From c39aa29c5c5df5452f5c33579592277cceead475 Mon Sep 17 00:00:00 2001
From: Julius Pfrommer <julius.pfrommer@web.de>
Date: Sat, 26 Oct 2024 22:04:57 +0200
Subject: [PATCH] feat(test): Add fuzz test for parsing UA_AttributeOperand

---
 tests/fuzz/CMakeLists.txt           |  1 +
 tests/fuzz/fuzz_attributeoperand.cc | 63 +++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 tests/fuzz/fuzz_attributeoperand.cc

diff --git a/tests/fuzz/CMakeLists.txt b/tests/fuzz/CMakeLists.txt
index 7e7fc900605..7bbf5118646 100644
--- a/tests/fuzz/CMakeLists.txt
+++ b/tests/fuzz/CMakeLists.txt
@@ -78,6 +78,7 @@ add_fuzzer(fuzz_binary_message fuzz_binary_message.cc)
 add_fuzzer(fuzz_tcp_message fuzz_tcp_message.cc)
 add_fuzzer(fuzz_binary_decode fuzz_binary_decode.cc)
 add_fuzzer(fuzz_src_ua_util fuzz_src_ua_util.cc)
+add_fuzzer(fuzz_attributeoperand fuzz_attributeoperand.cc)
 
 # Add fuzzer for mdns dependency. It's currently not fuzzed separately.
 # See also: https://github.com/google/oss-fuzz/pull/2928
diff --git a/tests/fuzz/fuzz_attributeoperand.cc b/tests/fuzz/fuzz_attributeoperand.cc
new file mode 100644
index 00000000000..ec159bad48f
--- /dev/null
+++ b/tests/fuzz/fuzz_attributeoperand.cc
@@ -0,0 +1,63 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ *    Copyright 2024 (c) Fraunhofer IOSB (Author: Julius Pfrommer)
+ */
+
+#include "custom_memory_manager.h"
+
+#include <open62541/plugin/log_stdout.h>
+#include <open62541/server_config_default.h>
+#include <open62541/types.h>
+
+/*
+** Main entry point.  The fuzzer invokes this function with each
+** fuzzed input.
+*/
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    if(size <= 6)
+        return 0;
+
+    // set the available memory
+    if(!UA_memoryManager_setLimitFromLast4Bytes(data, size))
+        return 0;
+
+    data += 4;
+    size -= 4;
+
+    const UA_String input = {size, (UA_Byte *) (void *) data};
+    UA_String out = UA_STRING_NULL;
+    UA_String out2 = UA_STRING_NULL;
+
+    UA_AttributeOperand ao;
+    UA_AttributeOperand ao2;
+    UA_AttributeOperand_init(&ao2);
+    UA_StatusCode ret = UA_AttributeOperand_parse(&ao, input);
+    if(ret != UA_STATUSCODE_GOOD)
+        return 0;
+
+    ret = UA_AttributeOperand_print(&ao, &out);
+    if(ret == UA_STATUSCODE_BADOUTOFMEMORY)
+        goto cleanup;
+    UA_assert(ret == UA_STATUSCODE_GOOD);
+
+    ret = UA_AttributeOperand_parse(&ao2, out);
+    if(ret == UA_STATUSCODE_BADOUTOFMEMORY)
+        goto cleanup;
+    UA_assert(ret == UA_STATUSCODE_GOOD);
+
+    ret = UA_AttributeOperand_print(&ao2, &out2);
+    if(ret == UA_STATUSCODE_BADOUTOFMEMORY)
+        goto cleanup;
+    UA_assert(ret == UA_STATUSCODE_GOOD);
+
+    UA_assert(UA_String_equal(&out, &out2));
+
+ cleanup:
+    UA_String_clear(&out);
+    UA_String_clear(&out2);
+    UA_AttributeOperand_clear(&ao);
+    UA_AttributeOperand_clear(&ao2);
+    return 0;
+}