Core-master/test_2fuzz_2banman_8cpp_source.html

 // Copyright (c) 2020-2022 The Bitcoin Core developers

 // Distributed under the MIT software license, see the accompanying

 // file COPYING or http://www.opensource.org/licenses/mit-license.php.


 #include <banman.h>

 #include <common/args.h>

 #include <netaddress.h>

 #include <test/fuzz/FuzzedDataProvider.h>

 #include <test/fuzz/fuzz.h>

 #include <test/fuzz/util.h>

 #include <test/fuzz/util/net.h>

 #include <test/util/setup_common.h>

 #include <util/fs.h>

 #include <util/readwritefile.h>


 #include <cassert>

 #include <cstdint>

 #include <limits>

 #include <string>

 #include <vector>


 namespace {

 int64_t ConsumeBanTimeOffset(FuzzedDataProvider& fuzzed_data_provider) noexcept

 {

     // Avoid signed integer overflow by capping to int32_t max:

     // banman.cpp:137:73: runtime error: signed integer overflow: 1591700817 + 9223372036854775807 cannot be represented in type 'long'

     return fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(std::numeric_limits<int64_t>::min(), std::numeric_limits<int32_t>::max());

 }

 } // namespace


 void initialize_banman()

 {

     static const auto testing_setup = MakeNoLogFileContext<>();

 }


 static bool operator==(const CBanEntry& lhs, const CBanEntry& rhs)

 {

     return lhs.nVersion == rhs.nVersion &&

            lhs.nCreateTime == rhs.nCreateTime &&

            lhs.nBanUntil == rhs.nBanUntil;

 }


 FUZZ_TARGET(banman, .init = initialize_banman)

 {

     FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};

     SetMockTime(ConsumeTime(fuzzed_data_provider));

     fs::path banlist_file = gArgs.GetDataDirNet() / "fuzzed_banlist";


     const bool start_with_corrupted_banlist{fuzzed_data_provider.ConsumeBool()};

     bool force_read_and_write_to_err{false};

     if (start_with_corrupted_banlist) {

         assert(WriteBinaryFile(banlist_file + ".json",

                                fuzzed_data_provider.ConsumeRandomLengthString()));

     } else {

         force_read_and_write_to_err = fuzzed_data_provider.ConsumeBool();

         if (force_read_and_write_to_err) {

             banlist_file = fs::path{"path"} / "to" / "inaccessible" / "fuzzed_banlist";

         }

     }


     {

         BanMan ban_man{banlist_file, /*client_interface=*/nullptr, /*default_ban_time=*/ConsumeBanTimeOffset(fuzzed_data_provider)};

         // The complexity is O(N^2), where N is the input size, because each call

         // might call DumpBanlist (or other methods that are at least linear

         // complexity of the input size).

         bool contains_invalid{false};

         LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 300)

         {

             CallOneOf(

                 fuzzed_data_provider,

                 [&] {

                     CNetAddr net_addr{ConsumeNetAddr(fuzzed_data_provider)};

                     if (!net_addr.IsCJDNS() || !net_addr.IsValid()) {

                         const std::optional<CNetAddr>& addr{LookupHost(net_addr.ToStringAddr(), /*fAllowLookup=*/false)};

                         if (addr.has_value() && addr->IsValid()) {

                             net_addr = *addr;

                         } else {

                             contains_invalid = true;

                         }

                     }

                     ban_man.Ban(net_addr, ConsumeBanTimeOffset(fuzzed_data_provider), fuzzed_data_provider.ConsumeBool());

                 },

                 [&] {

                     CSubNet subnet{ConsumeSubNet(fuzzed_data_provider)};

                     subnet = LookupSubNet(subnet.ToString());

                     if (!subnet.IsValid()) {

                         contains_invalid = true;

                     }

                     ban_man.Ban(subnet, ConsumeBanTimeOffset(fuzzed_data_provider), fuzzed_data_provider.ConsumeBool());

                 },

                 [&] {

                     ban_man.ClearBanned();

                 },

                 [&] {

                     ban_man.IsBanned(ConsumeNetAddr(fuzzed_data_provider));

                 },

                 [&] {

                     ban_man.IsBanned(ConsumeSubNet(fuzzed_data_provider));

                 },

                 [&] {

                     ban_man.Unban(ConsumeNetAddr(fuzzed_data_provider));

                 },

                 [&] {

                     ban_man.Unban(ConsumeSubNet(fuzzed_data_provider));

                 },

                 [&] {

                     banmap_t banmap;

                     ban_man.GetBanned(banmap);

                 },

                 [&] {

                     ban_man.DumpBanlist();

                 },

                 [&] {

                     ban_man.Discourage(ConsumeNetAddr(fuzzed_data_provider));

                 });

         }

         if (!force_read_and_write_to_err) {

             ban_man.DumpBanlist();

             SetMockTime(ConsumeTime(fuzzed_data_provider));

             banmap_t banmap;

             ban_man.GetBanned(banmap);

             BanMan ban_man_read{banlist_file, /*client_interface=*/nullptr, /*default_ban_time=*/0};

             banmap_t banmap_read;

             ban_man_read.GetBanned(banmap_read);

             if (!contains_invalid) {

                 assert(banmap == banmap_read);

             }

         }

     }

     fs::remove(fs::PathToString(banlist_file + ".json"));

 }

FuzzedDataProvider.h

gArgs
ArgsManager gArgs
Definition: args.cpp:41

args.h

banman.h

ArgsManager::GetDataDirNet
fs::path GetDataDirNet() const
Get data directory path with appended network identifier.
Definition: args.h:232

BanMan
Definition: banman.h:59

CBanEntry
Definition: net_types.h:15

CBanEntry::nCreateTime
int64_t nCreateTime
Definition: net_types.h:19

CBanEntry::nVersion
int nVersion
Definition: net_types.h:18

CBanEntry::nBanUntil
int64_t nBanUntil
Definition: net_types.h:20

CNetAddr
Network address.
Definition: netaddress.h:112

CSubNet
Definition: netaddress.h:480

FuzzedDataProvider
Definition: FuzzedDataProvider.h:31

fs::path
Path class wrapper to block calls to the fs::path(std::string) implicit constructor and the fs::path:...
Definition: fs.h:33

fs.h

fuzz.h

LIMITED_WHILE
#define LIMITED_WHILE(condition, limit)
Can be used to limit a theoretically unbounded loop.
Definition: fuzz.h:23

fs::PathToString
static std::string PathToString(const path &path)
Convert path object to a byte string.
Definition: fs.h:151

init
Definition: bitcoin-gui.cpp:17

banmap_t
std::map< CSubNet, CBanEntry > banmap_t
Definition: net_types.h:41

netaddress.h

LookupSubNet
CSubNet LookupSubNet(const std::string &subnet_str)
Parse and resolve a specified subnet string into the appropriate internal representation.
Definition: netbase.cpp:745

LookupHost
std::vector< CNetAddr > LookupHost(const std::string &name, unsigned int nMaxSolutions, bool fAllowLookup, DNSLookupFn dns_lookup_function)
Resolve a host string to its corresponding network addresses.
Definition: netbase.cpp:166

WriteBinaryFile
bool WriteBinaryFile(const fs::path &filename, const std::string &data)
Write contents of std::string to a file.
Definition: readwritefile.cpp:37

readwritefile.h

setup_common.h

initialize_banman
void initialize_banman()
Definition: banman.cpp:31

FUZZ_TARGET
FUZZ_TARGET(banman,.init=initialize_banman)
Definition: banman.cpp:43

operator==
static bool operator==(const CBanEntry &lhs, const CBanEntry &rhs)
Definition: banman.cpp:36

ConsumeNetAddr
CNetAddr ConsumeNetAddr(FuzzedDataProvider &fuzzed_data_provider, FastRandomContext *rand) noexcept
Create a CNetAddr.
Definition: net.cpp:28

net.h

ConsumeSubNet
CSubNet ConsumeSubNet(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: net.h:96

ConsumeTime
int64_t ConsumeTime(FuzzedDataProvider &fuzzed_data_provider, const std::optional< int64_t > &min, const std::optional< int64_t > &max) noexcept
Definition: util.cpp:34

util.h

CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:35

SetMockTime
void SetMockTime(int64_t nMockTimeIn)
DEPRECATED Use SetMockTime with chrono type.
Definition: time.cpp:32

assert
assert(!tx.IsCoinBase())