[RFC] Add parse fuzzing via cargo fuzz

[quexten]

🎟️ Tracking

📔 Objective

Adds fuzzing. In this case, the test cases would only detect panic(unwrap/expect). For parse_passkey, the following failing input is discovered:

        Fido2CredentialFullView {
            credential_id: "",
            key_type: "",
            key_algorithm: "",
            key_curve: "",
            key_value: "",
            rp_id: "",
            user_handle: None,
            user_name: None,
            counter: "",
            rp_name: None,
            user_display_name: None,
            discoverable: "",
            creation_date: 1970-01-01T00:00:00Z,
        }

from this expect:

sdk-internal/crates/bitwarden-fido/src/lib.rs

Line 110 in f2bc708

let counter: u32 = value.counter.parse().expect("Invalid counter");

.

Fix in: #346

I have not further audited where this is called.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation
  team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
  issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 2c74d80f-46f3-4859-9849-7d81d2b84f20

New Issues (2)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2024-29409	Npm-@nestjs/common-10.4.6	details Recommended version: 10.4.16 Description: A File upload vulnerability in NestJS allows a remote attacker to execute arbitrary code through the Content-Type header. Versions through 10.4.15 ... Attack Vector: NETWORK Attack Complexity: LOW ID: Q9Lr%2F8bJfsOUXKkIQCvVwrfISR6Da6bDLGUEnzhH8oI%3D Vulnerable Package
	CVE-2025-5889	Npm-brace-expansion-2.0.1	details Recommended version: 2.0.2 Description: A vulnerability was found in juliangruber brace-expansion. It has been rated as problematic. Affected by this issue is the function "expand" of the... Attack Vector: NETWORK Attack Complexity: HIGH ID: QvJcYAv47jyUKiGf%2FQMuU7p6cPGHr65PIsTDqQ0Nrko%3D Vulnerable Package

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud