Add fuzz testing for web API input parsers

## What

Write a fuzz test harness for the input validators and parsers exposed via the HTTP API.

## Why

The web API accepts input from `POST /api/login_init`, `POST /api/upload`, `POST /api/commit_all`, and other endpoints. All input passes through validators like `isSafeUploadFilename`, `isValidIpv4`, `parseIntStrict`, `parseFloatStrict`, and `isValidName`. A bug in any of these = remote crash or path traversal.

## How

1. Install libFuzzer or use the built-in fuzzing support in clang:
   ```bash
   sudo apt install clang
   ```
2. Create `test/test_fuzz/fuzz_validators.cpp` with a `LLVMFuzzerTestOneInput` entry point
3. Feed random bytes to each validator — the test passes if it never crashes/aborts/hangs
4. Example harness:
   ```cpp
   extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
       std::string input(reinterpret_cast<const char*>(data), size);
       isValidIpv4(input.c_str());   // must never crash
       isSafeUploadFilename(input.c_str());
       int dummy;
       parseIntStrict(String(input.c_str()), dummy);
       return 0;
   }
   ```
5. Run for 60 seconds — any crash or hang is a bug to fix

## Acceptance

- [ ] Fuzz harness created in `test/test_fuzz/`
- [ ] All validators survive 60s of fuzzing without crash
- [ ] Any discovered crashes are fixed or documented as known-accepted

## References

- `src/SystemDefs_Validate.h` — all input validators
- [libFuzzer tutorial](https://releases.llvm.org/16.0.0/docs/LibFuzzer.html)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add fuzz testing for web API input parsers #44

What

Why

How

Acceptance

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Add fuzz testing for web API input parsers #44

Description

What

Why

How

Acceptance

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions