doc/html/rpc_8cpp_source.html

// Copyright (c) 2021-present The Bitcoin Core developers

// Distributed under the MIT software license, see the accompanying

// file COPYING or http://www.opensource.org/licenses/mit-license.php.


#include <base58.h>

#include <key.h>

#include <key_io.h>

#include <primitives/block.h>

#include <primitives/transaction.h>

#include <psbt.h>

#include <rpc/client.h>

#include <rpc/request.h>

#include <rpc/server.h>

#include <span.h>

#include <streams.h>

#include <test/fuzz/FuzzedDataProvider.h>

#include <test/fuzz/fuzz.h>

#include <test/fuzz/util.h>

#include <test/util/setup_common.h>

#include <tinyformat.h>

#include <uint256.h>

#include <univalue.h>

#include <util/strencodings.h>

#include <util/string.h>

#include <util/time.h>


#include <algorithm>

#include <cassert>

#include <cstdint>

#include <cstdlib>

#include <exception>

#include <iostream>

#include <memory>

#include <optional>

#include <stdexcept>

#include <vector>

enum class ChainType;


using util::Join;

using util::ToString;


namespace {

struct RPCFuzzTestingSetup : public TestingSetup {

    RPCFuzzTestingSetup(const ChainType chain_type, TestOpts opts) : TestingSetup{chain_type, opts}

    {

    }


    void CallRPC(const std::string& rpc_method, const std::vector<std::string>& arguments)

    {

        JSONRPCRequest request;

        request.context = &m_node;

        request.strMethod = rpc_method;

        try {

            request.params = RPCConvertValues(rpc_method, arguments);

        } catch (const std::runtime_error&) {

            return;

        }

        tableRPC.execute(request);

    }


    std::vector<std::string> GetRPCCommands() const

    {

        return tableRPC.listCommands();

    }

};


RPCFuzzTestingSetup* rpc_testing_setup = nullptr;

std::string g_limit_to_rpc_command;


// RPC commands which are not appropriate for fuzzing: such as RPC commands

// reading or writing to a filename passed as an RPC parameter, RPC commands

// resulting in network activity, etc.

const std::vector<std::string> RPC_COMMANDS_NOT_SAFE_FOR_FUZZING{

    "addconnection",  // avoid DNS lookups

    "addnode",        // avoid DNS lookups

    "addpeeraddress", // avoid DNS lookups

    "dumptxoutset",   // avoid writing to disk

    "enumeratesigners",

    "echoipc",              // avoid assertion failure (Assertion `"EnsureAnyNodeContext(request.context).init" && check' failed.)

    "generatetoaddress",    // avoid prohibitively slow execution (when `num_blocks` is large)

    "generatetodescriptor", // avoid prohibitively slow execution (when `nblocks` is large)

    "gettxoutproof",        // avoid prohibitively slow execution

    "importmempool", // avoid reading from disk

    "loadtxoutset",   // avoid reading from disk

    "loadwallet",   // avoid reading from disk

    "savemempool",           // disabled as a precautionary measure: may take a file path argument in the future

    "setban",                // avoid DNS lookups

    "stop",                  // avoid shutdown state

};


// RPC commands which are safe for fuzzing.

const std::vector<std::string> RPC_COMMANDS_SAFE_FOR_FUZZING{

    "abortprivatebroadcast",

    "analyzepsbt",

    "clearbanned",

    "combinepsbt",

    "combinerawtransaction",

    "converttopsbt",

    "createmultisig",

    "createpsbt",

    "createrawtransaction",

    "decodepsbt",

    "decoderawtransaction",

    "decodescript",

    "deriveaddresses",

    "descriptorprocesspsbt",

    "disconnectnode",

    "echo",

    "echojson",

    "estimaterawfee",

    "estimatesmartfee",

    "finalizepsbt",

    "generate",

    "generateblock",

    "getaddednodeinfo",

    "getaddrmaninfo",

    "getbestblockhash",

    "getblock",

    "getblockchaininfo",

    "getblockcount",

    "getblockfilter",

    "getblockfrompeer", // when no peers are connected, no p2p message is sent

    "getblockhash",

    "getblockheader",

    "getblockstats",

    "getblocktemplate",

    "getchaintips",

    "getchainstates",

    "getchaintxstats",

    "getconnectioncount",

    "getdeploymentinfo",

    "getdescriptoractivity",

    "getdescriptorinfo",

    "getdifficulty",

    "getindexinfo",

    "getmemoryinfo",

    "getmempoolancestors",

    "getmempooldescendants",

    "getmempoolentry",

    "getmempoolfeeratediagram",

    "getmempoolcluster",

    "getmempoolinfo",

    "getmininginfo",

    "getnettotals",

    "getnetworkhashps",

    "getnetworkinfo",

    "getnodeaddresses",

    "getorphantxs",

    "getpeerinfo",

    "getprioritisedtransactions",

    "getprivatebroadcastinfo",

    "getrawaddrman",

    "getrawmempool",

    "getrawtransaction",

    "getrpcinfo",

    "gettxout",

    "gettxoutsetinfo",

    "gettxspendingprevout",

    "help",

    "invalidateblock",

    "joinpsbts",

    "listbanned",

    "logging",

    "mockscheduler",

    "ping",

    "preciousblock",

    "prioritisetransaction",

    "pruneblockchain",

    "reconsiderblock",

    "scanblocks",

    "scantxoutset",

    "sendmsgtopeer", // when no peers are connected, no p2p message is sent

    "sendrawtransaction",

    "setmocktime",

    "setnetworkactive",

    "signmessagewithprivkey",

    "signrawtransactionwithkey",

    "submitblock",

    "submitheader",

    "submitpackage",

    "syncwithvalidationinterfacequeue",

    "testmempoolaccept",

    "uptime",

    "utxoupdatepsbt",

    "validateaddress",

    "verifychain",

    "verifymessage",

    "verifytxoutproof",

    "waitforblock",

    "waitforblockheight",

    "waitfornewblock",

};


std::string ConsumeScalarRPCArgument(FuzzedDataProvider& fuzzed_data_provider, bool& good_data)

{

    const size_t max_string_length = 4096;

    const size_t max_base58_bytes_length{64};

    std::string r;

    CallOneOf(

        fuzzed_data_provider,

        [&] {

            // string argument

            r = fuzzed_data_provider.ConsumeRandomLengthString(max_string_length);

        },

        [&] {

            // base64 argument

            r = EncodeBase64(fuzzed_data_provider.ConsumeRandomLengthString(max_string_length));

        },

        [&] {

            // hex argument

            r = HexStr(fuzzed_data_provider.ConsumeRandomLengthString(max_string_length));

        },

        [&] {

            // bool argument

            r = fuzzed_data_provider.ConsumeBool() ? "true" : "false";

        },

        [&] {

            // range argument

            r = "[" + ToString(fuzzed_data_provider.ConsumeIntegral<int64_t>()) + "," + ToString(fuzzed_data_provider.ConsumeIntegral<int64_t>()) + "]";

        },

        [&] {

            // integral argument (int64_t)

            r = ToString(fuzzed_data_provider.ConsumeIntegral<int64_t>());

        },

        [&] {

            // integral argument (uint64_t)

            r = ToString(fuzzed_data_provider.ConsumeIntegral<uint64_t>());

        },

        [&] {

            // floating point argument

            r = strprintf("%f", fuzzed_data_provider.ConsumeFloatingPoint<double>());

        },

        [&] {

            // tx destination argument

            r = EncodeDestination(ConsumeTxDestination(fuzzed_data_provider));

        },

        [&] {

            // uint160 argument

            r = ConsumeUInt160(fuzzed_data_provider).ToString();

        },

        [&] {

            // uint256 argument

            r = ConsumeUInt256(fuzzed_data_provider).ToString();

        },

        [&] {

            // base32 argument

            r = EncodeBase32(fuzzed_data_provider.ConsumeRandomLengthString(max_string_length));

        },

        [&] {

            // base58 argument

            r = EncodeBase58(MakeUCharSpan(fuzzed_data_provider.ConsumeRandomLengthString(max_base58_bytes_length)));

        },

        [&] {

            // base58 argument with checksum

            r = EncodeBase58Check(MakeUCharSpan(fuzzed_data_provider.ConsumeRandomLengthString(max_base58_bytes_length)));

        },

        [&] {

            // hex encoded block

            std::optional<CBlock> opt_block = ConsumeDeserializable<CBlock>(fuzzed_data_provider, TX_WITH_WITNESS);

            if (!opt_block) {

                good_data = false;

                return;

            }

            DataStream data_stream{};

            data_stream << TX_WITH_WITNESS(*opt_block);

            r = HexStr(data_stream);

        },

        [&] {

            // hex encoded block header

            std::optional<CBlockHeader> opt_block_header = ConsumeDeserializable<CBlockHeader>(fuzzed_data_provider);

            if (!opt_block_header) {

                good_data = false;

                return;

            }

            DataStream data_stream{};

            data_stream << *opt_block_header;

            r = HexStr(data_stream);

        },

        [&] {

            // hex encoded tx

            std::optional<CMutableTransaction> opt_tx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider, TX_WITH_WITNESS);

            if (!opt_tx) {

                good_data = false;

                return;

            }

            DataStream data_stream;

            auto allow_witness = (fuzzed_data_provider.ConsumeBool() ? TX_WITH_WITNESS : TX_NO_WITNESS);

            data_stream << allow_witness(*opt_tx);

            r = HexStr(data_stream);

        },

        [&] {

            // base64 encoded psbt

            std::optional<PartiallySignedTransaction> opt_psbt = ConsumeDeserializable<PartiallySignedTransaction>(fuzzed_data_provider);

            if (!opt_psbt) {

                good_data = false;

                return;

            }

            DataStream data_stream{};

            data_stream << *opt_psbt;

            r = EncodeBase64(data_stream);

        },

        [&] {

            // base58 encoded key

            CKey key = ConsumePrivateKey(fuzzed_data_provider);

            if (!key.IsValid()) {

                good_data = false;

                return;

            }

            r = EncodeSecret(key);

        },

        [&] {

            // hex encoded pubkey

            CKey key = ConsumePrivateKey(fuzzed_data_provider);

            if (!key.IsValid()) {

                good_data = false;

                return;

            }

            r = HexStr(key.GetPubKey());

        });

    return r;

}


std::string ConsumeArrayRPCArgument(FuzzedDataProvider& fuzzed_data_provider, bool& good_data)

{

    std::vector<std::string> scalar_arguments;

    LIMITED_WHILE(good_data && fuzzed_data_provider.ConsumeBool(), 100)

    {

        scalar_arguments.push_back(ConsumeScalarRPCArgument(fuzzed_data_provider, good_data));

    }

    return "[\"" + Join(scalar_arguments, "\",\"") + "\"]";

}


std::string ConsumeRPCArgument(FuzzedDataProvider& fuzzed_data_provider, bool& good_data)

{

    return fuzzed_data_provider.ConsumeBool() ? ConsumeScalarRPCArgument(fuzzed_data_provider, good_data) : ConsumeArrayRPCArgument(fuzzed_data_provider, good_data);

}


RPCFuzzTestingSetup* InitializeRPCFuzzTestingSetup()

{

    static const auto setup = MakeNoLogFileContext<RPCFuzzTestingSetup>();

    SetRPCWarmupFinished();

    return setup.get();

}

}; // namespace


void initialize_rpc()

{

    rpc_testing_setup = InitializeRPCFuzzTestingSetup();

    const std::vector<std::string> supported_rpc_commands = rpc_testing_setup->GetRPCCommands();

    for (const std::string& rpc_command : supported_rpc_commands) {

        const bool safe_for_fuzzing = std::find(RPC_COMMANDS_SAFE_FOR_FUZZING.begin(), RPC_COMMANDS_SAFE_FOR_FUZZING.end(), rpc_command) != RPC_COMMANDS_SAFE_FOR_FUZZING.end();

        const bool not_safe_for_fuzzing = std::find(RPC_COMMANDS_NOT_SAFE_FOR_FUZZING.begin(), RPC_COMMANDS_NOT_SAFE_FOR_FUZZING.end(), rpc_command) != RPC_COMMANDS_NOT_SAFE_FOR_FUZZING.end();

        if (!(safe_for_fuzzing || not_safe_for_fuzzing)) {

            std::cerr << "Error: RPC command \"" << rpc_command << "\" not found in RPC_COMMANDS_SAFE_FOR_FUZZING or RPC_COMMANDS_NOT_SAFE_FOR_FUZZING. Please update " << __FILE__ << ".\n";

            std::terminate();

        }

        if (safe_for_fuzzing && not_safe_for_fuzzing) {

            std::cerr << "Error: RPC command \"" << rpc_command << "\" found in *both* RPC_COMMANDS_SAFE_FOR_FUZZING and RPC_COMMANDS_NOT_SAFE_FOR_FUZZING. Please update " << __FILE__ << ".\n";

            std::terminate();

        }

    }

    const char* limit_to_rpc_command_env = std::getenv("LIMIT_TO_RPC_COMMAND");

    if (limit_to_rpc_command_env != nullptr) {

        g_limit_to_rpc_command = std::string{limit_to_rpc_command_env};

    }

}


FUZZ_TARGET(rpc, .init = initialize_rpc)

{

    SeedRandomStateForTest(SeedRand::ZEROS);

    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};

    bool good_data{true};

    SetMockTime(ConsumeTime(fuzzed_data_provider));

    const std::string rpc_command = fuzzed_data_provider.ConsumeRandomLengthString(64);

    if (!g_limit_to_rpc_command.empty() && rpc_command != g_limit_to_rpc_command) {

        return;

    }

    const bool safe_for_fuzzing = std::find(RPC_COMMANDS_SAFE_FOR_FUZZING.begin(), RPC_COMMANDS_SAFE_FOR_FUZZING.end(), rpc_command) != RPC_COMMANDS_SAFE_FOR_FUZZING.end();

    if (!safe_for_fuzzing) {

        return;

    }

    std::vector<std::string> arguments;

    LIMITED_WHILE(good_data && fuzzed_data_provider.ConsumeBool(), 100)

    {

        arguments.push_back(ConsumeRPCArgument(fuzzed_data_provider, good_data));

    }

    try {

        std::optional<test_only_CheckFailuresAreExceptionsNotAborts> maybe_mock{};

        if (rpc_command == "echo") {

            // Avoid aborting fuzzing for this specific test-only RPC with an

            // intentional trigger_internal_bug

            maybe_mock.emplace();

        }

        rpc_testing_setup->CallRPC(rpc_command, arguments);

    } catch (const UniValue& json_rpc_error) {

        const std::string error_msg{json_rpc_error.find_value("message").get_str()};

        if (error_msg.starts_with("Internal bug detected")) {

            // Only allow the intentional internal bug

            assert(error_msg.find("trigger_internal_bug") != std::string::npos);

        }

    }

}


FuzzedDataProvider.h

EncodeBase58
std::string EncodeBase58(std::span< const unsigned char > input)
Why base-58 instead of standard base-64 encoding?
Definition base58.cpp:89

EncodeBase58Check
std::string EncodeBase58Check(std::span< const unsigned char > input)
Encode a byte span into a base58-encoded string, including checksum.
Definition base58.cpp:137

base58.h

CallRPC
static UniValue CallRPC(BaseRequestHandler *rh, const std::string &strMethod, const std::vector< std::string > &args, const std::optional< std::string > &rpcwallet={})
Definition bitcoin-cli.cpp:795

block.h

ChainType
ChainType
Definition chaintype.h:11

CKey
An encapsulated private key.
Definition key.h:36

CKey::IsValid
bool IsValid() const
Check whether this private key is valid.
Definition key.h:124

CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition key.cpp:183

CRPCTable::listCommands
std::vector< std::string > listCommands() const
Returns a list of registered commands.
Definition server.cpp:519

CRPCTable::execute
UniValue execute(const JSONRPCRequest &request) const
Execute a method.
Definition server.cpp:482

DataStream
Double ended buffer combining vector and stream-like interfaces.
Definition streams.h:133

FuzzedDataProvider
Definition FuzzedDataProvider.h:32

FuzzedDataProvider::ConsumeRandomLengthString
std::string ConsumeRandomLengthString(size_t max_length)
Definition FuzzedDataProvider.h:153

FuzzedDataProvider::ConsumeBool
bool ConsumeBool()
Definition FuzzedDataProvider.h:289

FuzzedDataProvider::ConsumeFloatingPoint
T ConsumeFloatingPoint()
Definition FuzzedDataProvider.h:240

FuzzedDataProvider::ConsumeIntegral
T ConsumeIntegral()
Definition FuzzedDataProvider.h:195

JSONRPCRequest::params
UniValue params
Definition request.h:57

JSONRPCRequest::strMethod
std::string strMethod
Definition request.h:56

JSONRPCRequest::context
std::any context
Definition request.h:62

UniValue
Definition univalue.h:22

UniValue::get_str
const std::string & get_str() const
Definition univalue_get.cpp:62

UniValue::find_value
const UniValue & find_value(std::string_view key) const
Definition univalue.cpp:232

base_blob::ToString
std::string ToString() const
Definition uint256.cpp:21

RPCConvertValues
UniValue RPCConvertValues(const std::string &strMethod, const std::vector< std::string > &strParams)
Convert command lines arguments to params object when -named is disabled.
Definition client.cpp:435

client.h

fuzz.h

FUZZ_TARGET
#define FUZZ_TARGET(...)
Definition fuzz.h:35

LIMITED_WHILE
#define LIMITED_WHILE(condition, limit)
Can be used to limit a theoretically unbounded loop.
Definition fuzz.h:22

HexStr
std::string HexStr(const std::span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
Definition hex_base.cpp:30

key.h

EncodeSecret
std::string EncodeSecret(const CKey &key)
Definition key_io.cpp:231

EncodeDestination
std::string EncodeDestination(const CTxDestination &dest)
Definition key_io.cpp:294

key_io.h

init
Definition bitcoin-gui.cpp:17

util::ToString
std::string ToString(const T &t)
Locale-independent version of std::to_string.
Definition string.h:246

util::Join
auto Join(const C &container, const S &separator, UnaryOp unary_op)
Join all container items.
Definition string.h:205

transaction.h

TX_NO_WITNESS
static constexpr TransactionSerParams TX_NO_WITNESS
Definition transaction.h:181

TX_WITH_WITNESS
static constexpr TransactionSerParams TX_WITH_WITNESS
Definition transaction.h:180

request.h

initialize_rpc
void initialize_rpc()
Definition rpc.cpp:346

ToString
std::string ToString(const T &t)
Locale-independent version of std::to_string.
Definition string.h:246

Join
auto Join(const C &container, const S &separator, UnaryOp unary_op)
Join all container items.
Definition string.h:205

SetRPCWarmupFinished
void SetRPCWarmupFinished()
Definition server.cpp:324

tableRPC
CRPCTable tableRPC
Definition server.cpp:544

server.h

setup_common.h

MakeNoLogFileContext
std::unique_ptr< T > MakeNoLogFileContext(const ChainType chain_type=ChainType::REGTEST, TestOpts opts={})
Make a test setup that has disk access to the debug.log file disabled.
Definition setup_common.h:250

span.h

MakeUCharSpan
constexpr auto MakeUCharSpan(const V &v) -> decltype(UCharSpanCast(std::span{v}))
Like the std::span constructor, but for (const) unsigned char member types only.
Definition span.h:111

streams.h

strencodings.h

string.h

TestingSetup
Testing setup that configures a complete environment.
Definition setup_common.h:121

ConsumeTime
NodeSeconds ConsumeTime(FuzzedDataProvider &fuzzed_data_provider, const std::optional< int64_t > &min, const std::optional< int64_t > &max) noexcept
Definition util.cpp:34

ConsumePrivateKey
CKey ConsumePrivateKey(FuzzedDataProvider &fuzzed_data_provider, std::optional< bool > compressed) noexcept
Definition util.cpp:235

ConsumeTxDestination
CTxDestination ConsumeTxDestination(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition util.cpp:189

util.h

ConsumeUInt256
uint256 ConsumeUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition util.h:167

CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition util.h:35

ConsumeDeserializable
std::optional< T > ConsumeDeserializable(FuzzedDataProvider &fuzzed_data_provider, const P &params, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition util.h:100

ConsumeUInt160
uint160 ConsumeUInt160(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition util.h:158

SeedRandomStateForTest
void SeedRandomStateForTest(SeedRand seedtype)
Seed the global RNG state for testing and log the seed value.
Definition random.cpp:19

SeedRand::ZEROS
@ ZEROS
Seed with a compile time constant of zeros.
Definition random.h:19

setup
static int setup(void)
Definition tests.c:7808

tinyformat.h

strprintf
#define strprintf
Format arguments and return the string or write to given std::ostream (see tinyformat::format doc for...
Definition tinyformat.h:1172

uint256.h

univalue.h

EncodeBase32
std::string EncodeBase32(std::span< const unsigned char > input, bool pad)
Base32 encode.
Definition strencodings.cpp:144

EncodeBase64
std::string EncodeBase64(std::span< const unsigned char > input)
Definition strencodings.cpp:98

SetMockTime
void SetMockTime(int64_t nMockTimeIn)
DEPRECATED Use SetMockTime with chrono type.
Definition time.cpp:44

assert
assert(!tx.IsCoinBase())