Add ClusterFuzzLite fuzzing infrastructure

- Add .clusterfuzzlite/ with project.yaml, Dockerfile, build.sh
- Add fuzz/ with generic fuzz target
- Add PR and batch fuzzing workflows

Co-Authored-By: Claude Opus 4.5 <[email protected]>

Author: Jonathan D.A. Jewell

.clusterfuzzlite/Dockerfile

@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: PMPL-1.0
+FROM gcr.io/oss-fuzz-base/base-builder-rust@sha256:73c1d5648db54100639339d411a5d192cbc8bf413ee91e843a07cf6f0e319dc7
+
+COPY . $SRC/echidna
+WORKDIR $SRC/echidna
+
+COPY .clusterfuzzlite/build.sh $SRC/

.clusterfuzzlite/build.sh

@@ -0,0 +1,7 @@
+#!/bin/bash -eu
+# SPDX-License-Identifier: PMPL-1.0
+cd $SRC/echidna
+cargo +nightly fuzz build
+for target in $(cargo +nightly fuzz list); do
+    cp ./target/x86_64-unknown-linux-gnu/release/$target $OUT/
+done

.clusterfuzzlite/project.yaml

@@ -0,0 +1,2 @@
+# SPDX-License-Identifier: PMPL-1.0
+language: rust

.github/workflows/cflite_batch.yml

@@ -0,0 +1,32 @@
+# SPDX-License-Identifier: PMPL-1.0
+name: ClusterFuzzLite batch fuzzing
+on:
+  schedule:
+    - cron: '0 3 * * 0'
+  workflow_dispatch:
+
+permissions: read-all
+
+jobs:
+  BatchFuzzing:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer: [address]
+    steps:
+      - name: Build Fuzzers (${{ matrix.sanitizer }})
+        id: build
+        uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
+        with:
+          language: rust
+          sanitizer: ${{ matrix.sanitizer }}
+
+      - name: Run Fuzzers (${{ matrix.sanitizer }})
+        id: run
+        uses: google/clusterfuzzlite/actions/run_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fuzz-seconds: 1800
+          mode: batch
+          sanitizer: ${{ matrix.sanitizer }}

.github/workflows/cflite_pr.yml

@@ -0,0 +1,31 @@
+# SPDX-License-Identifier: PMPL-1.0
+name: ClusterFuzzLite PR fuzzing
+on:
+  pull_request:
+    branches: [main]
+
+permissions: read-all
+
+jobs:
+  PR:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer: [address]
+    steps:
+      - name: Build Fuzzers (${{ matrix.sanitizer }})
+        id: build
+        uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
+        with:
+          language: rust
+          sanitizer: ${{ matrix.sanitizer }}
+
+      - name: Run Fuzzers (${{ matrix.sanitizer }})
+        id: run
+        uses: google/clusterfuzzlite/actions/run_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 # v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fuzz-seconds: 300
+          mode: code-change
+          sanitizer: ${{ matrix.sanitizer }}

fuzz/Cargo.toml

@@ -0,0 +1,24 @@
+# SPDX-License-Identifier: PMPL-1.0
+[package]
+name = "echidna-fuzz"
+version = "0.0.0"
+authors = ["hyperpolymath"]
+publish = false
+edition = "2021"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+arbitrary = { version = "1", features = ["derive"] }
+
+[dependencies.echidna]
+path = ".."
+
+[[bin]]
+name = "fuzz_input"
+path = "fuzz_targets/fuzz_input.rs"
+test = false
+doc = false
+bench = false

fuzz/fuzz_targets/fuzz_input.rs

@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: PMPL-1.0
+//! Generic fuzz target for arbitrary input processing
+
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    // Fuzz with arbitrary byte input
+    // This exercises any parsing/processing functions with random data
+    if let Ok(input) = std::str::from_utf8(data) {
+        // Try to process the input as text
+        let _ = input.trim();
+        let _ = input.lines().count();
+    }
+
+    // Exercise the data directly as bytes
+    let _ = data.len();
+    let _ = data.is_empty();
+});