1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <securec.h>
17 #include <thread>
18 
19 #include "net_base_branch_fuzzer.h"
20 
21 #include "curl/curl.h"
22 #include "net_mgr_log_wrapper.h"
23 
24 #define private public
25 #include "net_http_probe.h"
26 #include "net_policy_rule.h"
27 
28 namespace OHOS {
29 namespace NetManagerStandard {
30 namespace {
31 const uint8_t *g_baseBranchFuzzData = nullptr;
32 size_t g_baseBranchFuzzSize = 0;
33 size_t g_baseBranchFuzzPos;
34 constexpr size_t STR_LEN = 10;
35 } // namespace
36 
GetNetBranchFuzzData()37 template <class T> T GetNetBranchFuzzData()
38 {
39     T object{};
40     size_t objectSize = sizeof(object);
41     if (g_baseBranchFuzzData == nullptr || objectSize > g_baseBranchFuzzSize - g_baseBranchFuzzPos) {
42         return object;
43     }
44     errno_t ret = memcpy_s(&object, objectSize, g_baseBranchFuzzData + g_baseBranchFuzzPos, objectSize);
45     if (ret != EOK) {
46         return {};
47     }
48     g_baseBranchFuzzPos += objectSize;
49     return object;
50 }
51 
GetStringFromData(int strlen)52 std::string GetStringFromData(int strlen)
53 {
54     char cstr[strlen];
55     cstr[strlen - 1] = '\0';
56     for (int i = 0; i < strlen - 1; i++) {
57         cstr[i] = GetNetBranchFuzzData<char>();
58     }
59     std::string str(cstr);
60     return str;
61 }
62 
GetSecureDataFromData(int8_t strlen)63 SecureData GetSecureDataFromData(int8_t strlen)
64 {
65     SecureData secureData;
66     char cstr[strlen];
67     cstr[strlen - 1] = '\0';
68     for (int i = 0; i < strlen - 1; i++) {
69         cstr[i] = GetNetBranchFuzzData<char>();
70     }
71     secureData.append(cstr, strlen - 1);
72     return secureData;
73 }
74 
NetHttpProbeBranchFuzzTest(const uint8_t * data,size_t size)75 void NetHttpProbeBranchFuzzTest(const uint8_t *data, size_t size)
76 {
77     if ((data == nullptr) || (size < 1)) {
78         return;
79     }
80     int32_t testId = GetNetBranchFuzzData<int32_t>();
81     std::shared_ptr<NetHttpProbe> instance_ =
82         std::make_shared<NetHttpProbe>(testId, NetBearType::BEARER_DEFAULT, NetLinkInfo(), ProbeType::PROBE_HTTP);
83     instance_->GetHttpProbeResult();
84     instance_->GetHttpsProbeResult();
85     std::string host = GetStringFromData(STR_LEN);
86     HttpProxy httpProxy = {host, 0, {}};
87     NetLinkInfo info;
88     instance_->UpdateNetLinkInfo(info);
89     instance_->UpdateGlobalHttpProxy(httpProxy);
90     std::string httpUrl = GetStringFromData(STR_LEN);
91     std::string httpsUrl = GetStringFromData(STR_LEN);
92     instance_->SendProbe(PROBE_HTTP_HTTPS, httpUrl, httpsUrl);
93     instance_->CheckCurlGlobalInitState();
94     ProbeType probeType = ProbeType::PROBE_HTTP_HTTPS;
95     instance_->InitHttpCurl(probeType);
96     instance_->CleanHttpCurl();
97     instance_->ExtractDomainFormUrl(httpUrl);
98     std::string testString = "";
99     instance_->GetAddrInfo(testString);
100     instance_->SetResolveOption(probeType, testString, testString, testId);
101     instance_->SetResolveOption(probeType, "test", testString, testId);
102     testString = GetStringFromData(STR_LEN);
103     instance_->GetAddrInfo(testString);
104     instance_->SetCurlOptions(probeType, httpUrl, httpsUrl);
105     CURL *curl = nullptr;
106     instance_->SetHttpOptions(probeType, curl, testString);
107     bool useHttpProxy = GetNetBranchFuzzData<bool>();
108     instance_->SetProxyOption(probeType, useHttpProxy);
109     instance_->SetResolveOption(probeType, testString, testString, testId);
110     instance_->SendDnsProbe(probeType, testString, testString, useHttpProxy);
111     instance_->SendHttpProbeRequest();
112     instance_->RecvHttpProbeResponse();
113     instance_->LoadProxy(testString, testId);
114 }
115 
NetPolicyRuleBranchFuzzTest(const uint8_t * data,size_t size)116 void NetPolicyRuleBranchFuzzTest(const uint8_t *data, size_t size)
117 {
118     if ((data == nullptr) || (size < 1)) {
119         return;
120     }
121     std::shared_ptr<NetPolicyRule> netPolicyRule = std::make_shared<NetPolicyRule>();
122     uint32_t testId = GetNetBranchFuzzData<uint32_t>();
123     bool isForeground = GetNetBranchFuzzData<bool>();
124     netPolicyRule->UpdateForegroundUidList(testId, isForeground);
125     std::string message = GetStringFromData(STR_LEN);
126     netPolicyRule->GetDumpMessage(message);
127 
128     auto policyEvent = std::make_shared<PolicyEvent>();
129     netPolicyRule->HandleEvent(testId, policyEvent);
130     netPolicyRule->IsValidNetPolicy(testId);
131     uint32_t netsysCtrl = GetNetBranchFuzzData<uint32_t>();
132     netPolicyRule->NetsysCtrl(testId, netsysCtrl);
133     netPolicyRule->BuildTransCondition(testId, netsysCtrl);
134 }
135 } // namespace NetManagerStandard
136 } // namespace OHOS
137 
138 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)139 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
140 {
141     /* Run your code on data */
142     OHOS::NetManagerStandard::NetHttpProbeBranchFuzzTest(data, size);
143     OHOS::NetManagerStandard::NetPolicyRuleBranchFuzzTest(data, size);
144     return 0;
145 }
146