Add a very simple fuzz test for HttpTemplate::Parse (#56)

This commit includes both a simple fuzz test as well as the
infrastructure needed to make the fuzz test run.

To run the fuzz test, use a command like:

$bazel run --config=asan-libfuzzer //test:http_template_fuzz_test_run \
    -- --clean --timeout_secs=30

As for setting up the fuzz testing framework, I followed the
directions from
https://github.com/bazelbuild/rules_fuzzing/blob/master/README.md.  At
the time of this commit, the latest version of the fuzz testing
library was release
0.1.1 (https://github.com/bazelbuild/rules_fuzzing/releases/tag/v0.1.1),
so that’s where I pointed the bazel rules.

Author: justin-mp

.bazelrc

@@ -0,0 +1,8 @@
+# Force the use of Clang for C++ builds.
+build --action_env=CC=clang-10
+build --action_env=CXX=clang++-10
+
+# Define the --config=asan-libfuzzer configuration.
+build:asan-libfuzzer --@rules_fuzzing//fuzzing:cc_engine=@rules_fuzzing//fuzzing/engines:libfuzzer
+build:asan-libfuzzer --@rules_fuzzing//fuzzing:cc_engine_instrumentation=libfuzzer
+build:asan-libfuzzer --@rules_fuzzing//fuzzing:cc_engine_sanitizer=asan

README.md

@@ -19,6 +19,10 @@ following commands build and test sources:
 $ bazel build //...
 $ bazel test //...
 ```
+## Toolchain
+
+The Bazel build system defaults to using clang 10 to enable reproducible builds.
+
 
 # Contribution
 See [CONTRIBUTING.md](CONTRIBUTING.md).

WORKSPACE

@@ -23,6 +23,27 @@ load(
     "protobuf_repositories",
 )
 
+# See
+# https://github.com/bazelbuild/rules_fuzzing/blob/master/README.md#configuring-the-workspace.
+# The fuzzing rules must be first because if they are not, bazel will
+# pull in incompatible versions of absl and rules_python.
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+
+http_archive(
+    name = "rules_fuzzing",
+    sha256 = "a5734cb42b1b69395c57e0bbd32ade394d5c3d6afbfe782b24816a96da24660d",
+    strip_prefix = "rules_fuzzing-0.1.1",
+    urls = ["https://github.com/bazelbuild/rules_fuzzing/archive/v0.1.1.zip"],
+)
+
+load("@rules_fuzzing//fuzzing:repositories.bzl", "rules_fuzzing_dependencies")
+
+rules_fuzzing_dependencies()
+
+load("@rules_fuzzing//fuzzing:init.bzl", "rules_fuzzing_init")
+
+rules_fuzzing_init()
+
 absl_repositories()
 
 protobuf_repositories()

test/BUILD

@@ -15,6 +15,7 @@
 ################################################################################
 #
 load("@com_google_protobuf//:protobuf.bzl", "py_proto_library")
+load("@rules_fuzzing//fuzzing:cc_defs.bzl", "cc_fuzz_test")
 
 package(default_visibility = ["//visibility:public"])
 
@@ -31,6 +32,17 @@ cc_test(
     ],
 )
 
+cc_fuzz_test(
+    name = "http_template_fuzz_test",
+    srcs = [
+        "http_template_fuzz_test.cc",
+    ],
+    corpus = glob(["http_template_fuzz_test_corpus/**"]),
+    deps = [
+        "//src:http_template",
+    ],
+)
+
 cc_test(
     name = "path_matcher_test",
     size = "small",

test/http_template_fuzz_test.cc

@@ -0,0 +1,11 @@
+#include "grpc_transcoding/http_template.h"
+
+#include <cstdint>
+#include <cstddef>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  std::string path((const char*)data, size);
+  google::grpc::transcoding::HttpTemplate::Parse(path);
+  return 0;
+}

test/http_template_fuzz_test_corpus/literal

@@ -0,0 +1 @@
+/foo

test/http_template_fuzz_test_corpus/path-double-wildcard

@@ -0,0 +1 @@
+/foo/**

test/http_template_fuzz_test_corpus/path-double-wildcard-capture

@@ -0,0 +1 @@
+/{root=**}

test/http_template_fuzz_test_corpus/path-wildcard

@@ -0,0 +1 @@
+/foo/*

test/http_template_fuzz_test_corpus/path-wildcard-capture

@@ -0,0 +1 @@
+/{root=*}