Fuzzing framework

[Gustavo-Jodar]

Description

New fuzzing framework for Ledger SDK.
If you want to test the framework with an app, you can have a look at the boilerplate PR LedgerHQ/app-boilerplate#163

Changes include

• Bugfix (non-breaking change that solves an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (change that is not backwards-compatible and/or changes current functionality)
• Tests
• Documentation
• Other (for changes that might not fit in any category)

[ledger-wiz-cspm-secret-detection]

Wiz Scan Summary

Scanner	Findings
Sensitive Data	-
Secrets	-
IaC Misconfigurations	1  1
Total	1  1

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

[0pendev]

Nice iteration. Will test it but it looks fairly easy to use and documented enough for new commers.

Made a review on the CMake scripts.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 62.08%. Comparing base (1fc96d8) to head (97cf2cb).
Report is 45 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #969      +/-   ##
==========================================
+ Coverage   61.45%   62.08%   +0.62%     
==========================================
  Files          13       13              
  Lines        1816     1817       +1     
==========================================
+ Hits         1116     1128      +12     
+ Misses        700      689      -11     

Flag	Coverage Δ
unittests	62.08% <ø> (+0.62%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[bboilot-ledger]

FYI, if you want to test the framework with an app, you can have a look at the boilerplate PR LedgerHQ/app-boilerplate#163

[cedelavergne-ledger]

This API_LEVEL value is already obsolete now.
How can we force the macros to be regenerated, at least on the PR workflows?
Moreover, we should probably find a way to auto-update the macro files regularly, to ensure they are always up-to-date, aligned with the surrent SDK
Maybe those files should not be stored under git, but generated at runtime?

[0pendev]

@Gustavo-Jodar did you leave this as an example? Or is there another use case?
This API_LEVEL should be present in the compile_commands.json when running from a released SDK.

[Gustavo-Jodar]

To generate those files I extracted the macro definitions used when building app-boilerplate with the SDK, and it was left there like this as an example that should be changed in order to fuzz the sdk.
Which exposes the problem of having them obsolete, since this API_LEVEL was the one used before a new version of the sdk (interval between this review and my commit).
This process could be automated, since it is just a matter of compiling app-boilerplate with bear and using extract_macros.py to make the files.

[0pendev]

Let's try to get as far as possible from platform specific commands.
Cmake has a few commands/functinos for such use cases.
Here we could try something like cmake env

Suggested change

	execute_process(
	COMMAND sh -c "BOLOS_SDK=\${STAX_SDK} && TARGET=${TARGET_DEVICE} && CC=clang make list-defines"
	WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}/macros"
	OUTPUT_VARIABLE MACRO_OUTPUT
	OUTPUT_STRIP_TRAILING_WHITESPACE
	ERROR_QUIET
	)
	execute_process(
	COMMAND ${CMAKE_COMMAND} -E env
	BOLOS_SDK=${STAX_SDK}
	TARGET=${TARGET_DEVICE}
	CC=clang
	make list-defines
	WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}/macros"
	OUTPUT_VARIABLE MACRO_OUTPUT
	OUTPUT_STRIP_TRAILING_WHITESPACE
	ERROR_QUIET
	)

[0pendev]

Also, if we specify TARGET then we should point to the currently in use sdk instead of STAX_SDK