Add fuzzers for update_client parser and serializer

New fuzzers are update_client_protocol_parser_fuzzer and
update_client_protocol_serializer_fuzzer.

Corpuses were generated by taking examples from
protocol_parser_json_unittest.cc and
protocol_serializer_json_unittest.cc and then minimizing.

Bug: 1012898
Change-Id: Iddab1c9158e2886270930e25045b33506bfe166b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1850316
Commit-Queue: Max Moroz <mmoroz@chromium.org>
Auto-Submit: Dan McArdle <dmcardle@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Sorin Jianu <sorin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#705682}

components/update_client/BUILD.gn

@@ -3,6 +3,7 @@
 # found in the LICENSE file.
 
 import("//net/features.gni")
+import("//testing/libfuzzer/fuzzer_test.gni")
 
 source_set("network_impl") {
   sources = [
@@ -241,3 +242,25 @@ source_set("unit_tests") {
     "//third_party/re2",
   ]
 }
+
+fuzzer_test("update_client_protocol_serializer_fuzzer") {
+  sources = [
+    "protocol_serializer_fuzzer.cc",
+  ]
+  deps = [
+    ":update_client",
+    "//base:base",
+  ]
+  seed_corpus = "fuzzer_corpuses/protocol_serializer/"
+}
+
+fuzzer_test("update_client_protocol_parser_fuzzer") {
+  sources = [
+    "protocol_parser_fuzzer.cc",
+  ]
+  deps = [
+    ":update_client",
+    "//base:base",
+  ]
+  seed_corpus = "fuzzer_corpuses/protocol_parser/"
+}

components/update_client/fuzzer_corpuses/protocol_parser/71c7a20b152d0a5299354db9bc32294e4a6ce406

+  {"response":{
+   "protocol":"3.1",
+   "app":[
+    {"appid":"12345",
+     "status":"ok",
+     "updatecheck":{
+     "status":"noupdate"
+     }
+    }
+   ]
+  }})";
\ No newline at end of file

components/update_client/fuzzer_corpuses/protocol_parser/7f2f77459d57bd3da2abcdccf6dbe9f33105d0d2

+  {"response":{
+   "protocol":"3.1",
+   "app":[
+    {"appid":"12345",
+     "status":"ok",
+     "updatecheck":{
+     "status":"noupdate"
+     }
+    }
+   ]
+  }}
\ No newline at end of file

components/update_client/fuzzer_corpuses/protocol_serializer/12ec209260d35248c3b28ba7417e013f2f2323f5

+{"request":{"@os":"linux","@updater":"prod_id","acceptformat":"crx2,crx3","app":[{"appid":"id1","attr1":"1","attr2":"2","brand":"brand1","cohort":"c1","cohorthint":"ch1","cohortname":"cn1","disabled":[{"reason":0},{"reason":1}],"enabled":false,"installedby":"location1","installsource":"source1","packages":{"package":[{"fp":"fp1"}]},"ping":{"ping_freshness":"{5e9079b0-c2fb-4df2-8ca5-babfa37dde7d}","rd":1234},"updatecheck":{"updatedisabled":true},"version":"1.0"},{"appid":"id2","event":[{"a":1,"b":"2"},{"error":0}],"version":"2.0"}],"arch":"x64","dedup":"cr","dlpref":"cacheable","extra":"params","hw":{"physmemory":188},"lang":"lang","nacl_arch":"x86-64","os":{"arch":"x86_64","platform":"OS","version":"4.19.37-5+deb10u2rodete2-amd64"},"prodchannel":"channel","prodversion":"1.0","protocol":"3.1","requestid":"{2ee4b711-e978-4477-9301-ae0382a18b08}","sessionid":"{15160585-8ADE-4D3C-839B-1281A6035D1F}","updaterchannel":"channel","updaterversion":"1.0"}}

components/update_client/fuzzer_corpuses/protocol_serializer/53901ce8ac03225d61e5852f548a7d1a8c7ccb87

+{"request":{"@os":"linux","@updater":"","acceptformat":"crx2,crx3","arch":"x64","dedup":"cr","dlpref":"cacheable","hw":{"physmemory":188},"lang":"","nacl_arch":"x86-64","os":{"arch":"x86_64","platform":"","version":"4.19.37-5+deb10u2rodete2-amd64"},"prodversion":"","protocol":"3.1","requestid":"{73c3b42c-a2c6-4d73-a8dc-61f2b84cbecf}","sessionid":"{15160585-8ADE-4D3C-839B-1281A6035D1F}","updaterversion":""}}
\ No newline at end of file

components/update_client/fuzzer_corpuses/protocol_serializer/7353c2d34a737bac0ea9dcb9a85cb768e4cfe914

+{"request":{"@os":"linux","@updater":"prod_id","acceptformat":"crx2,crx3","app":[{"appid":"id1","attr1":"1","attr2":"2","brand":"brand1","cohort":"c1","cohorthint":"ch1","cohortname":"cn1","disabled":[{"reason":0},{"reason":1}],"enabled":false,"installedby":"location1","installsource":"source1","packages":{"package":[{"fp":"fp1"}]},"ping":{"ping_freshness":"{5e9079b0-c2fb-4df2-8ca5-babfa37dde7d}","rd":1234},"updatecheck":{"updatedisabled":true},"version":"1.0"},{"appid":"id2","event":[{"a":1,"b":"2"},{"error":0}],"version":"2.0"}],"arch":"x64","dedup":"cr","dlpref":"cacheable","extra":"params","hw":{"physmemory":188},"lang":"lang","nacl_arch":"x86-64","os":{"arch":"x86_64","platform":"OS","version":"4.19.37-5+deb10u2rodete2-amd64"},"prodchannel":"channel","prodversion":"1.0","protocol":"3.1","requestid":"{2ee4b711-e978-4477-9301-ae0382a18b08}","sessionid":"{15160585-8ADE-4D3C-839B-1281A6035D1F}","updaterchannel":"channel","updaterversion":"1.0"}}
+{"request":{"@os":"linux","@updater":"","acceptformat":"crx2,crx3","arch":"x64","dedup":"cr","hw":{"physmemory":188},"lang":"","nacl_arch":"x86-64","os":{"arch":"x86_64","platform":"","version":"4.19.37-5+deb10u2rodete2-amd64"},"prodversion":"","protocol":"3.1","requestid":"{8e064853-a382-4ee4-a8e6-927284eb91fe}","sessionid":"{15160585-8ADE-4D3C-839B-1281A6035D1F}","updaterversion":""}}
+{"request":{"@os":"linux","@updater":"","acceptformat":"crx2,crx3","arch":"x64","dedup":"cr","dlpref":"cacheable","hw":{"physmemory":188},"lang":"","nacl_arch":"x86-64","os":{"arch":"x86_64","platform":"","version":"4.19.37-5+deb10u2rodete2-amd64"},"prodversion":"","protocol":"3.1","requestid":"{73c3b42c-a2c6-4d73-a8dc-61f2b84cbecf}","sessionid":"{15160585-8ADE-4D3C-839B-1281A6035D1F}","updaterversion":""}}
+{"request":{"@os":"linux","@updater":"prod_id","acceptformat":"crx2,crx3","arch":"x64","dedup":"cr","dlpref":"cacheable","domainjoined":true,"extra":"params","hw":{"physmemory":188},"lang":"lang","nacl_arch":"x86-64","os":{"arch":"x86_64","platform":"OS","version":"4.19.37-5+deb10u2rodete2-amd64"},"prodchannel":"channel","prodversion":"1.0","protocol":"3.1","requestid":"{4f6c2ca7-9c84-40d6-9c9b-c9b2260a4655}","sessionid":"{15160585-8ADE-4D3C-839B-1281A6035D1F}","updaterchannel":"channel","updaterversion":"1.0"}}

components/update_client/fuzzer_corpuses/protocol_serializer/82e93965bf304af1f407a14cf4e0303a20d74fe8

+{"request":{"@os":"linux","@updater":"prod_id","acceptformat":"crx2,crx3","arch":"x64","dedup":"cr","dlpref":"cacheable","domainjoined":true,"extra":"params","hw":{"physmemory":188},"lang":"lang","nacl_arch":"x86-64","os":{"arch":"x86_64","platform":"OS","version":"4.19.37-5+deb10u2rodete2-amd64"},"prodchannel":"channel","prodversion":"1.0","protocol":"3.1","requestid":"{4f6c2ca7-9c84-40d6-9c9b-c9b2260a4655}","sessionid":"{15160585-8ADE-4D3C-839B-1281A6035D1F}","updaterchannel":"channel","updaterversion":"1.0"}}
\ No newline at end of file

components/update_client/fuzzer_corpuses/protocol_serializer/d198d0d9901925d6bd35cbe76fe83c40d1185f64

+{"request":{"@os":"linux","@updater":"","acceptformat":"crx2,crx3","arch":"x64","dedup":"cr","hw":{"physmemory":188},"lang":"","nacl_arch":"x86-64","os":{"arch":"x86_64","platform":"","version":"4.19.37-5+deb10u2rodete2-amd64"},"prodversion":"","protocol":"3.1","requestid":"{8e064853-a382-4ee4-a8e6-927284eb91fe}","sessionid":"{15160585-8ADE-4D3C-839B-1281A6035D1F}","updaterversion":""}}
\ No newline at end of file

components/update_client/fuzzer_corpuses/protocol_serializer/da2ebcaffec0bce69352b0a3d8e94ecb5fc83fb1

+{"request":{"@os":"linux","@updater":"","acceptformat":"crx2,crx3","arch":"x64","dedup":"cr","hw":{"physmemory":188},"lang":"","nacl_arch":"x86-64","os":{"arch":"x86_64","platform":"","version":"4.19.37-5+deb10u2rodete2-amd64"},"prodversion":"","protocol":"3.1","requestid":"{8e064853-a382-4ee4-a8e6-927284eb91fe}","sessionid":"{15160585-8ADE-4D3C-839B-1281A6035D1F}","updaterversion":""}}
+{"request":{"@os":"linux","@updater":"","acceptformat":"crx2,crx3","arch":"x64","dedup":"cr","dlpref":"cacheable","hw":{"physmemory":188},"lang":"","nacl_arch":"x86-64","os":{"arch":"x86_64","platform":"","version":"4.19.37-5+deb10u2rodete2-amd64"},"prodversion":"","protocol":"3.1","requestid":"{73c3b42c-a2c6-4d73-a8dc-61f2b84cbecf}","sessionid":"{15160585-8ADE-4D3C-839B-1281A6035D1F}","updaterversion":""}}
+{"request":{"@os":"linux","@updater":"prod_id","acceptformat":"crx2,crx3","arch":"x64","dedup":"cr","dlpref":"cacheable","domainjoined":true,"extra":"params","hw":{"physmemory":188},"lang":"lang","nacl_arch":"x86-64","os":{"arch":"x86_64","platform":"OS","version":"4.19.37-5+deb10u2rodete2-amd64"},"prodchannel":"channel","prodversion":"1.0","protocol":"3.1","requestid":"{4f6c2ca7-9c84-40d6-9c9b-c9b2260a4655}","sessionid":"{15160585-8ADE-4D3C-839B-1281A6035D1F}","updaterchannel":"channel","updaterversion":"1.0"}}
\ No newline at end of file

components/update_client/protocol_parser_fuzzer.cc

+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include "components/update_client/protocol_handler.h"
+#include "components/update_client/protocol_parser.h"
+
+namespace update_client {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  update_client::ProtocolHandlerFactoryJSON factory;
+  std::unique_ptr<ProtocolParser> parser = factory.CreateParser();
+
+  // Try parsing as a Response.
+  const std::string response(reinterpret_cast<const char*>(data), size);
+  parser->Parse(response);
+
+  return 0;
+}
+}  // namespace update_client

components/update_client/protocol_serializer_fuzzer.cc

+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include "base/command_line.h"
+#include "base/json/json_reader.h"
+#include "components/update_client/protocol_handler.h"
+#include "components/update_client/protocol_serializer.h"
+
+struct Environment {
+  Environment() { CHECK(base::CommandLine::Init(0, nullptr)); }
+};
+
+namespace update_client {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  static Environment env;
+
+  // Independently, try serializing a Request.
+  base::flat_map<std::string, std::string> additional_attributes;
+  std::map<std::string, std::string> updater_state_attributes;
+  std::vector<protocol_request::App> apps;
+
+  // Share |data| between |MakeProtocolRequest| args
+  FuzzedDataProvider data_provider(data, size);
+  const size_t max_arg_size = size / 7;
+  protocol_request::Request request = MakeProtocolRequest(
+      data_provider.ConsumeRandomLengthString(max_arg_size) /* session_id */,
+      data_provider.ConsumeRandomLengthString(max_arg_size) /* prod_id */,
+      data_provider.ConsumeRandomLengthString(
+          max_arg_size) /* browser_version */,
+      data_provider.ConsumeRandomLengthString(max_arg_size) /* lang */,
+      data_provider.ConsumeRandomLengthString(max_arg_size) /* channel */,
+      data_provider.ConsumeRandomLengthString(max_arg_size) /* os_long_name */,
+      data_provider.ConsumeRandomLengthString(
+          max_arg_size) /* download_preference */,
+      additional_attributes, &updater_state_attributes, std::move(apps));
+
+  update_client::ProtocolHandlerFactoryJSON factory;
+  std::unique_ptr<ProtocolSerializer> serializer = factory.CreateSerializer();
+  std::string request_serialized = serializer->Serialize(request);
+
+  // Any request we serialize should be valid JSON.
+  base::JSONReader json_reader;
+  CHECK(json_reader.Read(request_serialized));
+  return 0;
+}
+}  // namespace update_client