From 452c694c82a05d7a22cada6c3be553538cecdd58 Mon Sep 17 00:00:00 2001 From: flemingYu Date: Fri, 27 May 2022 17:01:23 +0800 Subject: [PATCH 1/3] add fuzz testcase Signed-off-by: flemingYu --- bundle.json | 3 + test/fuzztest/BUILD.gn | 24 +++ test/fuzztest/remotefileshare_fuzzer/BUILD.gn | 36 ++++ .../remotefileshare_fuzzer/corpus/init | 1 + .../remotefileshare_fuzzer/project.xml | 25 +++ .../remotefileshare_fuzzer.cpp | 188 ++++++++++++++++++ .../remotefileshare_fuzzer.h | 24 +++ 7 files changed, 301 insertions(+) create mode 100644 test/fuzztest/BUILD.gn create mode 100644 test/fuzztest/remotefileshare_fuzzer/BUILD.gn create mode 100644 test/fuzztest/remotefileshare_fuzzer/corpus/init create mode 100644 test/fuzztest/remotefileshare_fuzzer/project.xml create mode 100644 test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp create mode 100644 test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.h diff --git a/bundle.json b/bundle.json index 93b2a0e87..273ff2eaf 100644 --- a/bundle.json +++ b/bundle.json @@ -24,6 +24,9 @@ "build": { "sub_component": [ "//foundation/filemanagement/app_file_service:libremotefileshare" + ], + "test": [ + "//foundation/filemanagement/app_file_service/test/fuzztest:fuzztest" ] } } diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn new file mode 100644 index 000000000..1469f019e --- /dev/null +++ b/test/fuzztest/BUILD.gn @@ -0,0 +1,24 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//foundation/appexecfwk/standard/appexecfwk.gni") + +group("fuzztest") { + testonly = true + deps = [] + + deps += [ + # deps file + "//foundation/filemanagement/app_file_service/test/fuzztest/remotefileshare_fuzzer:RemoteFileShareFuzzTest", + ] +} \ No newline at end of file diff --git a/test/fuzztest/remotefileshare_fuzzer/BUILD.gn b/test/fuzztest/remotefileshare_fuzzer/BUILD.gn new file mode 100644 index 000000000..5e9592287 --- /dev/null +++ b/test/fuzztest/remotefileshare_fuzzer/BUILD.gn @@ -0,0 +1,36 @@ +# Copyright (c) 2021 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") + +##############################fuzztest########################################## +ohos_fuzztest("RemoteFileShareFuzzTest") { + module_out_path = "filemanagement/app_file_service" + fuzz_config_file = "//foundation/filemanagement/app_file_service/test/fuzztest/remotefileshare_fuzzer" + include_dirs = [ + ] + cflags = ["-g","-O0","-Wno-unused-variable","-fno-omit-frame-pointer"] + sources = [ + "remotefileshare_fuzzer.cpp", + ] + deps = [ + "//foundation/distributeddatamgr/distributedfile/utils/filemgmt_libn", + "//utils/native/base:utilsecurec" + ] + external_deps = [ "hiviewdfx_hilog_native:libhilog" ] + defines = [ "LOG_TAG=\"app_file_service\"", "LOG_DOMAIN=0xD200000" ] +} +############################################################################### + diff --git a/test/fuzztest/remotefileshare_fuzzer/corpus/init b/test/fuzztest/remotefileshare_fuzzer/corpus/init new file mode 100644 index 000000000..6b7212c8a --- /dev/null +++ b/test/fuzztest/remotefileshare_fuzzer/corpus/init @@ -0,0 +1 @@ +FUZZ \ No newline at end of file diff --git a/test/fuzztest/remotefileshare_fuzzer/project.xml b/test/fuzztest/remotefileshare_fuzzer/project.xml new file mode 100644 index 000000000..85e7ef2c1 --- /dev/null +++ b/test/fuzztest/remotefileshare_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp b/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp new file mode 100644 index 000000000..fa67efc01 --- /dev/null +++ b/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp @@ -0,0 +1,188 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "remotefileshare_fuzzer.h" + +#include +#include + +#include +#include +#include + +#include "securec.h" + +namespace OHOS { +namespace AppFileService { +namespace ModuleRemoteFileShare { +static constexpr int HMDFS_CID_SIZE = 64; +static constexpr unsigned HMDFS_IOC = 0xf2; + +#define HMDFS_IOC_SET_SHARE_PATH _IOW(HMDFS_IOC, 1, struct hmdfs_share_control) + +struct hmdfs_share_control { + int src_fd; + char cid[HMDFS_CID_SIZE]; +}; + +bool ShareFilePathIoctlFdAndCidFuzzTest(const uint8_t* data, size_t size) +{ + struct hmdfs_share_control sc; + int32_t ret = 0; + int32_t dirFd; + const char* sharePath = "/data/storage/el2/distributedfiles/.share"; + + if (size <= 0) { + return false; + } + + if (access(sharePath, F_OK) != 0) { + ret = mkdir(sharePath, S_IRWXU | S_IRWXG | S_IXOTH); + if (ret < 0) { + return false; + } + } + + char *realPath = realpath(sharePath, nullptr); + if (realPath == nullptr) { + return false; + } + dirFd = open(realPath, O_RDONLY); + free(realPath); + if (dirFd < 0) { + return false; + } + + const char* cid = reinterpret_cast(data); + sc.src_fd = size; + if (memcpy_s(sc.cid, HMDFS_CID_SIZE, cid, size) != 0) { + close(dirFd); + return false; + } + + ret = ioctl(dirFd, HMDFS_IOC_SET_SHARE_PATH, &sc); + if (ret < 0) { + close(dirFd); + return false; + } + + return true; +} + +bool ShareFilePathIoctlCidFuzzTest(const uint8_t* data, size_t size) +{ + struct hmdfs_share_control sc; + int32_t ret = 0; + int32_t dirFd; + const char* sharePath = "/data/storage/el2/distributedfiles/.share"; + + if (size <= 0) { + return false; + } + + if (access(sharePath, F_OK) != 0) { + ret = mkdir(sharePath, S_IRWXU | S_IRWXG | S_IXOTH); + if (ret < 0) { + return false; + } + } + + char *realPath = realpath(sharePath, nullptr); + if (realPath == nullptr) { + return false; + } + dirFd = open(realPath, O_RDONLY); + free(realPath); + if (dirFd < 0) { + return false; + } + + const char* srcPath = "/data/service/el2/100/hmdfs/non_account/data/com.ohos.camera"; + int32_t srcFd = open(srcPath, O_RDONLY); + if (srcFd < 0) { + return false; + } + sc.src_fd = size; + const char* cid = reinterpret_cast(data); + if (memcpy_s(sc.cid, HMDFS_CID_SIZE, cid, size) != 0) { + close(dirFd); + return false; + } + + ret = ioctl(dirFd, HMDFS_IOC_SET_SHARE_PATH, &sc); + if (ret < 0) { + close(dirFd); + return false; + } + + return true; +} + +bool ShareFilePathIoctlFdFuzzTest(const uint8_t* data, size_t size) +{ + struct hmdfs_share_control sc; + int32_t ret = 0; + int32_t dirFd; + const char* sharePath = "/data/storage/el2/distributedfiles/.share"; + + if (size <= 0) { + return false; + } + + if (access(sharePath, F_OK) != 0) { + ret = mkdir(sharePath, S_IRWXU | S_IRWXG | S_IXOTH); + if (ret < 0) { + return false; + } + } + + char *realPath = realpath(sharePath, nullptr); + if (realPath == nullptr) { + return false; + } + dirFd = open(realPath, O_RDONLY); + free(realPath); + if (dirFd < 0) { + return false; + } + + const char* cid = "remoteShareFileFuzzTestCidxxx"; + if (memcpy_s(sc.cid, HMDFS_CID_SIZE, cid, strlen(cid)) != 0) { + close(dirFd); + return false; + } + sc.src_fd = size; + + ret = ioctl(dirFd, HMDFS_IOC_SET_SHARE_PATH, &sc); + if (ret < 0) { + close(dirFd); + return false; + } + + return true; +} +} // namespace ModuleRemoteFileShare +} // namespace AppFileService +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::AppFileService::ModuleRemoteFileShare::ShareFilePathIoctlFdFuzzTest(data, size); + OHOS::AppFileService::ModuleRemoteFileShare::ShareFilePathIoctlCidFuzzTest(data, size); + OHOS::AppFileService::ModuleRemoteFileShare::ShareFilePathIoctlFdAndCidFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.h b/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.h new file mode 100644 index 000000000..90adef19d --- /dev/null +++ b/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.h @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2021 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include + +#define FUZZ_PROJECT_NAME "remotefileshare_fuzzer" + -- Gitee From 8cb398ed22504bd495594e2dd97c5715957139f1 Mon Sep 17 00:00:00 2001 From: flemingYu Date: Fri, 27 May 2022 17:19:41 +0800 Subject: [PATCH 2/3] . Signed-off-by: flemingYu --- test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp b/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp index fa67efc01..54f027be8 100644 --- a/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp +++ b/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp @@ -114,7 +114,7 @@ bool ShareFilePathIoctlCidFuzzTest(const uint8_t* data, size_t size) if (srcFd < 0) { return false; } - sc.src_fd = size; + sc.src_fd = srcFd; const char* cid = reinterpret_cast(data); if (memcpy_s(sc.cid, HMDFS_CID_SIZE, cid, size) != 0) { close(dirFd); -- Gitee From 1d47b70050c461fd4b567c0d94151f95f27dfeb2 Mon Sep 17 00:00:00 2001 From: flemingYu Date: Mon, 30 May 2022 19:41:59 +0800 Subject: [PATCH 3/3] for code check Signed-off-by: flemingYu --- BUILD.gn | 2 +- test/fuzztest/BUILD.gn | 4 +--- test/fuzztest/remotefileshare_fuzzer/BUILD.gn | 20 ++++++++++++------- .../remotefileshare_fuzzer/corpus/init | 15 ++++++++++++++ .../remotefileshare_fuzzer.cpp | 10 +++++----- .../remotefileshare_fuzzer.h | 9 +++------ 6 files changed, 38 insertions(+), 22 deletions(-) diff --git a/BUILD.gn b/BUILD.gn index a06550629..1a2830cf6 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Huawei Device Co., Ltd. +# Copyright (c) 2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index 1469f019e..dd4bc44e6 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -11,8 +11,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -import("//foundation/appexecfwk/standard/appexecfwk.gni") - group("fuzztest") { testonly = true deps = [] @@ -21,4 +19,4 @@ group("fuzztest") { # deps file "//foundation/filemanagement/app_file_service/test/fuzztest/remotefileshare_fuzzer:RemoteFileShareFuzzTest", ] -} \ No newline at end of file +} diff --git a/test/fuzztest/remotefileshare_fuzzer/BUILD.gn b/test/fuzztest/remotefileshare_fuzzer/BUILD.gn index 5e9592287..7ef62274c 100644 --- a/test/fuzztest/remotefileshare_fuzzer/BUILD.gn +++ b/test/fuzztest/remotefileshare_fuzzer/BUILD.gn @@ -19,18 +19,24 @@ import("//build/test.gni") ohos_fuzztest("RemoteFileShareFuzzTest") { module_out_path = "filemanagement/app_file_service" fuzz_config_file = "//foundation/filemanagement/app_file_service/test/fuzztest/remotefileshare_fuzzer" - include_dirs = [ - ] - cflags = ["-g","-O0","-Wno-unused-variable","-fno-omit-frame-pointer"] - sources = [ - "remotefileshare_fuzzer.cpp", + include_dirs = [] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", ] + sources = [ "remotefileshare_fuzzer.cpp" ] deps = [ "//foundation/distributeddatamgr/distributedfile/utils/filemgmt_libn", - "//utils/native/base:utilsecurec" + "//utils/native/base:utilsecurec", ] external_deps = [ "hiviewdfx_hilog_native:libhilog" ] - defines = [ "LOG_TAG=\"app_file_service\"", "LOG_DOMAIN=0xD200000" ] + defines = [ + "LOG_TAG=\"app_file_service\"", + "LOG_DOMAIN=0xD200000", + ] } + ############################################################################### diff --git a/test/fuzztest/remotefileshare_fuzzer/corpus/init b/test/fuzztest/remotefileshare_fuzzer/corpus/init index 6b7212c8a..8eb5a7d6e 100644 --- a/test/fuzztest/remotefileshare_fuzzer/corpus/init +++ b/test/fuzztest/remotefileshare_fuzzer/corpus/init @@ -1 +1,16 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + FUZZ \ No newline at end of file diff --git a/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp b/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp index 54f027be8..90f909f0e 100644 --- a/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp +++ b/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Huawei Device Co., Ltd. + * Copyright (c) 2022 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -15,12 +15,12 @@ #include "remotefileshare_fuzzer.h" +#include #include -#include - +#include #include #include -#include +#include #include "securec.h" @@ -114,7 +114,7 @@ bool ShareFilePathIoctlCidFuzzTest(const uint8_t* data, size_t size) if (srcFd < 0) { return false; } - sc.src_fd = srcFd; + sc.src_fd = size; const char* cid = reinterpret_cast(data); if (memcpy_s(sc.cid, HMDFS_CID_SIZE, cid, size) != 0) { close(dirFd); diff --git a/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.h b/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.h index 90adef19d..433624e71 100644 --- a/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.h +++ b/test/fuzztest/remotefileshare_fuzzer/remotefileshare_fuzzer.h @@ -13,12 +13,9 @@ * limitations under the License. */ -#include -#include -#include -#include -#include -#include +#ifndef REMOTEFILESHARE_FUZZER_H +#define REMOTEFILESHARE_FUZZER_H #define FUZZ_PROJECT_NAME "remotefileshare_fuzzer" +#endif \ No newline at end of file -- Gitee