Add support to fuzz proto data in uber filter fuzzer

test/extensions/filters/http/common/fuzz/filter_fuzz_test.cc

@@ -36,6 +36,13 @@ DEFINE_PROTO_FUZZER(const test::extensions::filters::http::FilterFuzzTestCase& i
         input->mutable_config()->mutable_typed_config()->set_type_url(
             absl::StrCat("type.googleapis.com/",
                          factory->createEmptyConfigProto()->GetDescriptor()->full_name()));
+
+        // For fuzzing proto data, guide the mutator to useful 'Any' types half
+        // the time. The other half the time, let the fuzzing engine choose
+        // any message to serialize.
+        if (seed % 2 == 0 && input->data().has_proto_body()) {
+          UberFilterFuzzer::guideAnyProtoType(input->mutable_data(), seed / 2);
+        }
       }};
 
   try {

test/extensions/filters/http/common/fuzz/uber_filter.cc

@@ -28,6 +28,22 @@ UberFilterFuzzer::UberFilterFuzzer() {
   perFilterSetup();
 }
 
+std::vector<std::string> UberFilterFuzzer::parseHttpData(const test::fuzz::HttpData& data) {
+  std::vector<std::string> data_chunks;
+
+  if (data.has_http_body()) {
+    data_chunks.reserve(data.http_body().data_size());
+    for (const std::string& http_data : data.http_body().data()) {
+      data_chunks.push_back(http_data);
+    }
+  } else if (data.has_proto_body()) {
+    const std::string serialized = data.proto_body().message().value();
+    data_chunks = absl::StrSplit(serialized, absl::ByLength(data.proto_body().chunk_size()));
+  }
+
+  return data_chunks;
+}
+
 void UberFilterFuzzer::decode(Http::StreamDecoderFilter* filter, const test::fuzz::HttpData& data) {
   bool end_stream = false;
 
@@ -42,22 +58,24 @@ void UberFilterFuzzer::decode(Http::StreamDecoderFilter* filter, const test::fuz
     headers.setHost("foo.com");
   }
 
-  if (data.data().empty() && !data.has_trailers()) {
+  if (data.body_case() == test::fuzz::HttpData::BODY_NOT_SET && !data.has_trailers()) {
     end_stream = true;
   }
-  ENVOY_LOG_MISC(debug, "Decoding headers: {} ", data.headers().DebugString());
+  ENVOY_LOG_MISC(debug, "Decoding headers (end_stream={}): {} ", end_stream,
+                 data.headers().DebugString());
   const auto& headersStatus = filter->decodeHeaders(headers, end_stream);
   if (headersStatus != Http::FilterHeadersStatus::Continue &&
       headersStatus != Http::FilterHeadersStatus::StopIteration) {
     return;
   }
 
-  for (int i = 0; i < data.data().size(); i++) {
-    if (i == data.data().size() - 1 && !data.has_trailers()) {
+  const std::vector<std::string> data_chunks = parseHttpData(data);
+  for (size_t i = 0; i < data_chunks.size(); i++) {
+    if (!data.has_trailers() && i == data_chunks.size() - 1) {
       end_stream = true;
     }
-    Buffer::OwnedImpl buffer(data.data().Get(i));
-    ENVOY_LOG_MISC(debug, "Decoding data: {} ", buffer.toString());
+    Buffer::OwnedImpl buffer(data_chunks[i]);
+    ENVOY_LOG_MISC(debug, "Decoding data (end_stream={}): {} ", end_stream, buffer.toString());
     if (filter->decodeData(buffer, end_stream) != Http::FilterDataStatus::Continue) {
       return;
     }

test/extensions/filters/http/common/fuzz/uber_filter.h

@@ -16,14 +16,21 @@ class UberFilterFuzzer {
                 proto_config,
             const test::fuzz::HttpData& data);
 
+  // For fuzzing proto data, guide the mutator to useful 'Any' types.
+  static void guideAnyProtoType(test::fuzz::HttpData* mutable_data, uint choice);
+
 protected:
   // Set-up filter specific mock expectations in constructor.
   void perFilterSetup();
   // Filter specific input cleanup.
   void cleanFuzzedConfig(absl::string_view filter_name, Protobuf::Message* message);
 
+  // Parses http or proto body into chunks.
+  std::vector<std::string> parseHttpData(const test::fuzz::HttpData& data);
+
   // This executes the decode methods to be fuzzed.
   void decode(Http::StreamDecoderFilter* filter, const test::fuzz::HttpData& data);
+
   void reset();
 
 private:

test/extensions/filters/http/common/fuzz/uber_per_filter.cc

@@ -44,6 +44,32 @@ void addBookstoreProtoDescriptor(Protobuf::Message* message) {
 }
 } // namespace
 
+void UberFilterFuzzer::guideAnyProtoType(test::fuzz::HttpData* mutable_data, uint choice) {
+  // These types are request/response from the test Bookstore service
+  // for the gRPC Transcoding filter.
+  static const std::vector<std::string> expected_types = {
+      "type.googleapis.com/bookstore.ListShelvesResponse",
+      "type.googleapis.com/bookstore.CreateShelfRequest",
+      "type.googleapis.com/bookstore.GetShelfRequest",
+      "type.googleapis.com/bookstore.DeleteShelfRequest",
+      "type.googleapis.com/bookstore.ListBooksRequest",
+      "type.googleapis.com/bookstore.CreateBookRequest",
+      "type.googleapis.com/bookstore.GetBookRequest",
+      "type.googleapis.com/bookstore.UpdateBookRequest",
+      "type.googleapis.com/bookstore.DeleteBookRequest",
+      "type.googleapis.com/bookstore.GetAuthorRequest",
+      "type.googleapis.com/bookstore.EchoBodyRequest",
+      "type.googleapis.com/bookstore.EchoStructReqResp",
+      "type.googleapis.com/bookstore.Shelf",
+      "type.googleapis.com/bookstore.Book",
+      "type.googleapis.com/google.protobuf.Empty",
+      "type.googleapis.com/google.api.HttpBody",
+  };
+  ProtobufWkt::Any* mutable_any = mutable_data->mutable_proto_body()->mutable_message();
+  const std::string& type_url = expected_types[choice % expected_types.size()];
+  mutable_any->set_type_url(type_url);
+}
+
 void UberFilterFuzzer::cleanFuzzedConfig(absl::string_view filter_name,
                                          Protobuf::Message* message) {
   // Map filter name to clean-up function.

test/fuzz/common.proto

@@ -5,6 +5,7 @@ package test.fuzz;
 import "envoy/config/core/v3/base.proto";
 import "envoy/config/core/v3/address.proto";
 
+import "google/protobuf/any.proto";
 import "google/protobuf/wrappers.proto";
 
 import "validate/validate.proto";
@@ -15,9 +16,29 @@ message Headers {
   repeated envoy.config.core.v3.HeaderValue headers = 1;
 }
 
+message HttpBody {
+  // The bytes that will be used as the request body.
+  repeated string data = 1 [(validate.rules).repeated .min_items = 1];
+}
+
+// HttpBody cannot efficiently create serialized protos.
+// Use ProtoBody instead to test grpc data.
+message ProtoBody {
+  // The proto message that will be serialized and used as the request body.
+  google.protobuf.Any message = 1 [(validate.rules).any.required = true];
+
+  // The size (in bytes) of each buffer when forming the requests.
+  uint64 chunk_size = 2 [(validate.rules).uint64.gt = 0];
+}
+
 message HttpData {
   Headers headers = 1;
-  repeated string data = 2;
+
+  oneof body {
+    HttpBody http_body = 2;
+    ProtoBody proto_body = 4;
+  }
+
   Headers trailers = 3;
 }
 

tools/code_format/check_format.py

@@ -58,6 +58,7 @@
     "./test/common/config/version_converter_test.cc",
     "./test/common/grpc/codec_test.cc",
     "./test/common/grpc/codec_fuzz_test.cc",
+    "./test/extensions/filters/http/common/fuzz/uber_filter.h",
 )
 
 # Files in these paths can use Protobuf::util::JsonStringToMessage