rpc_8cpp_source.html

// Copyright (c) 2021-present The Bitcoin Core developers

// Distributed under the MIT software license, see the accompanying

// file COPYING or http://www.opensource.org/licenses/mit-license.php.


#include <base58.h>

#include <key.h>

#include <key_io.h>

#include <primitives/block.h>

#include <primitives/transaction.h>

#include <psbt.h>

#include <rpc/client.h>

#include <rpc/request.h>

#include <rpc/server.h>

#include <span.h>

#include <streams.h>

#include <test/fuzz/FuzzedDataProvider.h>

#include <test/fuzz/fuzz.h>

#include <test/fuzz/util.h>

#include <test/util/setup_common.h>

#include <tinyformat.h>

#include <uint256.h>

#include <univalue.h>

#include <util/strencodings.h>

#include <util/string.h>

#include <util/time.h>


#include <algorithm>

#include <cassert>

#include <cstdint>

#include <cstdlib>

#include <exception>

#include <iostream>

#include <memory>

#include <optional>

#include <stdexcept>

#include <vector>

enum class ChainType;


using util::Join;

using util::ToString;


namespace {

struct RPCFuzzTestingSetup : public TestingSetup {

    RPCFuzzTestingSetup(const ChainType chain_type, TestOpts opts) : TestingSetup{chain_type, opts}

    {

    }


    void CallRPC(const std::string& rpc_method, const std::vector<std::string>& arguments)

    {

        JSONRPCRequest request;

        request.context = &m_node;

        request.strMethod = rpc_method;

        try {

            request.params = RPCConvertValues(rpc_method, arguments);

        } catch (const std::runtime_error&) {

            return;

        }

        tableRPC.execute(request);

    }


    std::vector<std::string> GetRPCCommands() const

    {

        return tableRPC.listCommands();

    }

};


RPCFuzzTestingSetup* rpc_testing_setup = nullptr;

std::string g_limit_to_rpc_command;


// RPC commands which are not appropriate for fuzzing: such as RPC commands

// reading or writing to a filename passed as an RPC parameter, RPC commands

// resulting in network activity, etc.

const std::vector<std::string> RPC_COMMANDS_NOT_SAFE_FOR_FUZZING{

    "addconnection",  // avoid DNS lookups

    "addnode",        // avoid DNS lookups

    "addpeeraddress", // avoid DNS lookups

    "dumptxoutset",   // avoid writing to disk

    "enumeratesigners",

    "echoipc",              // avoid assertion failure (Assertion `"EnsureAnyNodeContext(request.context).init" && check' failed.)

    "generatetoaddress",    // avoid prohibitively slow execution (when `num_blocks` is large)

    "generatetodescriptor", // avoid prohibitively slow execution (when `nblocks` is large)

    "gettxoutproof",        // avoid prohibitively slow execution

    "importmempool", // avoid reading from disk

    "loadtxoutset",   // avoid reading from disk

    "loadwallet",   // avoid reading from disk

    "savemempool",           // disabled as a precautionary measure: may take a file path argument in the future

    "setban",                // avoid DNS lookups

    "stop",                  // avoid shutdown state

};


// RPC commands which are safe for fuzzing.

const std::vector<std::string> RPC_COMMANDS_SAFE_FOR_FUZZING{

    "abortprivatebroadcast",

    "analyzepsbt",

    "clearbanned",

    "combinepsbt",

    "combinerawtransaction",

    "converttopsbt",

    "createmultisig",

    "createpsbt",

    "createrawtransaction",

    "decodepsbt",

    "decoderawtransaction",

    "decodescript",

    "deriveaddresses",

    "descriptorprocesspsbt",

    "disconnectnode",

    "echo",

    "echojson",

    "estimaterawfee",

    "estimatesmartfee",

    "finalizepsbt",

    "generate",

    "generateblock",

    "getaddednodeinfo",

    "getaddrmaninfo",

    "getbestblockhash",

    "getblock",

    "getblockchaininfo",

    "getblockcount",

    "getblockfilter",

    "getblockfrompeer", // when no peers are connected, no p2p message is sent

    "getblockhash",

    "getblockheader",

    "getblockstats",

    "getblocktemplate",

    "getchaintips",

    "getchainstates",

    "getchaintxstats",

    "getconnectioncount",

    "getdeploymentinfo",

    "getdescriptoractivity",

    "getdescriptorinfo",

    "getdifficulty",

    "getindexinfo",

    "getmemoryinfo",

    "getmempoolancestors",

    "getmempooldescendants",

    "getmempoolentry",

    "getmempoolfeeratediagram",

    "getmempoolcluster",

    "getmempoolinfo",

    "getmininginfo",

    "getnettotals",

    "getnetworkhashps",

    "getnetworkinfo",

    "getnodeaddresses",

    "getorphantxs",

    "getpeerinfo",

    "getprioritisedtransactions",

    "getprivatebroadcastinfo",

    "getrawaddrman",

    "getrawmempool",

    "getrawtransaction",

    "getrpcinfo",

    "gettxout",

    "gettxoutsetinfo",

    "gettxspendingprevout",

    "help",

    "invalidateblock",

    "joinpsbts",

    "listbanned",

    "logging",

    "mockscheduler",

    "ping",

    "preciousblock",

    "prioritisetransaction",

    "pruneblockchain",

    "reconsiderblock",

    "scanblocks",

    "scantxoutset",

    "sendmsgtopeer", // when no peers are connected, no p2p message is sent

    "sendrawtransaction",

    "setmocktime",

    "setnetworkactive",

    "signmessagewithprivkey",

    "signrawtransactionwithkey",

    "submitblock",

    "submitheader",

    "submitpackage",

    "syncwithvalidationinterfacequeue",

    "testmempoolaccept",

    "uptime",

    "utxoupdatepsbt",

    "validateaddress",

    "verifychain",

    "verifymessage",

    "verifytxoutproof",

    "waitforblock",

    "waitforblockheight",

    "waitfornewblock",

};


std::string ConsumeScalarRPCArgument(FuzzedDataProvider& fuzzed_data_provider, bool& good_data)

{

    const size_t max_string_length = 4096;

    const size_t max_base58_bytes_length{64};

    std::string r;

    CallOneOf(

        fuzzed_data_provider,

        [&] {

            // string argument

            r = fuzzed_data_provider.ConsumeRandomLengthString(max_string_length);

        },

        [&] {

            // base64 argument

            r = EncodeBase64(fuzzed_data_provider.ConsumeRandomLengthString(max_string_length));

        },

        [&] {

            // hex argument

            r = HexStr(fuzzed_data_provider.ConsumeRandomLengthString(max_string_length));

        },

        [&] {

            // bool argument

            r = fuzzed_data_provider.ConsumeBool() ? "true" : "false";

        },

        [&] {

            // range argument

            r = "[" + ToString(fuzzed_data_provider.ConsumeIntegral<int64_t>()) + "," + ToString(fuzzed_data_provider.ConsumeIntegral<int64_t>()) + "]";

        },

        [&] {

            // integral argument (int64_t)

            r = ToString(fuzzed_data_provider.ConsumeIntegral<int64_t>());

        },

        [&] {

            // integral argument (uint64_t)

            r = ToString(fuzzed_data_provider.ConsumeIntegral<uint64_t>());

        },

        [&] {

            // floating point argument

            r = strprintf("%f", fuzzed_data_provider.ConsumeFloatingPoint<double>());

        },

        [&] {

            // tx destination argument

            r = EncodeDestination(ConsumeTxDestination(fuzzed_data_provider));

        },

        [&] {

            // uint160 argument

            r = ConsumeUInt160(fuzzed_data_provider).ToString();

        },

        [&] {

            // uint256 argument

            r = ConsumeUInt256(fuzzed_data_provider).ToString();

        },

        [&] {

            // base32 argument

            r = EncodeBase32(fuzzed_data_provider.ConsumeRandomLengthString(max_string_length));

        },

        [&] {

            // base58 argument

            r = EncodeBase58(MakeUCharSpan(fuzzed_data_provider.ConsumeRandomLengthString(max_base58_bytes_length)));

        },

        [&] {

            // base58 argument with checksum

            r = EncodeBase58Check(MakeUCharSpan(fuzzed_data_provider.ConsumeRandomLengthString(max_base58_bytes_length)));

        },

        [&] {

            // hex encoded block

            std::optional<CBlock> opt_block = ConsumeDeserializable<CBlock>(fuzzed_data_provider, TX_WITH_WITNESS);

            if (!opt_block) {

                good_data = false;

                return;

            }

            DataStream data_stream{};

            data_stream << TX_WITH_WITNESS(*opt_block);

            r = HexStr(data_stream);

        },

        [&] {

            // hex encoded block header

            std::optional<CBlockHeader> opt_block_header = ConsumeDeserializable<CBlockHeader>(fuzzed_data_provider);

            if (!opt_block_header) {

                good_data = false;

                return;

            }

            DataStream data_stream{};

            data_stream << *opt_block_header;

            r = HexStr(data_stream);

        },

        [&] {

            // hex encoded tx

            std::optional<CMutableTransaction> opt_tx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider, TX_WITH_WITNESS);

            if (!opt_tx) {

                good_data = false;

                return;

            }

            DataStream data_stream;

            auto allow_witness = (fuzzed_data_provider.ConsumeBool() ? TX_WITH_WITNESS : TX_NO_WITNESS);

            data_stream << allow_witness(*opt_tx);

            r = HexStr(data_stream);

        },

        [&] {

            // base64 encoded psbt

            std::optional<PartiallySignedTransaction> opt_psbt = ConsumeDeserializable<PartiallySignedTransaction>(fuzzed_data_provider);

            if (!opt_psbt) {

                good_data = false;

                return;

            }

            DataStream data_stream{};

            data_stream << *opt_psbt;

            r = EncodeBase64(data_stream);

        },

        [&] {

            // base58 encoded key

            CKey key = ConsumePrivateKey(fuzzed_data_provider);

            if (!key.IsValid()) {

                good_data = false;

                return;

            }

            r = EncodeSecret(key);

        },

        [&] {

            // hex encoded pubkey

            CKey key = ConsumePrivateKey(fuzzed_data_provider);

            if (!key.IsValid()) {

                good_data = false;

                return;

            }

            r = HexStr(key.GetPubKey());

        });

    return r;

}


std::string ConsumeArrayRPCArgument(FuzzedDataProvider& fuzzed_data_provider, bool& good_data)

{

    std::vector<std::string> scalar_arguments;

    LIMITED_WHILE(good_data && fuzzed_data_provider.ConsumeBool(), 100)

    {

        scalar_arguments.push_back(ConsumeScalarRPCArgument(fuzzed_data_provider, good_data));

    }

    return "[\"" + Join(scalar_arguments, "\",\"") + "\"]";

}


std::string ConsumeRPCArgument(FuzzedDataProvider& fuzzed_data_provider, bool& good_data)

{

    return fuzzed_data_provider.ConsumeBool() ? ConsumeScalarRPCArgument(fuzzed_data_provider, good_data) : ConsumeArrayRPCArgument(fuzzed_data_provider, good_data);

}


RPCFuzzTestingSetup* InitializeRPCFuzzTestingSetup()

{

    static const auto setup = MakeNoLogFileContext<RPCFuzzTestingSetup>();

    SetRPCWarmupFinished();

    return setup.get();

}

}; // namespace


void initialize_rpc()

{

    rpc_testing_setup = InitializeRPCFuzzTestingSetup();

    const std::vector<std::string> supported_rpc_commands = rpc_testing_setup->GetRPCCommands();

    for (const std::string& rpc_command : supported_rpc_commands) {

        const bool safe_for_fuzzing = std::find(RPC_COMMANDS_SAFE_FOR_FUZZING.begin(), RPC_COMMANDS_SAFE_FOR_FUZZING.end(), rpc_command) != RPC_COMMANDS_SAFE_FOR_FUZZING.end();

        const bool not_safe_for_fuzzing = std::find(RPC_COMMANDS_NOT_SAFE_FOR_FUZZING.begin(), RPC_COMMANDS_NOT_SAFE_FOR_FUZZING.end(), rpc_command) != RPC_COMMANDS_NOT_SAFE_FOR_FUZZING.end();

        if (!(safe_for_fuzzing || not_safe_for_fuzzing)) {

            std::cerr << "Error: RPC command \"" << rpc_command << "\" not found in RPC_COMMANDS_SAFE_FOR_FUZZING or RPC_COMMANDS_NOT_SAFE_FOR_FUZZING. Please update " << __FILE__ << ".\n";

            std::terminate();

        }

        if (safe_for_fuzzing && not_safe_for_fuzzing) {

            std::cerr << "Error: RPC command \"" << rpc_command << "\" found in *both* RPC_COMMANDS_SAFE_FOR_FUZZING and RPC_COMMANDS_NOT_SAFE_FOR_FUZZING. Please update " << __FILE__ << ".\n";

            std::terminate();

        }

    }

    const char* limit_to_rpc_command_env = std::getenv("LIMIT_TO_RPC_COMMAND");

    if (limit_to_rpc_command_env != nullptr) {

        g_limit_to_rpc_command = std::string{limit_to_rpc_command_env};

    }

}


FUZZ_TARGET(rpc, .init = initialize_rpc)

{

    SeedRandomStateForTest(SeedRand::ZEROS);

    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};

    bool good_data{true};

    SetMockTime(ConsumeTime(fuzzed_data_provider));

    const std::string rpc_command = fuzzed_data_provider.ConsumeRandomLengthString(64);

    if (!g_limit_to_rpc_command.empty() && rpc_command != g_limit_to_rpc_command) {

        return;

    }

    const bool safe_for_fuzzing = std::find(RPC_COMMANDS_SAFE_FOR_FUZZING.begin(), RPC_COMMANDS_SAFE_FOR_FUZZING.end(), rpc_command) != RPC_COMMANDS_SAFE_FOR_FUZZING.end();

    if (!safe_for_fuzzing) {

        return;

    }

    std::vector<std::string> arguments;

    LIMITED_WHILE(good_data && fuzzed_data_provider.ConsumeBool(), 100)

    {

        arguments.push_back(ConsumeRPCArgument(fuzzed_data_provider, good_data));

    }

    try {

        std::optional<test_only_CheckFailuresAreExceptionsNotAborts> maybe_mock{};

        if (rpc_command == "echo") {

            // Avoid aborting fuzzing for this specific test-only RPC with an

            // intentional trigger_internal_bug

            maybe_mock.emplace();

        }

        rpc_testing_setup->CallRPC(rpc_command, arguments);

    } catch (const UniValue& json_rpc_error) {

        const std::string error_msg{json_rpc_error.find_value("message").get_str()};

        if (error_msg.starts_with("Internal bug detected")) {

            // Only allow the intentional internal bug

            assert(error_msg.find("trigger_internal_bug") != std::string::npos);

        }

    }

}

FuzzedDataProvider.h

EncodeBase58
std::string EncodeBase58(std::span< const unsigned char > input)
Why base-58 instead of standard base-64 encoding?
Definition: base58.cpp:89

EncodeBase58Check
std::string EncodeBase58Check(std::span< const unsigned char > input)
Encode a byte span into a base58-encoded string, including checksum.
Definition: base58.cpp:137

base58.h

CallRPC
static UniValue CallRPC(BaseRequestHandler *rh, const std::string &strMethod, const std::vector< std::string > &args, const std::optional< std::string > &rpcwallet={})
Definition: bitcoin-cli.cpp:795

block.h

ChainType
ChainType
Definition: chaintype.h:11

CKey
An encapsulated private key.
Definition: key.h:36

CKey::IsValid
bool IsValid() const
Check whether this private key is valid.
Definition: key.h:124

CKey::GetPubKey
CPubKey GetPubKey() const
Compute the public key from a private key.
Definition: key.cpp:183

CRPCTable::listCommands
std::vector< std::string > listCommands() const
Returns a list of registered commands.
Definition: server.cpp:519

CRPCTable::execute
UniValue execute(const JSONRPCRequest &request) const
Execute a method.
Definition: server.cpp:482

DataStream
Double ended buffer combining vector and stream-like interfaces.
Definition: streams.h:133

FuzzedDataProvider
Definition: FuzzedDataProvider.h:32

FuzzedDataProvider::ConsumeRandomLengthString
std::string ConsumeRandomLengthString(size_t max_length)
Definition: FuzzedDataProvider.h:153

FuzzedDataProvider::ConsumeBool
bool ConsumeBool()
Definition: FuzzedDataProvider.h:289

FuzzedDataProvider::ConsumeFloatingPoint
T ConsumeFloatingPoint()
Definition: FuzzedDataProvider.h:240

FuzzedDataProvider::ConsumeIntegral
T ConsumeIntegral()
Definition: FuzzedDataProvider.h:195

JSONRPCRequest
Definition: request.h:53

JSONRPCRequest::params
UniValue params
Definition: request.h:57

JSONRPCRequest::strMethod
std::string strMethod
Definition: request.h:56

JSONRPCRequest::context
std::any context
Definition: request.h:62

UniValue
Definition: univalue.h:22

UniValue::get_str
const std::string & get_str() const
Definition: univalue_get.cpp:62

UniValue::find_value
const UniValue & find_value(std::string_view key) const
Definition: univalue.cpp:232

base_blob::ToString
std::string ToString() const
Definition: uint256.cpp:21

RPCConvertValues
UniValue RPCConvertValues(const std::string &strMethod, const std::vector< std::string > &strParams)
Convert command lines arguments to params object when -named is disabled.
Definition: client.cpp:435

client.h

fuzz.h

LIMITED_WHILE
#define LIMITED_WHILE(condition, limit)
Can be used to limit a theoretically unbounded loop.
Definition: fuzz.h:22

HexStr
std::string HexStr(const std::span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
Definition: hex_base.cpp:30

key.h

EncodeSecret
std::string EncodeSecret(const CKey &key)
Definition: key_io.cpp:231

EncodeDestination
std::string EncodeDestination(const CTxDestination &dest)
Definition: key_io.cpp:294

key_io.h

init
Definition: bitcoin-gui.cpp:17

util::ToString
std::string ToString(const T &t)
Locale-independent version of std::to_string.
Definition: string.h:246

util::Join
auto Join(const C &container, const S &separator, UnaryOp unary_op)
Join all container items.
Definition: string.h:205

transaction.h

TX_NO_WITNESS
static constexpr TransactionSerParams TX_NO_WITNESS
Definition: transaction.h:181

TX_WITH_WITNESS
static constexpr TransactionSerParams TX_WITH_WITNESS
Definition: transaction.h:180

request.h

initialize_rpc
void initialize_rpc()
Definition: rpc.cpp:346

FUZZ_TARGET
FUZZ_TARGET(rpc,.init=initialize_rpc)
Definition: rpc.cpp:368

SetRPCWarmupFinished
void SetRPCWarmupFinished()
Definition: server.cpp:324

tableRPC
CRPCTable tableRPC
Definition: server.cpp:544

server.h

setup_common.h

span.h

MakeUCharSpan
constexpr auto MakeUCharSpan(const V &v) -> decltype(UCharSpanCast(std::span{v}))
Like the std::span constructor, but for (const) unsigned char member types only.
Definition: span.h:111

streams.h

strencodings.h

string.h

BasicTestingSetup::m_node
node::NodeContext m_node
Definition: setup_common.h:66

TestOpts
Definition: setup_common.h:52

TestingSetup
Testing setup that configures a complete environment.
Definition: setup_common.h:121

ConsumeTime
NodeSeconds ConsumeTime(FuzzedDataProvider &fuzzed_data_provider, const std::optional< int64_t > &min, const std::optional< int64_t > &max) noexcept
Definition: util.cpp:34

ConsumePrivateKey
CKey ConsumePrivateKey(FuzzedDataProvider &fuzzed_data_provider, std::optional< bool > compressed) noexcept
Definition: util.cpp:235

ConsumeTxDestination
CTxDestination ConsumeTxDestination(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.cpp:189

util.h

ConsumeUInt256
uint256 ConsumeUInt256(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:167

CallOneOf
size_t CallOneOf(FuzzedDataProvider &fuzzed_data_provider, Callables... callables)
Definition: util.h:35

ConsumeUInt160
uint160 ConsumeUInt160(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: util.h:158

SeedRandomStateForTest
void SeedRandomStateForTest(SeedRand seedtype)
Seed the global RNG state for testing and log the seed value.
Definition: random.cpp:19

SeedRand::ZEROS
@ ZEROS
Seed with a compile time constant of zeros.

setup
static int setup(void)
Definition: tests.c:7808

tinyformat.h

strprintf
#define strprintf
Format arguments and return the string or write to given std::ostream (see tinyformat::format doc for...
Definition: tinyformat.h:1172

uint256.h

univalue.h

EncodeBase32
std::string EncodeBase32(std::span< const unsigned char > input, bool pad)
Base32 encode.
Definition: strencodings.cpp:144

EncodeBase64
std::string EncodeBase64(std::span< const unsigned char > input)
Definition: strencodings.cpp:98

SetMockTime
void SetMockTime(int64_t nMockTimeIn)
DEPRECATED Use SetMockTime with chrono type.
Definition: time.cpp:44

assert
assert(!tx.IsCoinBase())

fuzzed_data_provider
FuzzedDataProvider & fuzzed_data_provider
Definition: fees.cpp:38