From 2d25f4f0def12a9bb117ef660717d0bc9c05fa5e Mon Sep 17 00:00:00 2001
From: zhouaoteng <zhouaoteng@huawei.com>
Date: Wed, 17 Apr 2024 09:38:43 +0800
Subject: [PATCH] add fuzz

Signed-off-by: zhouaoteng <zhouaoteng@huawei.com>
---
 test/fuzztest/BUILD.gn                        |   1 +
 .../backupsaincremental_fuzzer/BUILD.gn       |  62 ++++++++++
 .../backupsaincremental_fuzzer.cpp            | 107 ++++++++++++++++++
 .../backupsaincremental_fuzzer.h              |  21 ++++
 .../backupsaincremental_fuzzer/corpus/init    |  16 +++
 .../backupsaincremental_fuzzer/project.xml    |  25 ++++
 6 files changed, 232 insertions(+)
 create mode 100644 test/fuzztest/backupsaincremental_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/backupsaincremental_fuzzer/backupsaincremental_fuzzer.cpp
 create mode 100644 test/fuzztest/backupsaincremental_fuzzer/backupsaincremental_fuzzer.h
 create mode 100644 test/fuzztest/backupsaincremental_fuzzer/corpus/init
 create mode 100644 test/fuzztest/backupsaincremental_fuzzer/project.xml

diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn
index f8e418ac1..68f87058f 100644
--- a/test/fuzztest/BUILD.gn
+++ b/test/fuzztest/BUILD.gn
@@ -20,6 +20,7 @@ group("fuzztest") {
     "backupsa_fuzzer:BackupSaFuzzTest",
     "backupsaanother_fuzzer:BackupSaAnotherFuzzTest",
     "backupsaappend_fuzzer:BackupSaAppendFuzzTest",
+    "backupsaincremental_fuzzer:BackupSaIncrementalFuzzTest",
     "fileshare_fuzzer:FileShareFuzzTest",
     "remotefileshare_fuzzer:RemoteFileShareFuzzTest",
     "servicereverse_fuzzer:ServiceReverseFuzzTest",
diff --git a/test/fuzztest/backupsaincremental_fuzzer/BUILD.gn b/test/fuzztest/backupsaincremental_fuzzer/BUILD.gn
new file mode 100644
index 000000000..030b9fa45
--- /dev/null
+++ b/test/fuzztest/backupsaincremental_fuzzer/BUILD.gn
@@ -0,0 +1,62 @@
+# Copyright (c) 2021-2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/filemanagement/app_file_service/app_file_service.gni")
+import("//foundation/filemanagement/app_file_service/backup.gni")
+
+##############################fuzztest##########################################
+ohos_fuzztest("BackupSaIncrementalFuzzTest") {
+  module_out_path = "app_file_service/app_file_service"
+  fuzz_config_file =
+      "${app_file_service_path}/test/fuzztest/backupsaincremental_fuzzer"
+  include_dirs = [
+    "${app_file_service_path}/services/backup_sa/include/module_ipc",
+    "${app_file_service_path}/services/backup_sa/include",
+    "${app_file_service_path}/interfaces/inner_api/native/backup_kit_inner/impl",
+  ]
+  cflags = [
+    "-Dprivate=public",
+    "-Dprotected=public",
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "backupsaincremental_fuzzer.cpp" ]
+
+  deps = [
+    "${app_file_service_path}/services/backup_sa:backup_sa",
+    "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner",
+    "${path_backup}/utils:backup_utils",
+    "${third_party_path}/bounds_checking_function:libsec_shared",
+  ]
+
+  external_deps = [
+    "ability_runtime:ability_manager",
+    "ability_runtime:abilitykit_native",
+    "c_utils:utils",
+    "file_api:filemgmt_libn",
+    "hilog:libhilog",
+    "ipc:ipc_core",
+    "safwk:system_ability_fwk",
+  ]
+
+  defines = [
+    "LOG_TAG=\"app_file_service\"",
+    "LOG_DOMAIN=0xD200000",
+  ]
+}
+###############################################################################
diff --git a/test/fuzztest/backupsaincremental_fuzzer/backupsaincremental_fuzzer.cpp b/test/fuzztest/backupsaincremental_fuzzer/backupsaincremental_fuzzer.cpp
new file mode 100644
index 000000000..1f7a925b8
--- /dev/null
+++ b/test/fuzztest/backupsaincremental_fuzzer/backupsaincremental_fuzzer.cpp
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "backupsaincremental_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+
+#include <climits>
+#include "message_parcel.h"
+#include "service_stub.h"
+#include "service.h"
+#include "securec.h"
+#include "system_ability.h"
+
+#include "filemgmt_libhilog.h"
+
+using namespace OHOS::FileManagement::Backup;
+
+
+namespace OHOS {
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+constexpr int32_t SERVICE_ID = 5203;
+
+std::shared_ptr<Service> Backupsaincremental = std::make_shared<Service>(SERVICE_ID);
+
+void GetLocalCapabilitiesIncrementalFuzzTest(const uint8_t *data, size_t size)
+{
+    BIncrementalData bundlenames;
+    std::vector<BIncrementalData>bundleNames;
+    bundlenames.bundleName = string(reinterpret_cast<const char *>(data), size);
+    bundlenames.lastIncrementalTime = *(reinterpret_cast<const int64_t *>(data));
+    bundlenames.manifestFd = *(reinterpret_cast<const int32_t *>(data));
+    bundlenames.backupParameters = string(reinterpret_cast<const char *>(data), size);
+    bundlenames.backupPriority = *(reinterpret_cast<const int32_t *>(data));
+    bundleNames.push_back(bundlenames);
+    Backupsaincremental->GetLocalCapabilitiesIncremental(bundleNames);
+}
+
+void AppendBundlesIncrementalBackupSessionFuzzTest(const uint8_t *data, size_t size)
+{
+    BIncrementalData bundlesToBackups;
+    std::vector<BIncrementalData> bundlesToBackup;
+    bundlesToBackups.bundleName = string(reinterpret_cast<const char *>(data), size);
+    bundlesToBackups.lastIncrementalTime = *(reinterpret_cast<const int64_t *>(data));
+    bundlesToBackups.manifestFd = *(reinterpret_cast<const int32_t *>(data));
+    bundlesToBackups.backupParameters = string(reinterpret_cast<const char *>(data), size);
+    bundlesToBackups.backupPriority = *(reinterpret_cast<const int32_t *>(data));
+    bundlesToBackup.push_back(bundlesToBackups);
+    Backupsaincremental->AppendBundlesIncrementalBackupSession(bundlesToBackup);
+}
+
+void PublishIncrementalFileFuzzTest(const uint8_t *data, size_t size)
+{
+    BFileInfo fileInfo;
+    fileInfo.fileName = string(reinterpret_cast<const char *>(data), size);
+    fileInfo.owner = string(reinterpret_cast<const char *>(data), size);
+    fileInfo.sn = *(reinterpret_cast<const int32_t*>(data));
+    Backupsaincremental->PublishIncrementalFile(fileInfo);
+}
+
+void InitIncrementalBackupSessionFuzzTest(const uint8_t *data, size_t size)
+{
+    sptr<IServiceReverse> remote = nullptr;
+    Backupsaincremental->InitIncrementalBackupSession(remote);
+}
+
+void GetIncrementalFileHandleFuzzTest(const uint8_t *data, size_t size)
+{
+    const std::string bundleName(reinterpret_cast<const char*>(data), size);
+    const std::string fileName(reinterpret_cast<const char*>(data), size);
+    Backupsaincremental->GetIncrementalFileHandle(bundleName, fileName);
+}
+} // namespace OHOS
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t dataSize)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (dataSize < OHOS::U32_AT_SIZE || dataSize > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+    OHOS::GetLocalCapabilitiesIncrementalFuzzTest(data, dataSize);
+    OHOS::AppendBundlesIncrementalBackupSessionFuzzTest(data, dataSize);
+    OHOS::PublishIncrementalFileFuzzTest(data, dataSize);
+    OHOS::InitIncrementalBackupSessionFuzzTest(data, dataSize);
+    OHOS::GetIncrementalFileHandleFuzzTest(data, dataSize);
+    return 0;
+}
\ No newline at end of file
diff --git a/test/fuzztest/backupsaincremental_fuzzer/backupsaincremental_fuzzer.h b/test/fuzztest/backupsaincremental_fuzzer/backupsaincremental_fuzzer.h
new file mode 100644
index 000000000..f81ff2fd0
--- /dev/null
+++ b/test/fuzztest/backupsaincremental_fuzzer/backupsaincremental_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef BACKUPSA_FUZZER_H
+#define BACKUPSA_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "BackupSaIncrementalFuzzTest"
+
+#endif
\ No newline at end of file
diff --git a/test/fuzztest/backupsaincremental_fuzzer/corpus/init b/test/fuzztest/backupsaincremental_fuzzer/corpus/init
new file mode 100644
index 000000000..8eb5a7d6e
--- /dev/null
+++ b/test/fuzztest/backupsaincremental_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/backupsaincremental_fuzzer/project.xml b/test/fuzztest/backupsaincremental_fuzzer/project.xml
new file mode 100644
index 000000000..85e7ef2c1
--- /dev/null
+++ b/test/fuzztest/backupsaincremental_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2021 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>