Fuzz testing on all binary decoding for LLO (#15476)

* Fuzz testing on ReportCodecPremiumLegacy.Decode

* Fuzz on PluginScopedRetirementReportCache_CheckAttestedRetirementReport

* go mod tidy

* Address linter issues

core/scripts/go.mod

@@ -236,7 +236,7 @@ require (
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
-	github.com/leanovate/gopter v0.2.10-0.20210127095200-9abe2343507a // indirect
+	github.com/leanovate/gopter v0.2.11 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/libp2p/go-buffer-pool v0.1.0 // indirect
@@ -299,7 +299,7 @@ require (
 	github.com/smartcontractkit/chain-selectors v1.0.31 // indirect
 	github.com/smartcontractkit/chainlink-ccip v0.0.0-20241128080738-06bef8620ac6 // indirect
 	github.com/smartcontractkit/chainlink-cosmos v0.5.2-0.20241017133723-5277829bd53f // indirect
-	github.com/smartcontractkit/chainlink-data-streams v0.1.1-0.20241114154055-8d29ea018b57 // indirect
+	github.com/smartcontractkit/chainlink-data-streams v0.1.1-0.20241202141438-a90db35252db // indirect
 	github.com/smartcontractkit/chainlink-feeds v0.1.1 // indirect
 	github.com/smartcontractkit/chainlink-protos/job-distributor v0.6.0 // indirect
 	github.com/smartcontractkit/chainlink-protos/orchestrator v0.3.0 // indirect

core/services/llo/evm/report_codec_premium_legacy_test.go

@@ -20,6 +20,28 @@ import (
 	"github.com/smartcontractkit/chainlink-data-streams/llo"
 )
 
+func FuzzReportCodecPremiumLegacy_Decode(f *testing.F) {
+	f.Add([]byte("not a protobuf"))
+	f.Add([]byte{0x0a, 0x00})             // empty protobuf
+	f.Add([]byte{0x0a, 0x02, 0x08, 0x01}) // invalid protobuf
+	f.Add(([]byte)(nil))
+	f.Add([]byte{})
+
+	validReport := newValidPremiumLegacyReport()
+	feedID := [32]uint8{0x1, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}
+	cd := llotypes.ChannelDefinition{Opts: llotypes.ChannelOpts(fmt.Sprintf(`{"baseUSDFee":"10.50","expirationWindow":60,"feedId":"0x%x","multiplier":10}`, feedID))}
+
+	codec := ReportCodecPremiumLegacy{logger.NullLogger, 100002}
+
+	validEncodedReport, err := codec.Encode(tests.Context(f), validReport, cd)
+	require.NoError(f, err)
+	f.Add(validEncodedReport)
+
+	f.Fuzz(func(t *testing.T, data []byte) {
+		codec.Decode(data) //nolint:errcheck // test that it doesn't panic, don't care about errors
+	})
+}
+
 func newValidPremiumLegacyReport() llo.Report {
 	return llo.Report{
 		ConfigDigest:                types.ConfigDigest{1, 2, 3},

core/services/llo/plugin_scoped_retirement_report_cache_test.go

@@ -16,6 +16,25 @@ import (
 	llotypes "github.com/smartcontractkit/chainlink-common/pkg/types/llo"
 )
 
+func FuzzPluginScopedRetirementReportCache_CheckAttestedRetirementReport(f *testing.F) {
+	f.Add([]byte("not a protobuf"))
+	f.Add([]byte{0x0a, 0x00})             // empty protobuf
+	f.Add([]byte{0x0a, 0x02, 0x08, 0x01}) // invalid protobuf
+	f.Add(([]byte)(nil))
+	f.Add([]byte{})
+
+	rrc := &mockRetirementReportCache{}
+	v := &mockVerifier{}
+	c := &mockCodec{}
+	psrrc := NewPluginScopedRetirementReportCache(rrc, v, c)
+
+	exampleDigest := ocr2types.ConfigDigest{1}
+
+	f.Fuzz(func(t *testing.T, data []byte) {
+		psrrc.CheckAttestedRetirementReport(exampleDigest, data) //nolint:errcheck // test that it doesn't panic, don't care about errors
+	})
+}
+
 type mockRetirementReportCache struct {
 	arr    []byte
 	cfg    Config

deployment/go.mod

@@ -315,7 +315,7 @@ require (
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
-	github.com/leanovate/gopter v0.2.10-0.20210127095200-9abe2343507a // indirect
+	github.com/leanovate/gopter v0.2.11 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/libp2p/go-buffer-pool v0.1.0 // indirect
@@ -402,7 +402,7 @@ require (
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/smartcontractkit/chainlink-automation v0.8.1 // indirect
 	github.com/smartcontractkit/chainlink-cosmos v0.5.2-0.20241017133723-5277829bd53f // indirect
-	github.com/smartcontractkit/chainlink-data-streams v0.1.1-0.20241114154055-8d29ea018b57 // indirect
+	github.com/smartcontractkit/chainlink-data-streams v0.1.1-0.20241202141438-a90db35252db // indirect
 	github.com/smartcontractkit/chainlink-feeds v0.1.1 // indirect
 	github.com/smartcontractkit/chainlink-protos/orchestrator v0.3.0 // indirect
 	github.com/smartcontractkit/chainlink-solana v1.1.1-0.20241127201057-3c9282e39749 // indirect

go.mod

@@ -52,7 +52,7 @@ require (
 	github.com/jonboulle/clockwork v0.4.0
 	github.com/jpillora/backoff v1.0.0
 	github.com/kylelemons/godebug v1.1.0
-	github.com/leanovate/gopter v0.2.10-0.20210127095200-9abe2343507a
+	github.com/leanovate/gopter v0.2.11
 	github.com/lib/pq v1.10.9
 	github.com/manyminds/api2go v0.0.0-20171030193247-e7b693844a6f
 	github.com/mitchellh/go-homedir v1.1.0
@@ -79,7 +79,7 @@ require (
 	github.com/smartcontractkit/chainlink-ccip v0.0.0-20241128080738-06bef8620ac6
 	github.com/smartcontractkit/chainlink-common v0.3.1-0.20241125150608-97ceadb2072d
 	github.com/smartcontractkit/chainlink-cosmos v0.5.2-0.20241017133723-5277829bd53f
-	github.com/smartcontractkit/chainlink-data-streams v0.1.1-0.20241114154055-8d29ea018b57
+	github.com/smartcontractkit/chainlink-data-streams v0.1.1-0.20241202141438-a90db35252db
 	github.com/smartcontractkit/chainlink-feeds v0.1.1
 	github.com/smartcontractkit/chainlink-protos/orchestrator v0.3.0
 	github.com/smartcontractkit/chainlink-solana v1.1.1-0.20241127201057-3c9282e39749