1/*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15#include "fuzzer/FuzzedDataProvider.h"
16#include "scan_manager_client.h"
17#include "scan_callback.h"
18#include "scanner_info.h"
19#include "scancallback_fuzzer.h"
20
21namespace OHOS::Scan {
22constexpr uint8_t MAX_STRING_LENGTH = 255;
23constexpr int MAX_SET_NUMBER = 100;
24constexpr size_t FOO_MAX_LEN = 1024;
25constexpr size_t U32_AT_SIZE = 4;
26
27void TestSetCallbackParam(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
28{
29    CallbackParam param;
30    std::mutex mutex;
31    napi_env env = nullptr;
32    napi_ref ref = nullptr;
33    param.InitialCallbackParam(env, ref, mutex);
34    uint32_t state = dataProvider->ConsumeIntegralInRange<uint32_t>(0, MAX_SET_NUMBER);
35    ScanDeviceInfoTCP tcpInfo;
36    param.SetCallbackParam(state, tcpInfo);
37}
38
39void TestSetCallbackSyncParam(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
40{
41    CallbackParam param;
42    std::mutex mutex;
43    napi_env env = nullptr;
44    napi_ref ref = nullptr;
45    param.InitialCallbackParam(env, ref, mutex);
46    uint32_t state = dataProvider->ConsumeIntegralInRange<uint32_t>(0, MAX_SET_NUMBER);
47    ScanDeviceInfoSync syncInfo;
48    param.SetCallbackSyncParam(state, syncInfo);
49}
50
51void TestOnCallback(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
52{
53    napi_env env = nullptr;
54    napi_ref ref = nullptr;
55    ScanCallback callBack(env, ref);
56    uint32_t state = dataProvider->ConsumeIntegralInRange<uint32_t>(0, MAX_SET_NUMBER);
57    ScanDeviceInfoTCP tcpInfo;
58    callBack.OnCallback(state, tcpInfo);
59    ScanDeviceInfo deviceInfo;
60    callBack.OnCallback(state, deviceInfo);
61}
62
63void TestOnCallbackSync(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
64{
65    napi_env env = nullptr;
66    napi_ref ref = nullptr;
67    ScanCallback callBack(env, ref);
68    std::mutex mutex;
69    uint32_t state = dataProvider->ConsumeIntegralInRange<uint32_t>(0, MAX_SET_NUMBER);
70    ScanDeviceInfoSync syncInfo;
71    callBack.OnCallbackSync(state, syncInfo);
72}
73
74void TestOnGetFrameResCallback(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
75{
76    napi_env env = nullptr;
77    napi_ref ref = nullptr;
78    ScanCallback callBack(env, ref);
79    bool isGetSucc = dataProvider->ConsumeBool();
80    int32_t sizeRead = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
81    callBack.OnGetFrameResCallback(isGetSucc, sizeRead);
82}
83
84void TestOnScanInitCallback(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
85{
86    napi_env env = nullptr;
87    napi_ref ref = nullptr;
88    ScanCallback callBack(env, ref);
89    int32_t scanVersion = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
90    callBack.OnScanInitCallback(scanVersion);
91}
92
93void TestOnSendSearchMessage(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
94{
95    napi_env env = nullptr;
96    napi_ref ref = nullptr;
97    ScanCallback callBack(env, ref);
98    std::string message = dataProvider->ConsumeRandomLengthString(MAX_STRING_LENGTH);
99    callBack.OnSendSearchMessage(message);
100}
101
102void TestOnGetDevicesList(const uint8_t* data, size_t size, FuzzedDataProvider* dataProvider)
103{
104    napi_env env = nullptr;
105    napi_ref ref = nullptr;
106    ScanCallback callBack(env, ref);
107    int32_t infoSize = dataProvider->ConsumeIntegralInRange<int32_t>(0, MAX_SET_NUMBER);
108    std::vector<ScanDeviceInfo> infos(infoSize);
109    callBack.OnGetDevicesList(infos);
110}
111
112}
113
114/* Fuzzer entry point */
115extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
116{
117    if (data == nullptr) {
118        return 0;
119    }
120
121    if (size < OHOS::Scan::U32_AT_SIZE || size > OHOS::Scan::FOO_MAX_LEN) {
122        return 0;
123    }
124    FuzzedDataProvider dataProvider(data, size);
125    OHOS::Scan::TestSetCallbackParam(data, size, &dataProvider);
126    OHOS::Scan::TestSetCallbackSyncParam(data, size, &dataProvider);
127    OHOS::Scan::TestOnCallback(data, size, &dataProvider);
128    OHOS::Scan::TestOnCallbackSync(data, size, &dataProvider);
129    OHOS::Scan::TestOnGetFrameResCallback(data, size, &dataProvider);
130    OHOS::Scan::TestOnScanInitCallback(data, size, &dataProvider);
131    OHOS::Scan::TestOnSendSearchMessage(data, size, &dataProvider);
132    OHOS::Scan::TestOnGetDevicesList(data, size, &dataProvider);
133
134    return 0;
135}
136
137