Fuzzing: add fuzz testing

[pkillarjun]

• ffebcdd updated .gitignore file, may be a bit irrelevant
• 42f8fb3 Added fuzzing tests

[martinpitt]

Hello @pkillarjun ! Sorry for the lack of replies, we are all a bit overloaded right now. Can you please explain the direction a little bit? At the moment this PR looks like it would just have a handful of static "slightly garbled" input strings (the *.bin files). These could just as well be added to the unit tests with a lot fewer overhead. Is there some magic/external tool which would shuffle and iterate on these basic inputs, to cover more cases? How would these be invoked?

[pkillarjun]

Hello @pkillarjun ! Sorry for the lack of replies, we are all a bit overloaded right now.

Yes, I can see that.

Can you please explain the direction a little bit?

Well, the direction is: first, add Cockpit into oss-fuzz infra for the starters, and then update or add new fuzzing targets.

Note: I did try to create a fuzz target with a client fuzzer sending malformed input to a server. There are still some bugs in the implementation that need to be fixed.

At the moment this PR looks like it would just have a handful of static "slightly garbled" input strings (the *.bin files).

Yes, .bin may look weird; they are fuzzing target corpus.

These could just as well be added to the unit tests with a lot fewer overhead.

Yes, they can be used with a testing framework, but I would argue we shouldn't do that and let them be separated.
Also, I can add these .bin files into my oss-fuzz-bloat repo, so this PR won't look much bloated.

Is there some magic/external tool which would shuffle and iterate on these basic inputs, to cover more cases? How would these be invoked?

Yes, there are several magical tools; these two are the most important for now: LibFuzzer and AFLplusplus.

How to guide for cockpit.