ci: fuzz: add more fuzz targets

[mohammed90]

I'm prepping to bring back the continuous fuzzing of Caddy on another platform after the departure of FuzzIt. In the process, I found more possible targets that can be included based on the criteria of:

• accept string|[]byte as input
• function body is more than mere json.Unmarshal

One dilemma for now is where to store the seed corpus to be retrieved by the new platform. Any thoughts? I think some projects store them in a branch, but not sure how much of a hassle will it be to keep that branch updated. I've considered hiding them behind a refs/<something>/corpus, but it feels too magical and needs insider knowledge.

[francislavoie]

I think a fuzz-corpus branch, or a separate repo, if possible, would be ok.

I don't have much else to add on this topic 🤷‍♂️ this looks fine to me.

[mholt]

LGTM, thanks as usual @mohammed90 🙂

As for where to store the corpus, a branch sounds good to me also. Would it get very large though? If so, maybe a separate repo, in a (possibly vain) attempt to keep this repo as lean as possible.

[mohammed90]

LGTM, thanks as usual @mohammed90 🙂

As for where to store the corpus, a branch sounds good to me also. Would it get very large though? If so, maybe a separate repo, in a (possibly vain) attempt to keep this repo as lean as possible.

It won't be the generated corpus. It'll just contain the seeds and the corpus I extracted from Fuzzit before its demise. Going with a branch, I'll do something like git checkout --orphan fuzz-seed-corpus and commit only the seed .zip files.

[mholt]

Awesome, let's see if it helps! Thanks!