1/* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16#include "publicapilocalregexpref_fuzzer.h" 17#include "ecmascript/base/string_helper.h" 18#include "ecmascript/global_env.h" 19#include "ecmascript/js_regexp.h" 20#include "ecmascript/napi/include/jsnapi.h" 21#include "ecmascript/napi/jsnapi_helper.h" 22 23using namespace panda; 24using namespace panda::ecmascript; 25 26namespace OHOS { 27void LocalRegExpGetOriginalSourceFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 28{ 29 RuntimeOption option; 30 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 31 EcmaVM *vm = JSNApi::CreateJSVM(option); 32 { 33 JsiFastNativeScope scope(vm); 34 if (size <= 0) { 35 LOG_ECMA(ERROR) << "illegal input!"; 36 return; 37 } 38 JSThread *thread = vm->GetJSThread(); 39 ObjectFactory *factory = vm->GetFactory(); 40 auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 41 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 42 JSHandle<JSHClass> jSRegExpClass = factory->NewEcmaHClass(JSRegExp::SIZE, JSType::JS_REG_EXP, proto); 43 JSHandle<JSRegExp> jSRegExp = JSHandle<JSRegExp>::Cast(factory->NewJSObject(jSRegExpClass)); 44 jSRegExp->SetByteCodeBuffer(thread, JSTaggedValue::Undefined()); 45 jSRegExp->SetOriginalSource(thread, JSTaggedValue::Undefined()); 46 jSRegExp->SetGroupName(thread, JSTaggedValue::Undefined()); 47 jSRegExp->SetOriginalFlags(thread, JSTaggedValue(0)); 48 jSRegExp->SetLength(0); 49 JSHandle<JSTaggedValue> jsregtag = JSHandle<JSTaggedValue>::Cast(jSRegExp); 50 Local<RegExpRef> object = JSNApiHelper::ToLocal<RegExpRef>(jsregtag); 51 object->GetOriginalSource(vm); 52 } 53 JSNApi::DestroyJSVM(vm); 54} 55 56void LocalRegExpRefGetOriginalFlagsFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 57{ 58 RuntimeOption option; 59 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 60 EcmaVM *vm = JSNApi::CreateJSVM(option); 61 { 62 JsiFastNativeScope scope(vm); 63 if (size <= 0) { 64 LOG_ECMA(ERROR) << "illegal input!"; 65 return; 66 } 67 JSThread *thread = vm->GetJSThread(); 68 ObjectFactory *factory = vm->GetFactory(); 69 auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 70 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 71 JSHandle<JSHClass> jSRegExpClass = factory->NewEcmaHClass(JSRegExp::SIZE, JSType::JS_REG_EXP, proto); 72 JSHandle<JSRegExp> jSRegExp = JSHandle<JSRegExp>::Cast(factory->NewJSObject(jSRegExpClass)); 73 jSRegExp->SetByteCodeBuffer(thread, JSTaggedValue::Undefined()); 74 jSRegExp->SetOriginalSource(thread, JSTaggedValue::Undefined()); 75 jSRegExp->SetGroupName(thread, JSTaggedValue::Undefined()); 76 jSRegExp->SetOriginalFlags(thread, JSTaggedValue(0)); 77 jSRegExp->SetLength(0); 78 JSHandle<JSTaggedValue> jsregtag = JSHandle<JSTaggedValue>::Cast(jSRegExp); 79 Local<RegExpRef> object = JSNApiHelper::ToLocal<RegExpRef>(jsregtag); 80 object->GetOriginalFlags(vm); 81 } 82 JSNApi::DestroyJSVM(vm); 83} 84 85void LocalRegExpIsGlobalRefFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 86{ 87 RuntimeOption option; 88 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 89 EcmaVM *vm = JSNApi::CreateJSVM(option); 90 { 91 JsiFastNativeScope scope(vm); 92 if (size <= 0) { 93 LOG_ECMA(ERROR) << "illegal input!"; 94 return; 95 } 96 JSThread *thread = vm->GetJSThread(); 97 auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 98 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 99 JSHandle<JSGlobalObject> globalObject = JSHandle<JSGlobalObject>::Cast(proto); 100 JSHandle<JSTaggedValue> jsregtag = JSHandle<JSTaggedValue>::Cast(globalObject); 101 Local<RegExpRef> object = JSNApiHelper::ToLocal<RegExpRef>(jsregtag); 102 object->IsGlobal(vm); 103 } 104 JSNApi::DestroyJSVM(vm); 105} 106 107void LocalRegExpIsIgnoreCaseFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 108{ 109 RuntimeOption option; 110 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 111 EcmaVM *vm = JSNApi::CreateJSVM(option); 112 { 113 JsiFastNativeScope scope(vm); 114 if (size <= 0) { 115 LOG_ECMA(ERROR) << "illegal input!"; 116 return; 117 } 118 JSThread *thread = vm->GetJSThread(); 119 ObjectFactory *factory = vm->GetFactory(); 120 auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 121 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 122 JSHandle<JSHClass> jSRegExpClass = factory->NewEcmaHClass(JSRegExp::SIZE, JSType::JS_REG_EXP, proto); 123 JSHandle<JSRegExp> jSRegExp = JSHandle<JSRegExp>::Cast(factory->NewJSObject(jSRegExpClass)); 124 JSHandle<JSTaggedValue> jsregtag = JSHandle<JSTaggedValue>::Cast(jSRegExp); 125 Local<RegExpRef> object = JSNApiHelper::ToLocal<RegExpRef>(jsregtag); 126 object->IsIgnoreCase(vm); 127 } 128 JSNApi::DestroyJSVM(vm); 129} 130 131void LocalRegExpIsMultilineFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 132{ 133 RuntimeOption option; 134 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 135 EcmaVM *vm = JSNApi::CreateJSVM(option); 136 { 137 JsiFastNativeScope scope(vm); 138 if (size <= 0) { 139 LOG_ECMA(ERROR) << "illegal input!"; 140 return; 141 } 142 JSThread *thread = vm->GetJSThread(); 143 ObjectFactory *factory = vm->GetFactory(); 144 auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 145 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 146 JSHandle<JSHClass> jSRegExpClass = factory->NewEcmaHClass(JSRegExp::SIZE, JSType::JS_REG_EXP, proto); 147 JSHandle<JSRegExp> jSRegExp = JSHandle<JSRegExp>::Cast(factory->NewJSObject(jSRegExpClass)); 148 JSHandle<JSTaggedValue> jsregtag = JSHandle<JSTaggedValue>::Cast(jSRegExp); 149 Local<RegExpRef> object = JSNApiHelper::ToLocal<RegExpRef>(jsregtag); 150 object->IsMultiline(vm); 151 } 152 JSNApi::DestroyJSVM(vm); 153} 154 155void LocalRegExpIsDotAllFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 156{ 157 RuntimeOption option; 158 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 159 EcmaVM *vm = JSNApi::CreateJSVM(option); 160 { 161 JsiFastNativeScope scope(vm); 162 if (size <= 0) { 163 LOG_ECMA(ERROR) << "illegal input!"; 164 return; 165 } 166 JSThread *thread = vm->GetJSThread(); 167 ObjectFactory *factory = vm->GetFactory(); 168 auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 169 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 170 JSHandle<JSHClass> jSRegExpClass = factory->NewEcmaHClass(JSRegExp::SIZE, JSType::JS_REG_EXP, proto); 171 JSHandle<JSRegExp> jSRegExp = JSHandle<JSRegExp>::Cast(factory->NewJSObject(jSRegExpClass)); 172 JSHandle<JSTaggedValue> jsregtag = JSHandle<JSTaggedValue>::Cast(jSRegExp); 173 Local<RegExpRef> object = JSNApiHelper::ToLocal<RegExpRef>(jsregtag); 174 object->IsDotAll(vm); 175 } 176 JSNApi::DestroyJSVM(vm); 177} 178 179void LocalRegExpIsUtf16FuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 180{ 181 RuntimeOption option; 182 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 183 EcmaVM *vm = JSNApi::CreateJSVM(option); 184 { 185 JsiFastNativeScope scope(vm); 186 if (size <= 0) { 187 LOG_ECMA(ERROR) << "illegal input!"; 188 return; 189 } 190 JSThread *thread = vm->GetJSThread(); 191 ObjectFactory *factory = vm->GetFactory(); 192 auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 193 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 194 JSHandle<JSHClass> jSRegExpClass = factory->NewEcmaHClass(JSRegExp::SIZE, JSType::JS_REG_EXP, proto); 195 JSHandle<JSRegExp> jSRegExp = JSHandle<JSRegExp>::Cast(factory->NewJSObject(jSRegExpClass)); 196 JSHandle<JSTaggedValue> jsregtag = JSHandle<JSTaggedValue>::Cast(jSRegExp); 197 Local<RegExpRef> object = JSNApiHelper::ToLocal<RegExpRef>(jsregtag); 198 object->IsUtf16(vm); 199 } 200 JSNApi::DestroyJSVM(vm); 201} 202 203void LocalRegExpIsSticklFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 204{ 205 RuntimeOption option; 206 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 207 EcmaVM *vm = JSNApi::CreateJSVM(option); 208 { 209 JsiFastNativeScope scope(vm); 210 if (size <= 0) { 211 LOG_ECMA(ERROR) << "illegal input!"; 212 return; 213 } 214 JSThread *thread = vm->GetJSThread(); 215 ObjectFactory *factory = vm->GetFactory(); 216 auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 217 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 218 JSHandle<JSHClass> jSRegExpClass = factory->NewEcmaHClass(JSRegExp::SIZE, JSType::JS_REG_EXP, proto); 219 JSHandle<JSRegExp> jSRegExp = JSHandle<JSRegExp>::Cast(factory->NewJSObject(jSRegExpClass)); 220 JSHandle<JSTaggedValue> jsregtag = JSHandle<JSTaggedValue>::Cast(jSRegExp); 221 Local<RegExpRef> object = JSNApiHelper::ToLocal<RegExpRef>(jsregtag); 222 object->IsStick(vm); 223 } 224 JSNApi::DestroyJSVM(vm); 225} 226} 227 228// Fuzzer entry point. 229extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 230{ 231 // Run your code on data. 232 OHOS::LocalRegExpGetOriginalSourceFuzzTest(data, size); 233 OHOS::LocalRegExpRefGetOriginalFlagsFuzzTest(data, size); 234 OHOS::LocalRegExpIsGlobalRefFuzzTest(data, size); 235 OHOS::LocalRegExpIsIgnoreCaseFuzzTest(data, size); 236 OHOS::LocalRegExpIsMultilineFuzzTest(data, size); 237 OHOS::LocalRegExpIsDotAllFuzzTest(data, size); 238 OHOS::LocalRegExpIsUtf16FuzzTest(data, size); 239 OHOS::LocalRegExpIsSticklFuzzTest(data, size); 240 return 0; 241}