From 44abf417eb1cd8598084eee1a429ca57c7d0579a Mon Sep 17 00:00:00 2001
From: practicalswift <practicalswift@users.noreply.github.com>
Date: Sun, 15 Mar 2020 14:08:34 +0000
Subject: [PATCH] tests: Add fuzzing harness for various functions taking
 std::string as input

---
 src/Makefile.test.include | 19 ++++++---
 src/test/fuzz/string.cpp  | 89 +++++++++++++++++++++++++++++++++++++++
 src/test/fuzz/util.h      | 10 +++++
 3 files changed, 112 insertions(+), 6 deletions(-)
 create mode 100644 src/test/fuzz/string.cpp

diff --git a/src/Makefile.test.include b/src/Makefile.test.include
index 26aced07f1f..9697a157fbd 100644
--- a/src/Makefile.test.include
+++ b/src/Makefile.test.include
@@ -93,6 +93,7 @@ FUZZ_TARGETS = \
   test/fuzz/service_deserialize \
   test/fuzz/snapshotmetadata_deserialize \
   test/fuzz/spanparsing \
+  test/fuzz/string \
   test/fuzz/strprintf \
   test/fuzz/sub_net_deserialize \
   test/fuzz/transaction \
@@ -808,12 +809,24 @@ test_fuzz_service_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_service_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 test_fuzz_service_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
+test_fuzz_snapshotmetadata_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DSNAPSHOTMETADATA_DESERIALIZE=1
+test_fuzz_snapshotmetadata_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_snapshotmetadata_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_snapshotmetadata_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
+test_fuzz_snapshotmetadata_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
+
 test_fuzz_spanparsing_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_spanparsing_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_spanparsing_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_spanparsing_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 test_fuzz_spanparsing_SOURCES = $(FUZZ_SUITE) test/fuzz/spanparsing.cpp
 
+test_fuzz_string_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
+test_fuzz_string_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
+test_fuzz_string_LDADD = $(FUZZ_SUITE_LD_COMMON)
+test_fuzz_string_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
+test_fuzz_string_SOURCES = $(FUZZ_SUITE) test/fuzz/string.cpp
+
 test_fuzz_strprintf_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_strprintf_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_strprintf_LDADD = $(FUZZ_SUITE_LD_COMMON)
@@ -826,12 +839,6 @@ test_fuzz_sub_net_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
 test_fuzz_sub_net_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
 test_fuzz_sub_net_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
 
-test_fuzz_snapshotmetadata_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DSNAPSHOTMETADATA_DESERIALIZE=1
-test_fuzz_snapshotmetadata_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
-test_fuzz_snapshotmetadata_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
-test_fuzz_snapshotmetadata_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
-test_fuzz_snapshotmetadata_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
-
 test_fuzz_transaction_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
 test_fuzz_transaction_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
 test_fuzz_transaction_LDADD = $(FUZZ_SUITE_LD_COMMON)
diff --git a/src/test/fuzz/string.cpp b/src/test/fuzz/string.cpp
new file mode 100644
index 00000000000..bb583885ba1
--- /dev/null
+++ b/src/test/fuzz/string.cpp
@@ -0,0 +1,89 @@
+// Copyright (c) 2020 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <blockfilter.h>
+#include <clientversion.h>
+#include <logging.h>
+#include <netbase.h>
+#include <outputtype.h>
+#include <rpc/client.h>
+#include <rpc/request.h>
+#include <rpc/server.h>
+#include <rpc/util.h>
+#include <script/descriptor.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <util/error.h>
+#include <util/fees.h>
+#include <util/message.h>
+#include <util/settings.h>
+#include <util/strencodings.h>
+#include <util/string.h>
+#include <util/system.h>
+#include <util/translation.h>
+#include <util/url.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+    FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    const std::string random_string_1 = fuzzed_data_provider.ConsumeRandomLengthString(32);
+    const std::string random_string_2 = fuzzed_data_provider.ConsumeRandomLengthString(32);
+    const std::vector<std::string> random_string_vector = ConsumeRandomLengthStringVector(fuzzed_data_provider);
+
+    (void)AmountErrMsg(random_string_1, random_string_2);
+    (void)AmountHighWarn(random_string_1);
+    BlockFilterType block_filter_type;
+    (void)BlockFilterTypeByName(random_string_1, block_filter_type);
+    (void)Capitalize(random_string_1);
+    (void)CopyrightHolders(random_string_1);
+    FeeEstimateMode fee_estimate_mode;
+    (void)FeeModeFromString(random_string_1, fee_estimate_mode);
+    (void)FormatParagraph(random_string_1, fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1000), fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 1000));
+    (void)FormatSubVersion(random_string_1, fuzzed_data_provider.ConsumeIntegral<int>(), random_string_vector);
+    (void)GetDescriptorChecksum(random_string_1);
+    (void)HelpExampleCli(random_string_1, random_string_2);
+    (void)HelpExampleRpc(random_string_1, random_string_2);
+    (void)HelpMessageGroup(random_string_1);
+    (void)HelpMessageOpt(random_string_1, random_string_2);
+    (void)IsDeprecatedRPCEnabled(random_string_1);
+    (void)Join(random_string_vector, random_string_1);
+    (void)JSONRPCError(fuzzed_data_provider.ConsumeIntegral<int>(), random_string_1);
+    const util::Settings settings;
+    (void)OnlyHasDefaultSectionSetting(settings, random_string_1, random_string_2);
+    (void)ParseNetwork(random_string_1);
+    try {
+        (void)ParseNonRFCJSONValue(random_string_1);
+    } catch (const std::runtime_error&) {
+    }
+    OutputType output_type;
+    (void)ParseOutputType(random_string_1, output_type);
+    (void)ResolveErrMsg(random_string_1, random_string_2);
+    try {
+        (void)RPCConvertNamedValues(random_string_1, random_string_vector);
+    } catch (const std::runtime_error&) {
+    }
+    try {
+        (void)RPCConvertValues(random_string_1, random_string_vector);
+    } catch (const std::runtime_error&) {
+    }
+    (void)SanitizeString(random_string_1);
+    (void)SanitizeString(random_string_1, fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 3));
+    (void)ShellEscape(random_string_1);
+    int port_out;
+    std::string host_out;
+    SplitHostPort(random_string_1, port_out, host_out);
+    (void)TimingResistantEqual(random_string_1, random_string_2);
+    (void)ToLower(random_string_1);
+    (void)ToUpper(random_string_1);
+    (void)TrimString(random_string_1);
+    (void)TrimString(random_string_1, random_string_2);
+    (void)urlDecode(random_string_1);
+    (void)ValidAsCString(random_string_1);
+    (void)_(random_string_1.c_str());
+}
diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
index ff278aebcc9..47f8d3fb275 100644
--- a/src/test/fuzz/util.h
+++ b/src/test/fuzz/util.h
@@ -25,6 +25,16 @@ NODISCARD inline std::vector<uint8_t> ConsumeRandomLengthByteVector(FuzzedDataPr
     return {s.begin(), s.end()};
 }
 
+NODISCARD inline std::vector<std::string> ConsumeRandomLengthStringVector(FuzzedDataProvider& fuzzed_data_provider, size_t max_vector_size = 16, size_t max_string_length = 16) noexcept
+{
+    const size_t n_elements = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, max_vector_size);
+    std::vector<std::string> r;
+    for (size_t i = 0; i < n_elements; ++i) {
+        r.push_back(fuzzed_data_provider.ConsumeRandomLengthString(max_string_length));
+    }
+    return r;
+}
+
 template <typename T>
 NODISCARD inline Optional<T> ConsumeDeserializable(FuzzedDataProvider& fuzzed_data_provider, size_t max_length = 4096) noexcept
 {