATION_TYPE_DONE_PINCODE_INPUT; + authManager->OnUserOperation(action, params); } void AuthDeviceTransmitFuzzTest(FuzzedDataProvider &fdp) @@ -343,6 +367,15 @@ void AuthSinkDeviceRequestFuzzTest(FuzzedDataProvider &fdp) authManager->GetBindCallerInfo(); } +void HandleBusinessEventsFuzzTest(FuzzedDataProvider &fdp) +{ + std::string businessId = fdp.ConsumeRandomLengthString(); + int action = fdp.ConsumeIntegral(); + authManager->HandleBusinessEvents(businessId, action); + authManager->ClearSoftbusSessionCallback(); + authManager->PrepareSoftbusSessionCallback(); +} + void AuthManagerFuzzTest(const uint8_t* data, size_t size) { if ((data == nullptr) || (size == 0)) { @@ -388,6 +421,7 @@ void AuthManagerFuzzTest(const uint8_t* data, size_t size) AuthSinkDeviceTransmitFuzzTest(fdp); AuthSinkDeviceSessionKeyFuzzTest(fdp); AuthSinkDeviceRequestFuzzTest(fdp); + HandleBusinessEventsFuzzTest(fdp); } } } diff --git a/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp b/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp index 73a030896..d32abde45 100644 --- a/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp +++ b/test/servicesfuzztest/authmessageprocessor_fuzzer/auth_message_processor_fuzzer.cpp @@ -57,6 +57,19 @@ void GenerateJsonObject(JsonObject &jsonObject, FuzzedDataProvider &fdp) jsonObject[TAG_PEER_BUNDLE_NAME_V2] = fdp.ConsumeRandomLengthString(); jsonObject[DM_TAG_LOGICAL_SESSION_ID] = fdp.ConsumeIntegral(); jsonObject[TAG_PEER_DISPLAY_ID] = fdp.ConsumeIntegral(); + jsonObject[TAG_TRANSMIT_SK_ID] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_TRANSMIT_SK_TIMESTAMP] = fdp.ConsumeIntegral(); + jsonObject[TAG_TRANSMIT_CREDENTIAL_ID] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_DMVERSION] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_LNN_SK_ID] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_LNN_SK_TIMESTAMP] = fdp.ConsumeIntegral(); + jsonObject[TAG_LNN_CREDENTIAL_ID] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_MSG_TYPE] = fdp.ConsumeIntegral(); + jsonObject[TAG_SYNC] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_ACCESS] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_DEVICE_VERSION] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_DEVICE_NAME] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_NETWORKID_ID] = fdp.ConsumeRandomLengthString(); } void AuthMessageProcessorFuzzTestNext(JsonObject &jsonObject) @@ -101,6 +114,13 @@ void AuthMessageProcessorFuzzTestNext(JsonObject &jsonObject) dmAuthMessageProcessor_ -> CreateMessageReverseUltrasonicStart(context_, jsonObject); dmAuthMessageProcessor_ -> CreateMessageForwardUltrasonicNegotiate(context_, jsonObject); dmAuthMessageProcessor_ -> CreateMessageReverseUltrasonicDone(context_, jsonObject); + dmAuthMessageProcessor_ -> CheckLogicalSessionId(jsonObject, context_); + std::string message = jsonObject.Dump(); + dmAuthMessageProcessor_ -> ParseMessage(context_, message); + DmAccessControlTable table; + FromJson(jsonObject, table); + DmAccessToSync sync; + FromJson(jsonObject, sync); } void AuthMessageProcessorFuzzTest(const uint8_t* data, size_t size) diff --git a/test/servicesfuzztest/devicelist_fuzzer/device_list_fuzzer.cpp b/test/servicesfuzztest/devicelist_fuzzer/device_list_fuzzer.cpp index 264b6eb84..30ed2397b 100644 --- a/test/servicesfuzztest/devicelist_fuzzer/device_list_fuzzer.cpp +++ b/test/servicesfuzztest/devicelist_fuzzer/device_list_fuzzer.cpp @@ -38,6 +38,8 @@ void DeviceListFuzzTest(const uint8_t* data, size_t size) std::make_shared(std::make_shared()); DeviceManager::GetInstance().GetTrustedDeviceList(bundleName, extra, devList); DeviceManager::GetInstance().GetLocalDeviceInfo(bundleName, deviceInfo); + bundleName = ""; + DeviceManager::GetInstance().GetTrustedDeviceList(bundleName, extra, devList); } } } diff --git a/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp b/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp index f8d04a6bd..bcb2049b2 100644 --- a/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp +++ b/test/servicesfuzztest/dmcommtool_fuzzer/dm_comm_tool_fuzzer.cpp @@ -59,6 +59,10 @@ void DmCommToolFuzzTest(const uint8_t* data, size_t size) dmCommToolPtr_->ProcessResponseUserIdsEvent(innerCommMsg); dmCommToolPtr_->ProcessReceiveCommonEvent(innerCommMsg); dmCommToolPtr_->ProcessResponseCommonEvent(innerCommMsg); + dmCommToolPtr_->ProcessReceiveUninstAppEvent(innerCommMsg); + dmCommToolPtr_->ProcessReceiveUnBindAppEvent(innerCommMsg); + dmCommToolPtr_->ProcessReceiveRspAppUninstallEvent(innerCommMsg); + dmCommToolPtr_->ProcessReceiveRspAppUnbindEvent(innerCommMsg); dmCommToolPtr_->GetDMTransportPtr(); dmCommToolPtr_->GetEventHandler(); } @@ -87,6 +91,14 @@ void DmCommToolFirstFuzzTest(const uint8_t* data, size_t size) std::string commonEventType; EventCallback eventCallback; dmCommToolPtr_->StartCommonEvent(commonEventType, eventCallback); + int32_t userId = fdp.ConsumeIntegral(); + int32_t tokenId = fdp.ConsumeIntegral(); + dmCommToolPtr_->SendUninstAppObj(userId, tokenId, rmtNetworkId); + dmCommToolPtr_->RspAppUninstall(rmtNetworkId, socketId); + dmCommToolPtr_->RspAppUnbind(rmtNetworkId, socketId); + std::string udid = fdp.ConsumeRandomLengthString(); + dmCommToolPtr_->SendUnBindAppObj(userId, tokenId, msg, rmtNetworkId, udid); + dmCommToolPtr_->StopSocket(rmtNetworkId); } } } diff --git a/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp b/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp index ec35472c8..eac32294c 100644 --- a/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp +++ b/test/servicesfuzztest/dmtransportmsg_fuzzer/dm_transport_msg_fuzzer.cpp @@ -97,22 +97,30 @@ void DmTransPortMsgFirstFuzzTest(const uint8_t* data, size_t size) std::string msg(reinterpret_cast(data), size); std::string remoteUdid(reinterpret_cast(data), size); const char* jsonString = R"({ - "MsgType": "0", - "userId": "12345", "accountId": "a******3", - "peerUdids": ["u******1", "u******2"], - "peerUdid": "p******d", - "accountName": "t******t", - "syncUserIdFlag": 1, - "userIds": [ - {"type": 1, "userId": 111}, - {"type": 0, "userId": 222} - ] + "userId": 123, + "tokenId": 123456, + "extra": "extra", + "udid": "p******d", })"; cJSON* jsonObject = nullptr; LogoutAccountMsg accountInfo; ToJson(jsonObject, accountInfo); FromJson(jsonObject, accountInfo); + UninstAppMsg uninstAppMsg; + ToJson(jsonObject, uninstAppMsg); + FromJson(jsonObject, uninstAppMsg); + UnBindAppMsg unBindAppMsg; + ToJson(jsonObject, unBindAppMsg); + FromJson(jsonObject, unBindAppMsg); + + jsonObject = cJSON_Parse(jsonString); + ToJson(jsonObject, accountInfo); + FromJson(jsonObject, accountInfo); + ToJson(jsonObject, uninstAppMsg); + FromJson(jsonObject, uninstAppMsg); + ToJson(jsonObject, unBindAppMsg); + FromJson(jsonObject, unBindAppMsg); cJSON_Delete(jsonObject); } } diff --git a/test/servicesfuzztest/initdevicemanager_fuzzer/init_device_manager_fuzzer.cpp b/test/servicesfuzztest/initdevicemanager_fuzzer/init_device_manager_fuzzer.cpp index a55ca54c4..a51309f62 100644 --- a/test/servicesfuzztest/initdevicemanager_fuzzer/init_device_manager_fuzzer.cpp +++ b/test/servicesfuzztest/initdevicemanager_fuzzer/init_device_manager_fuzzer.cpp @@ -41,6 +41,10 @@ void InitDeviceManagerFuzzTest(const uint8_t* data, size_t size) DeviceManager::GetInstance().InitDeviceManager(packName, callback); DeviceManager::GetInstance().UnInitDeviceManager(packName); + packName = ""; + callback = nullptr; + DeviceManager::GetInstance().InitDeviceManager(packName, callback); + DeviceManager::GetInstance().UnInitDeviceManager(packName); } } } -- Gitee From 4a05f0ecacbf1d68c7648cdb3f26a726262187ca Mon Sep 17 00:00:00 2001 From: liuxiaowei42 Date: Thu, 3 Jul 2025 17:05:10 +0800 Subject: [PATCH 2/2] add FUZZ Signed-off-by: liuxiaowei42 --- utils/BUILD.gn | 3 --- utils/src/kvadapter/kv_adapter.cpp | 4 +++- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/utils/BUILD.gn b/utils/BUILD.gn index b533b2e49..c4d1ba8fe 100644 --- a/utils/BUILD.gn +++ b/utils/BUILD.gn @@ -46,7 +46,6 @@ if (defined(ohos_lite)) { "${common_path}/src/dfx/lite/dm_hisysevent.cpp", "${common_path}/src/dfx/lite/dm_hitrace.cpp", "${common_path}/src/dm_anonymous.cpp", - "${common_path}/src/dm_constants.cpp", "${common_path}/src/dm_error_message.cpp", "${common_path}/src/ipc/lite/ipc_cmd_register.cpp", "src/appInfo/lite/app_manager.cpp", @@ -129,7 +128,6 @@ if (defined(ohos_lite)) { sources = [ "${common_path}/src/dm_anonymous.cpp", - "${common_path}/src/dm_constants.cpp", "src/appInfo/standard/app_manager.cpp", "src/crypto/dm_crypto.cpp", "src/dm_random.cpp", @@ -210,7 +208,6 @@ if (defined(ohos_lite)) { sources = [ "${common_path}/src/dm_anonymous.cpp", - "${common_path}/src/dm_constants.cpp", "src/appInfo/standard/app_manager.cpp", "src/crypto/dm_crypto.cpp", "src/dm_random.cpp", diff --git a/utils/src/kvadapter/kv_adapter.cpp b/utils/src/kvadapter/kv_adapter.cpp index a65494566..7c7495bb0 100644 --- a/utils/src/kvadapter/kv_adapter.cpp +++ b/utils/src/kvadapter/kv_adapter.cpp @@ -24,7 +24,6 @@ #include "data_query.h" #include "dm_anonymous.h" -#include "dm_constants.h" #include "dm_error_type.h" #include "dm_log.h" #include "ffrt.h" @@ -42,6 +41,9 @@ namespace { constexpr int32_t MAX_INIT_RETRY_TIMES = 20; constexpr int32_t INIT_RETRY_SLEEP_INTERVAL = 200 * 1000; // 200ms constexpr uint32_t DM_OSTYPE_PREFIX_LEN = 16; + const char* PEER_UDID = "peer_udid"; + const char* PEER_OSTYPE = "peer_os_type"; + const char* TIME_STAMP = "timestamp"; } int32_t KVAdapter::Init() -- Gitee