[CodeHealth] Use span of bytes to read arbitrary data

[cdesouza-chromium]

This PR touches in different places of the code base where the use of reinterpret_cast was necessary to allow data to be handled in different format. Span is both safer and more ergonimic. It is preferrable over void*, and particularly we should avoid any type of casts involving byte values to numeric values, as those can cause undefined behaviour.

This change additionally refactors DeviceIdImpl::IsValidMacAddress to use base::MakeFixedFlatSet for the set of invalid mac addresses we were searching for, as the search was sequential, and for successful values it meant visiting every element in the array to check for comparison.

Resolves

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

[tmancey]

LGTM

Dismissing review as adding tests as discussed. Thanks

[tmancey]

macOS LGTM++

[github-actions]

[puLL-Merge] - brave/brave-core@25978

Description

This PR introduces several changes to improve code quality, security, and add unit tests for the device ID implementation in the Brave browser. The main focus is on refactoring the MAC address validation logic and improving the handling of byte operations.

Changes

Changes

1. browser/brave_ads/device_id/BUILD.gn

   • Added a new source set for unit tests.

2. browser/brave_ads/device_id/device_id_impl.cc

   • Refactored the MAC address validation logic to use a more efficient and maintainable approach.
   • Introduced a MacAddressInfoMatcher class and a MacAddressInfoComparator struct for better handling of MAC address comparisons.
   • Replaced the old kInvalidMacAddresses array with a more efficient base::MakeFixedFlatSet.
   • Updated the IsValidMacAddress function to use the new data structures.

3. browser/brave_ads/device_id/device_id_impl.h

   • Updated the IsValidMacAddress function signature to use base::span<const uint8_t> instead of raw pointers.

4. browser/brave_ads/device_id/device_id_impl_linux.cc, device_id_impl_mac.cc, device_id_impl_win.cc

   • Updated the MAC address validation callback to use base::span<const uint8_t>.

5. browser/default_protocol_handler_utils_win.cc

   • Refactored the HashString function to use more modern C++ practices and improve readability.
   • Replaced raw pointer operations with safer alternatives using base::span and base::SpanReader.

6. components/brave_shields/content/browser/brave_farbling_service.cc

   • Updated byte operations to use base::byte_span_from_ref and base::as_byte_span for improved type safety.

7. browser/brave_ads/device_id/device_id_impl_unittest.cc

   • Added new unit tests for the IsValidMacAddress function.

8. test/BUILD.gn

   • Added the new device ID unit tests to the build configuration.

Possible Issues

• The changes to the MAC address validation logic may potentially affect the behavior of device ID generation. Thorough testing should be done to ensure compatibility with existing systems.

Security Hotspots

• The refactoring of the HashString function in default_protocol_handler_utils_win.cc involves cryptographic operations. While the changes appear to maintain the same logic, careful review of this function is necessary to ensure no security vulnerabilities have been introduced.

[tmancey]

LGTM

[brave-builds]

Released in v1.73.21