1/*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "jsvaluerefobject_fuzzer.h"
17#include "ecmascript/base/string_helper.h"
18#include "ecmascript/js_function.h"
19#include "ecmascript/napi/include/dfx_jsnapi.h"
20#include "ecmascript/napi/include/jsnapi.h"
21#include "ecmascript/napi/jsnapi_helper.h"
22#include "ecmascript/object_factory.h"
23
24using namespace panda;
25using namespace panda::ecmascript;
26
27namespace OHOS {
28    void JSValueRefIsSymbolFuzzTest(const uint8_t* data, size_t size)
29    {
30        RuntimeOption option;
31        option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
32        EcmaVM *vm = JSNApi::CreateJSVM(option);
33        if (data == nullptr || size <= 0) {
34            LOG_ECMA(ERROR) << "illegal input!";
35            return;
36        }
37        Local<StringRef> description = StringRef::NewFromUtf8(vm, (char*)data, size);
38        Local<SymbolRef> symbol = SymbolRef::New(vm, description);
39        symbol->IsSymbol(vm);
40        JSNApi::DestroyJSVM(vm);
41    }
42
43    void JSValueRefIsBigIntFuzzTest([[maybe_unused]]const uint8_t* data, size_t size)
44    {
45        RuntimeOption option;
46        option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
47        EcmaVM *vm = JSNApi::CreateJSVM(option);
48        if (size <= 0) {
49            LOG_ECMA(ERROR) << "illegal input!";
50            return;
51        }
52        constexpr int input = 2147483646;
53        Local<IntegerRef> intValue = IntegerRef::New(vm, input);
54        [[maybe_unused]]bool res = intValue->IsBigInt(vm);
55        JSNApi::DestroyJSVM(vm);
56    }
57
58    void JSValueRefIsObjectFuzzTest([[maybe_unused]]const uint8_t* data, size_t size)
59    {
60        RuntimeOption option;
61        option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
62        EcmaVM *vm = JSNApi::CreateJSVM(option);
63        if (size <= 0) {
64            LOG_ECMA(ERROR) << "illegal input!";
65            return;
66        }
67        Local<JSValueRef> res = IntegerRef::New(vm, (int)size);
68        [[maybe_unused]]bool result = res->IsObject(vm);
69        JSNApi::DestroyJSVM(vm);
70    }
71
72    void IsArgumentsObjectFuzzTest([[maybe_unused]]const uint8_t* data, size_t size)
73    {
74        RuntimeOption option;
75        option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
76        EcmaVM *vm = JSNApi::CreateJSVM(option);
77        {
78            JsiFastNativeScope scope(vm);
79            if (size <= 0) {
80                LOG_ECMA(ERROR) << "illegal input!";
81                return;
82            }
83            ObjectFactory *factory = vm->GetFactory();
84            JSHandle<JSArguments> obj = factory->NewJSArguments();
85            JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(obj);
86            JSNApiHelper::ToLocal<ObjectRef>(argumentTag)->IsArgumentsObject(vm);
87        }
88        JSNApi::DestroyJSVM(vm);
89    }
90
91    void IsJSPrimitiveBooleanFuzzTest(const uint8_t* data, size_t size)
92    {
93        RuntimeOption option;
94        option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
95        EcmaVM *vm = JSNApi::CreateJSVM(option);
96        if (data == nullptr || size <= 0) {
97            LOG_ECMA(ERROR) << "illegal input!";
98            return;
99        }
100        int length = size / sizeof(char16_t);
101        Local<StringRef> obj =  StringRef::NewFromUtf16(vm, (char16_t*)data, length);
102        obj->IsJSPrimitiveBoolean(vm);
103        JSNApi::DestroyJSVM(vm);
104    }
105
106    void IsGeneratorFunctionFuzzTest(const uint8_t* data, size_t size)
107    {
108        RuntimeOption option;
109        option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
110        EcmaVM *vm = JSNApi::CreateJSVM(option);
111        if (data == nullptr || size <= 0) {
112            LOG_ECMA(ERROR) << "illegal input!";
113            return;
114        }
115        int length = size / sizeof(char16_t);
116        Local<StringRef> obj = StringRef::NewFromUtf16(vm, (char16_t*)data, length);
117        obj->IsGeneratorFunction(vm);
118        JSNApi::DestroyJSVM(vm);
119    }
120
121    void IsMapIteratorFuzzTest([[maybe_unused]]const uint8_t* data, size_t size)
122    {
123        JSRuntimeOptions option;
124        EcmaVM *vm = JSNApi::CreateEcmaVM(option);
125        if (size <= 0) {
126            LOG_ECMA(ERROR) << "illegal input!";
127            return;
128        }
129        Local<JSValueRef> object = IntegerRef::New(vm, (int)size);
130        object->IsMapIterator(vm);
131        JSNApi::DestroyJSVM(vm);
132    }
133}
134
135// Fuzzer entry point.
136extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
137{
138    // Run your code on data.
139    OHOS::JSValueRefIsSymbolFuzzTest(data, size);
140    OHOS::JSValueRefIsBigIntFuzzTest(data, size);
141    OHOS::JSValueRefIsObjectFuzzTest(data, size);
142    OHOS::IsArgumentsObjectFuzzTest(data, size);
143    OHOS::IsJSPrimitiveBooleanFuzzTest(data, size);
144    OHOS::IsGeneratorFunctionFuzzTest(data, size);
145    OHOS::IsMapIteratorFuzzTest(data, size);
146    return 0;
147}