doc/html/test_2fuzz_2banman_8cpp_source.html

 // Copyright (c) 2020-2022 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.

 #include <banman.h>
 #include <common/args.h>
 #include <netaddress.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <test/fuzz/util.h>
 #include <test/fuzz/util/net.h>
 #include <test/util/setup_common.h>
 #include <util/fs.h>
 #include <util/readwritefile.h>

 #include <cassert>
 #include <cstdint>
 #include <limits>
 #include <string>
 #include <vector>

 namespace {
 int64_t ConsumeBanTimeOffset(FuzzedDataProvider& fuzzed_data_provider) noexcept
 {
     // Avoid signed integer overflow by capping to int32_t max:
     // banman.cpp:137:73: runtime error: signed integer overflow: 1591700817 + 9223372036854775807 cannot be represented in type 'long'
     return fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(std::numeric_limits<int64_t>::min(), std::numeric_limits<int32_t>::max());
 }
 } // namespace

 void initialize_banman()
 {
     static const auto testing_setup = MakeNoLogFileContext<>();
 }

 static bool operator==(const CBanEntry& lhs, const CBanEntry& rhs)
 {
     return lhs.nVersion == rhs.nVersion &&
            lhs.nCreateTime == rhs.nCreateTime &&
            lhs.nBanUntil == rhs.nBanUntil;
 }

 FUZZ_TARGET(banman, .init = initialize_banman)
 {
     SeedRandomStateForTest(SeedRand::ZEROS);
     FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
     SetMockTime(ConsumeTime(fuzzed_data_provider));
     fs::path banlist_file = gArgs.GetDataDirNet() / "fuzzed_banlist";

     const bool start_with_corrupted_banlist{fuzzed_data_provider.ConsumeBool()};
     bool force_read_and_write_to_err{false};
     if (start_with_corrupted_banlist) {
         assert(WriteBinaryFile(banlist_file + ".json",
                                fuzzed_data_provider.ConsumeRandomLengthString()));
     } else {
         force_read_and_write_to_err = fuzzed_data_provider.ConsumeBool();
         if (force_read_and_write_to_err) {
             banlist_file = fs::path{"path"} / "to" / "inaccessible" / "fuzzed_banlist";
         }
     }

     {
         BanMan ban_man{banlist_file, /*client_interface=*/nullptr, /*default_ban_time=*/ConsumeBanTimeOffset(fuzzed_data_provider)};
         // The complexity is O(N^2), where N is the input size, because each call
         // might call DumpBanlist (or other methods that are at least linear
         // complexity of the input size).
         bool contains_invalid{false};
         LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 300)
         {
             CallOneOf(
                 fuzzed_data_provider,
                 [&] {
                     CNetAddr net_addr{ConsumeNetAddr(fuzzed_data_provider)};
                     if (!net_addr.IsCJDNS() || !net_addr.IsValid()) {
                         const std::optional<CNetAddr>& addr{LookupHost(net_addr.ToStringAddr(), /*fAllowLookup=*/false)};
                         if (addr.has_value() && addr->IsValid()) {
                             net_addr = *addr;
                         } else {
                             contains_invalid = true;
                         }
                     }
                     auto ban_time_offset = ConsumeBanTimeOffset(fuzzed_data_provider);
                     auto since_unix_epoch = fuzzed_data_provider.ConsumeBool();
                     ban_man.Ban(net_addr, ban_time_offset, since_unix_epoch);
                 },
                 [&] {
                     CSubNet subnet{ConsumeSubNet(fuzzed_data_provider)};
                     subnet = LookupSubNet(subnet.ToString());
                     if (!subnet.IsValid()) {
                         contains_invalid = true;
                     }
                     auto ban_time_offset = ConsumeBanTimeOffset(fuzzed_data_provider);
                     auto since_unix_epoch = fuzzed_data_provider.ConsumeBool();
                     ban_man.Ban(subnet, ban_time_offset, since_unix_epoch);
                 },
                 [&] {
                     ban_man.ClearBanned();
                 },
                 [&] {
                     ban_man.IsBanned(ConsumeNetAddr(fuzzed_data_provider));
                 },
                 [&] {
                     ban_man.IsBanned(ConsumeSubNet(fuzzed_data_provider));
                 },
                 [&] {
                     ban_man.Unban(ConsumeNetAddr(fuzzed_data_provider));
                 },
                 [&] {
                     ban_man.Unban(ConsumeSubNet(fuzzed_data_provider));
                 },
                 [&] {
                     banmap_t banmap;
                     ban_man.GetBanned(banmap);
                 },
                 [&] {
                     ban_man.DumpBanlist();
                 },
                 [&] {
                     ban_man.Discourage(ConsumeNetAddr(fuzzed_data_provider));
                 });
         }
         if (!force_read_and_write_to_err) {
             ban_man.DumpBanlist();
             SetMockTime(ConsumeTime(fuzzed_data_provider));
             banmap_t banmap;
             ban_man.GetBanned(banmap);
             BanMan ban_man_read{banlist_file, /*client_interface=*/nullptr, /*default_ban_time=*/0};
             banmap_t banmap_read;
             ban_man_read.GetBanned(banmap_read);
             if (!contains_invalid) {
                 assert(banmap == banmap_read);
             }
         }
     }
     fs::remove(fs::PathToString(banlist_file + ".json"));
 }
BanMan
Definition: banman.h:58

assert
assert(!tx.IsCoinBase())

FUZZ_TARGET
FUZZ_TARGET(banman,.init=initialize_banman)
Definition: banman.cpp:43

FuzzedDataProvider.h

fuzz.h

fs.h

LIMITED_WHILE
#define LIMITED_WHILE(condition, limit)
Can be used to limit a theoretically unbounded loop.
Definition: fuzz.h:22

CBanEntry::nVersion
int nVersion
Definition: net_types.h:18

initialize_banman
void initialize_banman()
Definition: banman.cpp:31

WriteBinaryFile
bool WriteBinaryFile(const fs::path &filename, const std::string &data)
Write contents of std::string to a file.
Definition: readwritefile.cpp:37

CBanEntry::nCreateTime
int64_t nCreateTime
Definition: net_types.h:19

CSubNet
Definition: netaddress.h:479

SetMockTime
void SetMockTime(int64_t nMockTimeIn)
DEPRECATED Use SetMockTime with chrono type.
Definition: time.cpp:40

ArgsManager::GetDataDirNet
fs::path GetDataDirNet() const
Get data directory path with appended network identifier.
Definition: args.h:234

netaddress.h

fs::PathToString
static std::string PathToString(const path &path)
Convert path object to a byte string.
Definition: fs.h:151

LookupHost
std::vector< CNetAddr > LookupHost(const std::string &name, unsigned int nMaxSolutions, bool fAllowLookup, DNSLookupFn dns_lookup_function)
Resolve a host string to its corresponding network addresses.
Definition: netbase.cpp:177

readwritefile.h

setup_common.h

FuzzedDataProvider
Definition: FuzzedDataProvider.h:32

ConsumeNetAddr
CNetAddr ConsumeNetAddr(FuzzedDataProvider &fuzzed_data_provider, FastRandomContext *rand) noexcept
Create a CNetAddr.
Definition: net.cpp:28

CBanEntry::nBanUntil
int64_t nBanUntil
Definition: net_types.h:20

init
Definition: bitcoin-gui.cpp:17

gArgs
ArgsManager gArgs
Definition: args.cpp:42

operator==
static bool operator==(const CBanEntry &lhs, const CBanEntry &rhs)
Definition: banman.cpp:36

CNetAddr
Network address.
Definition: netaddress.h:111

SeedRandomStateForTest
void SeedRandomStateForTest(SeedRand seedtype)
Seed the global RNG state for testing and log the seed value.
Definition: random.cpp:19

ConsumeTime
int64_t ConsumeTime(FuzzedDataProvider &fuzzed_data_provider, const std::optional< int64_t > &min, const std::optional< int64_t > &max) noexcept
Definition: util.cpp:34

util.h

args.h

banmap_t
std::map< CSubNet, CBanEntry > banmap_t
Definition: net_types.h:41

CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:35

banman.h

CBanEntry
Definition: net_types.h:14

SeedRand::ZEROS
Seed with a compile time constant of zeros.

net.h

fs::path
Path class wrapper to block calls to the fs::path(std::string) implicit constructor and the fs::path:...
Definition: fs.h:32

ConsumeSubNet
CSubNet ConsumeSubNet(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: net.h:218

LookupSubNet
CSubNet LookupSubNet(const std::string &subnet_str)
Parse and resolve a specified subnet string into the appropriate internal representation.
Definition: netbase.cpp:756