1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "deeplinkreserveconfig_fuzzer.h"
17 
18 #include <cstddef>
19 #include <cstdint>
20 #include <iostream>
21 
22 #include "securec.h"
23 
24 #define private public
25 #include "deeplink_reserve_config.h"
26 #undef private
27 
28 using json = nlohmann::json;
29 using namespace OHOS::AAFwk;
30 namespace OHOS {
31 namespace {
32 constexpr int INPUT_ZERO = 0;
33 constexpr int INPUT_ONE = 1;
34 constexpr int INPUT_TWO = 2;
35 constexpr int INPUT_THREE = 3;
36 constexpr size_t FOO_MAX_LEN = 1024;
37 constexpr size_t U32_AT_SIZE = 4;
38 constexpr size_t OFFSET_ZERO = 24;
39 constexpr size_t OFFSET_ONE = 16;
40 constexpr size_t OFFSET_TWO = 8;
41 const std::string CONFIG_PATH = "/etc/ability_runtime/deeplink_reserve_config.json";
42 const std::string DEFAULT_RESERVE_CONFIG_PATH = "/system/etc/deeplink_reserve_config.json";
43 const std::string DEEPLINK_RESERVED_URI_NAME = "deepLinkReservedUri";
44 const std::string BUNDLE_NAME = "bundleName";
45 const std::string URIS_NAME = "uris";
46 const std::string SCHEME_NAME = "scheme";
47 const std::string HOST_NAME = "host";
48 const std::string PORT_NAME = "port";
49 const std::string PATH_NAME = "path";
50 const std::string PATH_START_WITH_NAME = "pathStartWith";
51 const std::string PATH_REGEX_NAME = "pathRegex";
52 const std::string TYPE_NAME = "type";
53 const std::string UTD_NAME = "utd";
54 const std::string PORT_SEPARATOR = ":";
55 const std::string SCHEME_SEPARATOR = "://";
56 const std::string PATH_SEPARATOR = "/";
57 const std::string PARAM_SEPARATOR = "?";
58 }
GetU32Data(const char* ptr)59 uint32_t GetU32Data(const char* ptr)
60 {
61     // convert fuzz input data to an integer
62     return (ptr[INPUT_ZERO] << OFFSET_ZERO) | (ptr[INPUT_ONE] << OFFSET_ONE) | (ptr[INPUT_TWO] << OFFSET_TWO) |
63         ptr[INPUT_THREE];
64 }
DoSomethingInterestingWithMyAPI(const char* data, size_t size)65 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
66 {
67     auto &deepLinkReserveConfig = DeepLinkReserveConfig::GetInstance();
68     deepLinkReserveConfig.GetConfigPath();
69     deepLinkReserveConfig.LoadConfiguration();
70     std::string linkString(data, size);
71     std::string bundleName(data, size);
72     deepLinkReserveConfig.isLinkReserved(linkString, bundleName);
73     ReserveUri reservedUri;
74     std::string link(data, size);
75     std::string strParam(data, size);
76     deepLinkReserveConfig.isUriMatched(reservedUri, link);
77     reservedUri.scheme = strParam;
78     deepLinkReserveConfig.isUriMatched(reservedUri, link);
79     reservedUri.host = strParam;
80     deepLinkReserveConfig.isUriMatched(reservedUri, link);
81     reservedUri.port = strParam;
82     deepLinkReserveConfig.isUriMatched(reservedUri, link);
83     reservedUri.path = strParam;
84     deepLinkReserveConfig.isUriMatched(reservedUri, link);
85     reservedUri.pathStartWith = strParam;
86     deepLinkReserveConfig.isUriMatched(reservedUri, link);
87     reservedUri.pathRegex = strParam;
88     deepLinkReserveConfig.isUriMatched(reservedUri, link);
89     std::vector<ReserveUri> uriList;
90     json jsonUriObject;
91     jsonUriObject["SCHEME_NAME"] = SCHEME_NAME;
92     deepLinkReserveConfig.LoadReservedUrilItem(jsonUriObject, uriList);
93     jsonUriObject["HOST_NAME"] = HOST_NAME;
94     deepLinkReserveConfig.LoadReservedUrilItem(jsonUriObject, uriList);
95     jsonUriObject["PORT_NAME"] = PORT_NAME;
96     deepLinkReserveConfig.LoadReservedUrilItem(jsonUriObject, uriList);
97     jsonUriObject["PATH_NAME"] = PATH_NAME;
98     deepLinkReserveConfig.LoadReservedUrilItem(jsonUriObject, uriList);
99     jsonUriObject["PATH_START_WITH_NAME"] = PATH_START_WITH_NAME;
100     deepLinkReserveConfig.LoadReservedUrilItem(jsonUriObject, uriList);
101     jsonUriObject["PATH_REGEX_NAME"] = PATH_REGEX_NAME;
102     deepLinkReserveConfig.LoadReservedUrilItem(jsonUriObject, uriList);
103     jsonUriObject["TYPE_NAME"] = TYPE_NAME;
104     deepLinkReserveConfig.LoadReservedUrilItem(jsonUriObject, uriList);
105     jsonUriObject["UTD_NAME"] = UTD_NAME;
106     deepLinkReserveConfig.LoadReservedUrilItem(jsonUriObject, uriList);
107     return true;
108 }
109 
DoSomethingInterestingWithMyAPIOne(const char* data, size_t size)110 bool DoSomethingInterestingWithMyAPIOne(const char* data, size_t size)
111 {
112     auto &deepLinkReserveConfig1 = DeepLinkReserveConfig::GetInstance();
113     std::string filePath(data, size);
114     json jsonBuf;
115     deepLinkReserveConfig1.ReadFileInfoJson(filePath, jsonBuf);
116     json object;
117     deepLinkReserveConfig1.LoadReservedUriList(object);
118     object["DEEPLINK_RESERVED_URI_NAME"] = DEEPLINK_RESERVED_URI_NAME;
119     deepLinkReserveConfig1.LoadReservedUriList(object);
120     int32_t userId = static_cast<int32_t>(GetU32Data(data));
121     object["BUNDLE_NAME"] = userId;
122     deepLinkReserveConfig1.LoadReservedUriList(object);
123     object["BUNDLE_NAME"] = BUNDLE_NAME;
124     deepLinkReserveConfig1.LoadReservedUriList(object);
125     json uriArray = { "uri1", "uri2", "uri3" };
126     object["URIS_NAME"] = uriArray;
127     deepLinkReserveConfig1.LoadReservedUriList(object);
128     object["URIS_NAME"] = URIS_NAME;
129     deepLinkReserveConfig1.LoadReservedUriList(object);
130     return true;
131 }
132 }
133 
134 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)135 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
136 {
137     /* Run your code on data */
138     if (data == nullptr) {
139         std::cout << "invalid data" << std::endl;
140         return 0;
141     }
142 
143     /* Validate the length of size */
144     if (size > OHOS::FOO_MAX_LEN || size < OHOS::U32_AT_SIZE) {
145         return 0;
146     }
147 
148     char* ch = (char*)malloc(size + 1);
149     if (ch == nullptr) {
150         std::cout << "malloc failed." << std::endl;
151         return 0;
152     }
153 
154     (void)memset_s(ch, size + 1, 0x00, size + 1);
155     if (memcpy_s(ch, size + 1, data, size) != EOK) {
156         std::cout << "copy failed." << std::endl;
157         free(ch);
158         ch = nullptr;
159         return 0;
160     }
161 
162     OHOS::DoSomethingInterestingWithMyAPI(ch, size);
163     OHOS::DoSomethingInterestingWithMyAPIOne(ch, size);
164     free(ch);
165     ch = nullptr;
166     return 0;
167 }
168 
169