bitcoin-bitcoin-core/src/test/fuzz/banman.cpp

// Copyright (c) 2020-2021 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#include <banman.h>
#include <fs.h>
#include <netaddress.h>
#include <test/fuzz/FuzzedDataProvider.h>
#include <test/fuzz/fuzz.h>
#include <test/fuzz/util.h>
#include <test/util/setup_common.h>
#include <util/readwritefile.h>
#include <util/system.h>

#include <cassert>
#include <cstdint>
#include <limits>
#include <string>
#include <vector>

namespace {
int64_t ConsumeBanTimeOffset(FuzzedDataProvider& fuzzed_data_provider) noexcept
{
    // Avoid signed integer overflow by capping to int32_t max:
    // banman.cpp:137:73: runtime error: signed integer overflow: 1591700817 + 9223372036854775807 cannot be represented in type 'long'
    return fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(std::numeric_limits<int64_t>::min(), std::numeric_limits<int32_t>::max());
}
} // namespace

void initialize_banman()
{
    static const auto testing_setup = MakeNoLogFileContext<>();
}

static bool operator==(const CBanEntry& lhs, const CBanEntry& rhs)
{
    return lhs.nVersion == rhs.nVersion &&
           lhs.nCreateTime == rhs.nCreateTime &&
           lhs.nBanUntil == rhs.nBanUntil;
}

FUZZ_TARGET_INIT(banman, initialize_banman)
{
    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
    SetMockTime(ConsumeTime(fuzzed_data_provider));
    fs::path banlist_file = gArgs.GetDataDirNet() / "fuzzed_banlist";

    const bool start_with_corrupted_banlist{fuzzed_data_provider.ConsumeBool()};
    bool force_read_and_write_to_err{false};
    if (start_with_corrupted_banlist) {
        assert(WriteBinaryFile(banlist_file.string() + ".json",
                               fuzzed_data_provider.ConsumeRandomLengthString()));
    } else {
        force_read_and_write_to_err = fuzzed_data_provider.ConsumeBool();
        if (force_read_and_write_to_err) {
            banlist_file = fs::path{"path"} / "to" / "inaccessible" / "fuzzed_banlist";
        }
    }

    {
        BanMan ban_man{banlist_file, /* client_interface */ nullptr, /* default_ban_time */ ConsumeBanTimeOffset(fuzzed_data_provider)};
        // The complexity is O(N^2), where N is the input size, because each call
        // might call DumpBanlist (or other methods that are at least linear
        // complexity of the input size).
        LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 300)
        {
            CallOneOf(
                fuzzed_data_provider,
                [&] {
                    ban_man.Ban(ConsumeNetAddr(fuzzed_data_provider),
                                ConsumeBanTimeOffset(fuzzed_data_provider), fuzzed_data_provider.ConsumeBool());
                },
                [&] {
                    ban_man.Ban(ConsumeSubNet(fuzzed_data_provider),
                                ConsumeBanTimeOffset(fuzzed_data_provider), fuzzed_data_provider.ConsumeBool());
                },
                [&] {
                    ban_man.ClearBanned();
                },
                [&] {
                    ban_man.IsBanned(ConsumeNetAddr(fuzzed_data_provider));
                },
                [&] {
                    ban_man.IsBanned(ConsumeSubNet(fuzzed_data_provider));
                },
                [&] {
                    ban_man.Unban(ConsumeNetAddr(fuzzed_data_provider));
                },
                [&] {
                    ban_man.Unban(ConsumeSubNet(fuzzed_data_provider));
                },
                [&] {
                    banmap_t banmap;
                    ban_man.GetBanned(banmap);
                },
                [&] {
                    ban_man.DumpBanlist();
                },
                [&] {
                    ban_man.Discourage(ConsumeNetAddr(fuzzed_data_provider));
                });
        }
        if (!force_read_and_write_to_err) {
            ban_man.DumpBanlist();
            SetMockTime(ConsumeTime(fuzzed_data_provider));
            banmap_t banmap;
            ban_man.GetBanned(banmap);
            BanMan ban_man_read{banlist_file, /* client_interface */ nullptr, /* default_ban_time */ 0};
            banmap_t banmap_read;
            ban_man_read.GetBanned(banmap_read);
            assert(banmap == banmap_read);
        }
    }
    fs::remove(banlist_file.string() + ".json");
}
scripted-diff: Rename MakeFuzzingContext to MakeNoLogFileContext -BEGIN VERIFY SCRIPT- # Rename sed -i -e 's/MakeFuzzingContext/MakeNoLogFileContext/g' $(git grep -l MakeFuzzingContext) # Bump the copyright of touched files in this scripted diff to avoid touching them again later ./contrib/devtools/copyright_header.py update ./src/test/fuzz/ -END VERIFY SCRIPT- 2021-01-25 12:23:45 +01:00			`// Copyright (c) 2020-2021 The Bitcoin Core developers`
tests: Add fuzzing harness for BanMan 2020-06-09 11:16:13 +00:00			`// Distributed under the MIT software license, see the accompanying`
			`// file COPYING or http://www.opensource.org/licenses/mit-license.php.`

			`#include <banman.h>`
			`#include <fs.h>`
			`#include <netaddress.h>`
			`#include <test/fuzz/FuzzedDataProvider.h>`
			`#include <test/fuzz/fuzz.h>`
			`#include <test/fuzz/util.h>`
Move MakeNoLogFileContext to common libtest_util, and use it in bench Can be reviewed with --color-moved=dimmed-zebra 2021-01-25 12:22:03 +01:00			`#include <test/util/setup_common.h>`
banman: save the banlist in a JSON format on disk Save the banlist in `banlist.json` instead of `banlist.dat`. This makes it possible to store Tor v3 entries in the banlist on disk (and any other addresses that cannot be serialized in addrv1 format). Only read `banlist.dat` if it exists and `banlist.json` does not exist (first start after an upgrade). Supersedes https://github.com/bitcoin/bitcoin/pull/20904 Resolves https://github.com/bitcoin/bitcoin/issues/19748 2021-01-14 09:33:04 +01:00			`#include <util/readwritefile.h>`
tests: Add fuzzing harness for BanMan 2020-06-09 11:16:13 +00:00			`#include <util/system.h>`

banman: save the banlist in a JSON format on disk Save the banlist in `banlist.json` instead of `banlist.dat`. This makes it possible to store Tor v3 entries in the banlist on disk (and any other addresses that cannot be serialized in addrv1 format). Only read `banlist.dat` if it exists and `banlist.json` does not exist (first start after an upgrade). Supersedes https://github.com/bitcoin/bitcoin/pull/20904 Resolves https://github.com/bitcoin/bitcoin/issues/19748 2021-01-14 09:33:04 +01:00			`#include <cassert>`
tests: Add fuzzing harness for BanMan 2020-06-09 11:16:13 +00:00			`#include <cstdint>`
			`#include <limits>`
			`#include <string>`
			`#include <vector>`

			`namespace {`
			`int64_t ConsumeBanTimeOffset(FuzzedDataProvider& fuzzed_data_provider) noexcept`
			`{`
			`// Avoid signed integer overflow by capping to int32_t max:`
			`// banman.cpp:137:73: runtime error: signed integer overflow: 1591700817 + 9223372036854775807 cannot be represented in type 'long'`
			`return fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(std::numeric_limits<int64_t>::min(), std::numeric_limits<int32_t>::max());`
			`}`
			`} // namespace`

fuzz: Link all targets once 2020-12-03 16:42:49 +01:00			`void initialize_banman()`
tests: Add fuzzing harness for BanMan 2020-06-09 11:16:13 +00:00			`{`
scripted-diff: Rename MakeFuzzingContext to MakeNoLogFileContext -BEGIN VERIFY SCRIPT- # Rename sed -i -e 's/MakeFuzzingContext/MakeNoLogFileContext/g' $(git grep -l MakeFuzzingContext) # Bump the copyright of touched files in this scripted diff to avoid touching them again later ./contrib/devtools/copyright_header.py update ./src/test/fuzz/ -END VERIFY SCRIPT- 2021-01-25 12:23:45 +01:00			`static const auto testing_setup = MakeNoLogFileContext<>();`
tests: Add fuzzing harness for BanMan 2020-06-09 11:16:13 +00:00			`}`

fuzz: Check banman roundtrip 2021-06-23 13:28:30 +02:00			`static bool operator==(const CBanEntry& lhs, const CBanEntry& rhs)`
			`{`
			`return lhs.nVersion == rhs.nVersion &&`
			`lhs.nCreateTime == rhs.nCreateTime &&`
			`lhs.nBanUntil == rhs.nBanUntil;`
			`}`

fuzz: Link all targets once 2020-12-03 16:42:49 +01:00			`FUZZ_TARGET_INIT(banman, initialize_banman)`
tests: Add fuzzing harness for BanMan 2020-06-09 11:16:13 +00:00			`{`
			`FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};`
fuzz: Avoid time-based "non-determinism" in fuzzing harnesses by using mocked GetTime() 2020-11-19 21:25:14 +00:00			`SetMockTime(ConsumeTime(fuzzed_data_provider));`
banman: save the banlist in a JSON format on disk Save the banlist in `banlist.json` instead of `banlist.dat`. This makes it possible to store Tor v3 entries in the banlist on disk (and any other addresses that cannot be serialized in addrv1 format). Only read `banlist.dat` if it exists and `banlist.json` does not exist (first start after an upgrade). Supersedes https://github.com/bitcoin/bitcoin/pull/20904 Resolves https://github.com/bitcoin/bitcoin/issues/19748 2021-01-14 09:33:04 +01:00			`fs::path banlist_file = gArgs.GetDataDirNet() / "fuzzed_banlist";`

			`const bool start_with_corrupted_banlist{fuzzed_data_provider.ConsumeBool()};`
fuzz: Check banman roundtrip 2021-06-23 13:28:30 +02:00			`bool force_read_and_write_to_err{false};`
banman: save the banlist in a JSON format on disk Save the banlist in `banlist.json` instead of `banlist.dat`. This makes it possible to store Tor v3 entries in the banlist on disk (and any other addresses that cannot be serialized in addrv1 format). Only read `banlist.dat` if it exists and `banlist.json` does not exist (first start after an upgrade). Supersedes https://github.com/bitcoin/bitcoin/pull/20904 Resolves https://github.com/bitcoin/bitcoin/issues/19748 2021-01-14 09:33:04 +01:00			`if (start_with_corrupted_banlist) {`
Ignore banlist.dat This also allows to remove the "dirty" argument, which can now be deduced from the return value of Read(). 2021-07-28 20:00:23 +02:00			`assert(WriteBinaryFile(banlist_file.string() + ".json",`
banman: save the banlist in a JSON format on disk Save the banlist in `banlist.json` instead of `banlist.dat`. This makes it possible to store Tor v3 entries in the banlist on disk (and any other addresses that cannot be serialized in addrv1 format). Only read `banlist.dat` if it exists and `banlist.json` does not exist (first start after an upgrade). Supersedes https://github.com/bitcoin/bitcoin/pull/20904 Resolves https://github.com/bitcoin/bitcoin/issues/19748 2021-01-14 09:33:04 +01:00			`fuzzed_data_provider.ConsumeRandomLengthString()));`
			`} else {`
fuzz: Check banman roundtrip 2021-06-23 13:28:30 +02:00			`force_read_and_write_to_err = fuzzed_data_provider.ConsumeBool();`
banman: save the banlist in a JSON format on disk Save the banlist in `banlist.json` instead of `banlist.dat`. This makes it possible to store Tor v3 entries in the banlist on disk (and any other addresses that cannot be serialized in addrv1 format). Only read `banlist.dat` if it exists and `banlist.json` does not exist (first start after an upgrade). Supersedes https://github.com/bitcoin/bitcoin/pull/20904 Resolves https://github.com/bitcoin/bitcoin/issues/19748 2021-01-14 09:33:04 +01:00			`if (force_read_and_write_to_err) {`
			`banlist_file = fs::path{"path"} / "to" / "inaccessible" / "fuzzed_banlist";`
			`}`
			`}`

tests: Add fuzzing harness for BanMan 2020-06-09 11:16:13 +00:00			`{`
fuzz: Check banman roundtrip 2021-06-23 13:28:30 +02:00			`BanMan ban_man{banlist_file, /* client_interface / nullptr, / default_ban_time */ ConsumeBanTimeOffset(fuzzed_data_provider)};`
fuzz: Use LIMITED_WHILE instead of limit_max_ops 2021-08-21 19:34:13 +02:00			`// The complexity is O(N^2), where N is the input size, because each call`
			`// might call DumpBanlist (or other methods that are at least linear`
			`// complexity of the input size).`
			`LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 300)`
			`{`
fuzz: Introduce CallOneOf helper to replace switch-case Can be reviewed with --ignore-all-space 2021-01-02 13:38:14 +01:00			`CallOneOf(`
			`fuzzed_data_provider,`
			`[&] {`
			`ban_man.Ban(ConsumeNetAddr(fuzzed_data_provider),`
			`ConsumeBanTimeOffset(fuzzed_data_provider), fuzzed_data_provider.ConsumeBool());`
			`},`
			`[&] {`
			`ban_man.Ban(ConsumeSubNet(fuzzed_data_provider),`
			`ConsumeBanTimeOffset(fuzzed_data_provider), fuzzed_data_provider.ConsumeBool());`
			`},`
			`[&] {`
			`ban_man.ClearBanned();`
			`},`
			`[&] {`
			`ban_man.IsBanned(ConsumeNetAddr(fuzzed_data_provider));`
			`},`
			`[&] {`
			`ban_man.IsBanned(ConsumeSubNet(fuzzed_data_provider));`
			`},`
			`[&] {`
			`ban_man.Unban(ConsumeNetAddr(fuzzed_data_provider));`
			`},`
			`[&] {`
			`ban_man.Unban(ConsumeSubNet(fuzzed_data_provider));`
			`},`
			`[&] {`
			`banmap_t banmap;`
			`ban_man.GetBanned(banmap);`
			`},`
			`[&] {`
			`ban_man.DumpBanlist();`
			`},`
			`[&] {`
			`ban_man.Discourage(ConsumeNetAddr(fuzzed_data_provider));`
			`});`
tests: Add fuzzing harness for BanMan 2020-06-09 11:16:13 +00:00			`}`
fuzz: Check banman roundtrip 2021-06-23 13:28:30 +02:00			`if (!force_read_and_write_to_err) {`
			`ban_man.DumpBanlist();`
			`SetMockTime(ConsumeTime(fuzzed_data_provider));`
			`banmap_t banmap;`
			`ban_man.GetBanned(banmap);`
			`BanMan ban_man_read{banlist_file, /* client_interface / nullptr, / default_ban_time */ 0};`
			`banmap_t banmap_read;`
			`ban_man_read.GetBanned(banmap_read);`
fuzz: Re-enable assert in banman again 2021-08-07 10:27:47 +02:00			`assert(banmap == banmap_read);`
fuzz: Check banman roundtrip 2021-06-23 13:28:30 +02:00			`}`
tests: Add fuzzing harness for BanMan 2020-06-09 11:16:13 +00:00			`}`
banman: save the banlist in a JSON format on disk Save the banlist in `banlist.json` instead of `banlist.dat`. This makes it possible to store Tor v3 entries in the banlist on disk (and any other addresses that cannot be serialized in addrv1 format). Only read `banlist.dat` if it exists and `banlist.json` does not exist (first start after an upgrade). Supersedes https://github.com/bitcoin/bitcoin/pull/20904 Resolves https://github.com/bitcoin/bitcoin/issues/19748 2021-01-14 09:33:04 +01:00			`fs::remove(banlist_file.string() + ".json");`
tests: Add fuzzing harness for BanMan 2020-06-09 11:16:13 +00:00			`}`