util/db: add fuzzer

[AdamKorcz]

Moves a fuzzer from https://github.com/cncf/cncf-fuzzing/blob/main/projects/argo/argo-cd_db_fuzzer.go

Signed-off-by: AdamKorcz adam@adalogics.com

Note on DCO:

If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• The title of the PR states what changed and the related issues number (used for the release note).
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• Optional. My organization is added to USERS.md.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).

[codecov]

Codecov Report

Patch coverage: 33.33% and project coverage change: -0.01 ⚠️

Comparison is base (038f680) 48.99% compared to head (2e4d640) 48.99%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #11146      +/-   ##
==========================================
- Coverage   48.99%   48.99%   -0.01%     
==========================================
  Files         246      246              
  Lines       42486    42485       -1     
==========================================
- Hits        20816    20815       -1     
  Misses      19559    19559              
  Partials     2111     2111              

Impacted Files	Coverage Δ
cmd/argocd/commands/admin/settings_rbac.go	24.48% <33.33%> (-0.32%)	⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[crenshaw-dev]

Nice, thanks @AdamKorcz! Can you run go mod tidy and push?

[crenshaw-dev]

@AdamKorcz mind also fixing DCO?

Once I merge, what how do we actually use this fuzzer?

[agilgur5]

Once I merge, what how do we actually use this fuzzer?

This seems to be using Go 1.18+ built-in fuzzing, which can be run with go test -fuzz=FuzzTestName for a set period of time.

Usually they're run continuously via OSS-Fuzz as well as for a short period of time on PRs. The CNCF fuzzing repo actually describes the same thing in more detail.
It looks like there's a more recent CIFuzz GH action that can re-use the OSS-Fuzz configuration.

It seems like Argo was already added to OSS-Fuzz at some point, although I'm not entirely sure where the fuzz tests are referenced (especially as most of them are located in the above mentioned CNCF fuzzing repo)