More fuzz targets for binary and Xml decoders (#2621)

- let all Xml encoders and decoders follow the dispose pattern, similar to all the other encoders.
- Add fuzz targets for Xml and binary indempotent fuzzer.
- add a ReadOnlySpan<byte> signature for WriteByteString
- add ArrayPool based IBufferWriter<byte> to support encoding of large byte string with buffers
- add Azure DevOps ci pipeline tests with known artifacts that caused fuzzing errors, to catch regressions.

Author: mregen

.azurepipelines/test.yml

@@ -59,6 +59,20 @@ jobs:
     inputs:
       targetType: filePath
       filePath: ./.azurepipelines/set-version.ps1
+  - task: DownloadSecureFile@1
+    name: fuzzingartifacts
+    displayName: 'Download Fuzzing artifacts'
+    inputs:
+      secureFile: 'FuzzingArtifacts.zip'
+  - task: ExtractFiles@1
+    displayName: 'Extract Fuzzing artifacts'
+    condition: ne(variables['fuzzingartifacts.secureFilePath'], '')
+    inputs:
+      archiveFilePatterns: '$(Agent.TempDirectory)/FuzzingArtifacts.zip'
+      destinationFolder: ./Fuzzing/Encoders/Fuzz.Tests
+      cleanDestinationFolder: false
+      overwriteExistingFiles: true
+    continueOnError: true
   - task: DotNetCoreCLI@2
     displayName: Restore ${{ parameters.configuration }}
     inputs:

.azurepipelines/testcc.yml

@@ -37,11 +37,25 @@ jobs:
   - task: NuGetToolInstaller@1
     inputs:
       versionSpec: '>=5.8.x'
+  - task: DownloadSecureFile@1
+    name: fuzzingartifacts
+    displayName: 'Download Fuzzing artifacts'
+    inputs:
+      secureFile: 'FuzzingArtifacts.zip'
   - task: PowerShell@2
     displayName: Versioning
     inputs:
       targetType: filePath
       filePath: ./.azurepipelines/set-version.ps1
+  - task: ExtractFiles@1
+    displayName: 'Extract Fuzzing artifacts'
+    condition: ne(variables['fuzzingartifacts.secureFilePath'], '')
+    inputs:
+      archiveFilePatterns: '$(Agent.TempDirectory)/FuzzingArtifacts.zip'
+      destinationFolder: ./Fuzzing/Encoders/Fuzz.Tests
+      cleanDestinationFolder: false
+      overwriteExistingFiles: true
+    continueOnError: true
   - task: DotNetCoreCLI@2
     displayName: Restore ${{ parameters.framework }}
     inputs:
@@ -77,13 +91,10 @@ jobs:
 
     displayName: Create Code Coverage Report
     continueOnError: true
-  - task: PublishCodeCoverageResults@1
+  - task: PublishCodeCoverageResults@2
     displayName: 'Publish code coverage'
     inputs:
-      codeCoverageTool: Cobertura
       summaryFileLocation: '$(Build.SourcesDirectory)/CodeCoverage/Cobertura.xml'
-      reportDirectory: '$(Build.SourcesDirectory)/CodeCoverage'
-
     continueOnError: true
   - script: |
       bash <(curl -Ls https://coverage.codacy.com/get.sh) report -r $REPORT_LOCATION --commit-uuid $COMMIT_UUID

Fuzzing/Encoders/Fuzz.Tests/Assets/crash-0483107a22caf892cff4f795c96ab14c581a8f55

@@ -0,0 +1,167 @@
+/* ========================================================================
+ * Copyright (c) 2005-2024 The OPC Foundation, Inc. All rights reserved.
+ *
+ * OPC Foundation MIT License 1.00
+ * 
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * The complete license agreement can be found here:
+ * http://opcfoundation.org/License/MIT/1.00/
+ * ======================================================================*/
+
+using System.IO;
+using System.Text;
+using NUnit.Framework;
+using System.Linq;
+using System;
+using Opc.Ua.Tests;
+using System.Reflection;
+
+namespace Opc.Ua.Fuzzing
+{
+
+    [TestFixture]
+    public class EncoderTests
+    {
+        #region DataPointSources
+        public static readonly TestcaseAsset[] GoodTestcases = new AssetCollection<TestcaseAsset>(TestUtils.EnumerateTestAssets("Testcases", "*.*")).ToArray();
+        public static readonly TestcaseAsset[] CrashAssets = new AssetCollection<TestcaseAsset>(TestUtils.EnumerateTestAssets("Assets", "crash*.*")).ToArray();
+        public static readonly TestcaseAsset[] TimeoutAssets = new AssetCollection<TestcaseAsset>(TestUtils.EnumerateTestAssets("Assets", "timeout*.*")).ToArray();
+        public static readonly TestcaseAsset[] SlowAssets = new AssetCollection<TestcaseAsset>(TestUtils.EnumerateTestAssets("Assets", "slow*.*")).ToArray();
+
+        [DatapointSource]
+        public static readonly string[] TestcaseEncoderSuffixes = new string[] { ".Binary", ".Json", ".Xml" };
+
+        [DatapointSource]
+        public static readonly FuzzTargetFunction[] FuzzableFunctions = typeof(FuzzableCode).GetMethods(BindingFlags.Static | BindingFlags.Public)
+            .Where(f => f.GetParameters().Length == 1)
+            .Select(f => new FuzzTargetFunction(f)).ToArray();
+        #endregion
+
+        [Theory]
+        public void FuzzGoodTestcases(
+            FuzzTargetFunction fuzzableCode,
+            [ValueSource(nameof(GoodTestcases))] TestcaseAsset messageEncoder)
+        {
+            FuzzTarget(fuzzableCode, messageEncoder.Testcase);
+        }
+
+        [Theory]
+        public void FuzzCrashAssets(FuzzTargetFunction fuzzableCode)
+        {
+            // note: too many crash files can take forever to create
+            // all permutations with nunit, so just run all in one batch
+            foreach (var messageEncoder in CrashAssets)
+            {
+                FuzzTarget(fuzzableCode, messageEncoder.Testcase);
+            }
+        }
+
+        [Theory]
+        [CancelAfter(1000)]
+        public void FuzzTimeoutAssets(
+            FuzzTargetFunction fuzzableCode,
+            [ValueSource(nameof(TimeoutAssets))] TestcaseAsset messageEncoder)
+        {
+            FuzzTarget(fuzzableCode, messageEncoder.Testcase);
+        }
+
+        [Theory]
+        [CancelAfter(1000)]
+        public void FuzzSlowAssets(
+            FuzzTargetFunction fuzzableCode,
+            [ValueSource(nameof(SlowAssets))] TestcaseAsset messageEncoder)
+        {
+            FuzzTarget(fuzzableCode, messageEncoder.Testcase);
+        }
+
+        delegate void LibFuzzTemplate(ReadOnlySpan<byte> span);
+
+        private void FuzzTarget(FuzzTargetFunction fuzzableCode, byte[] blob)
+        {
+            var parameters = fuzzableCode.MethodInfo.GetParameters();
+            if (parameters.Length != 1)
+            {
+                throw new InvalidOperationException("Fuzzable function must have exactly one parameter.");
+            }
+            if (parameters[0].ParameterType == typeof(string))
+            {
+                string text = Encoding.UTF8.GetString(blob);
+                _ = fuzzableCode.MethodInfo.Invoke(null, new object[] { text });
+            }
+            else if (typeof(Stream).IsAssignableFrom(parameters[0].ParameterType))
+            {
+                using (var stream = new MemoryStream(blob))
+                {
+                    _ = fuzzableCode.MethodInfo.Invoke(null, new object[] { stream });
+                }
+            }
+            else if (parameters[0].ParameterType == typeof(ReadOnlySpan<byte>))
+            {
+                var span = new ReadOnlySpan<byte>(blob);
+                LibFuzzTemplate fuzzFunction = (LibFuzzTemplate)fuzzableCode.MethodInfo.CreateDelegate(typeof(LibFuzzTemplate));
+                fuzzFunction(span);
+            }
+        }
+    }
+
+    /// <summary>
+    /// A Testcase as test asset.
+    /// </summary>
+    public class TestcaseAsset : IAsset, IFormattable
+    {
+        public TestcaseAsset() { }
+
+        public string Path { get; private set; }
+        public byte[] Testcase { get; private set; }
+
+        public void Initialize(byte[] blob, string path)
+        {
+            Path = path;
+            Testcase = blob;
+        }
+
+        public string ToString(string format, IFormatProvider formatProvider)
+        {
+            var file = System.IO.Path.GetFileName(Path);
+            return $"{file}";
+        }
+    }
+
+    /// <summary>
+    /// A Testcase as test asset.
+    /// </summary>
+    public class FuzzTargetFunction : IFormattable
+    {
+        public FuzzTargetFunction(MethodInfo methodInfo)
+        {
+            MethodInfo = methodInfo;
+        }
+
+        public MethodInfo MethodInfo { get; private set; }
+
+        public string ToString(string format, IFormatProvider formatProvider)
+        {
+            var name = MethodInfo.Name;
+            return $"{name}";
+        }
+    }
+}

Fuzzing/Encoders/Fuzz.Tests/Assets/slow-unit-0cd8a7ed364195b9e9aa896391d10ab4f3d693a1

@@ -0,0 +1,75 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFrameworks>$(TestsTargetFrameworks)</TargetFrameworks>
+    <AssemblyName>Opc.Ua.Encoders.Fuzz.Tests</AssemblyName>
+    <RootNamespace>Encoders.Fuzz.Tests</RootNamespace>
+    <GenerateProgramFile>false</GenerateProgramFile>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Compile Include="..\Fuzz\FuzzableCode.cs" Link="FuzzableCode.cs" />
+    <Compile Include="..\Fuzz\FuzzableCode.BinaryDecoder.cs" Link="FuzzableCode.BinaryDecoder.cs" />
+    <Compile Include="..\Fuzz\FuzzableCode.JsonDecoder.cs" Link="FuzzableCode.JsonDecoder.cs" />
+    <Compile Include="..\Fuzz\FuzzableCode.XmlDecoder.cs" Link="FuzzableCode.XmlDecoder.cs" />
+    <Compile Include="..\..\common\Fuzz\FuzzMethods.cs" Link="FuzzMethods.cs" />
+    <Compile Include="..\..\common\Fuzz.Tools\Testcases.cs" Link="Testcases.cs" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
+    <PackageReference Include="NUnit" Version="4.1.0" />
+    <PackageReference Include="NUnit.Console" Version="3.17.0" />
+    <PackageReference Include="NUnit3TestAdapter" Version="4.5.0">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
+    </PackageReference>
+    <PackageReference Include="coverlet.collector" Version="6.0.2">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+    </PackageReference>
+    <PackageReference Include="SharpFuzz" Version="2.1.1" />
+    <PackageReference Include="BenchmarkDotNet" Version="0.13.12" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\..\Stack\Opc.Ua.Core\Opc.Ua.Core.csproj" />
+    <ProjectReference Include="..\..\..\Libraries\Opc.Ua.Security.Certificates\Opc.Ua.Security.Certificates.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Compile Include="..\..\..\Tests\Common\Main.cs" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <None Include="..\Fuzz\Testcases.Binary\**\*.*">
+      <Link>Testcases\%(RecursiveDir)%(FileName)%(Extension)</Link>
+    </None>
+    <None Include="..\Fuzz\Testcases.Json\**\*.*">
+      <Link>Testcases\%(RecursiveDir)%(FileName)%(Extension)</Link>
+    </None>
+    <None Include="..\Fuzz\Testcases.Xml\**\*.*">
+      <Link>Testcases\%(RecursiveDir)%(FileName)%(Extension)</Link>
+    </None>
+  </ItemGroup>
+
+  <ItemGroup>
+    <None Update="..\Fuzz\Testcases.Binary\**\*.*">
+      <Link>Testcases\%(RecursiveDir)%(FileName)%(Extension)</Link>
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Update="..\Fuzz\Testcases.Json\**\*.*">
+      <Link>Testcases\%(RecursiveDir)%(FileName)%(Extension)</Link>
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Update="..\Fuzz\Testcases.Xml\**\*.*">
+      <Link>Testcases\%(RecursiveDir)%(FileName)%(Extension)</Link>
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Update="Assets\**">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+  </ItemGroup>
+
+</Project>