Introduce fuzzing to classes

[skatkov]

No description provided.

[Copilot]

Pull request overview

This PR introduces Go fuzz tests across multiple internal converters/formatters and TUI utilities, adds a nightly CI fuzz workflow, and hardens a few conversion/help-formatting paths to avoid panics found during fuzzing.

Changes:

• Add fuzz tests for base64, CSV→JSON, converter (JSON/YAML/TOML/XML), YAML/HTML formatting, and TUI jsonrepair/json2toon.
• Make help column rendering bounds-safe in BasePagerModel and add tests for short column lists.
• Add TOML/XML output validation in converter functions and wire up make fuzz / nightly fuzz GitHub Actions.

Reviewed changes

Copilot reviewed 22 out of 22 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
tui/jsonrepair/fuzz_test.go	Fuzzes RepairJSON and validates output is valid JSON when no error is returned.
tui/json2toon/fuzz_test.go	Fuzzes Convert/ConvertWithOptions for no-panics with bounded inputs.
tui/base64-encoder/main_test.go	Adds a regression test ensuring helpView() doesn’t panic and returns content.
tui/base64-encoder/main.go	Adjusts help rendering to avoid out-of-range access (but leaves duplicated formatting).
tui/base64-decoder/main_test.go	Adds a regression test ensuring helpView() doesn’t panic and returns content.
tui/base64-decoder/main.go	Adjusts help rendering to avoid out-of-range access (but leaves duplicated formatting).
internal/yamlfmt/yamlfmt_fuzz_test.go	Fuzzes YAML formatting and validates resulting YAML parses.
internal/ui/base_pager_model_test.go	Tests new bounds-safe help formatting behavior.
internal/ui/base_pager_model.go	Makes help column rendering bounds-safe via helpColumnValue.
internal/htmlfmt/htmlfmt_fuzz_test.go	Fuzzes HTML formatting for no-panics.
internal/csv2json/testdata/fuzz/FuzzConvertDoesNotPanic/92197bf3838b3f8b	Adds a failing fuzz corpus entry.
internal/csv2json/csv2json_test.go	Adds targeted tests + fuzz test for Convert no-panics.
internal/csv2json/csv2json.go	Hardens array header parsing by requiring ] after [.
internal/converter/testdata/fuzz/FuzzYAMLToTOML/abff33899e7cd4f9	Adds fuzz corpus entry.
internal/converter/testdata/fuzz/FuzzJSONToXML/9c9314d711b15762	Adds fuzz corpus entry.
internal/converter/testdata/fuzz/FuzzJSONToXML/03b8b7151108b66b	Adds fuzz corpus entry.
internal/converter/converter_test.go	Adds regression tests for specific invalid conversion cases.
internal/converter/converter_fuzz_test.go	Adds fuzz tests with output validation for multiple conversions.
internal/converter/converter.go	Adds TOML re-parse validation and XML non-empty/parse validation for JSONToXML.
internal/base64/base64_fuzz_test.go	Adds base64 round-trip fuzz + behavior comparison vs stdlib decode.
Makefile	Adds fuzz and fuzz-nightly targets and parameters to control fuzz time.
.github/workflows/fuzz-nightly.yml	Adds scheduled nightly fuzz workflow and artifact upload for failing corpora.

Comments suppressed due to low confidence (2)

tui/base64-encoder/main.go:181

• helpView still hand-indexes into col1 and now hardcodes an empty right column for the "u" row. Since BasePagerModel now provides FormatHelpColumns/helpColumnValue to safely handle short column lists, consider using that helper here and removing the unreachable if len(col1) > 5 block (col1 is a fixed 4-element literal).

	s += "k/↑      up                  " + col1[0] + "\n"
	s += "j/↓      down                " + col1[1] + "\n"
	s += "b/pgup   page up             " + col1[2] + "\n"
	s += "f/pgdn   page down           " + col1[3] + "\n"
	s += "u        ½ page up           " + "\n"
	s += "d        ½ page down         "

	if len(col1) > 5 {
		s += col1[5]
	}

tui/base64-decoder/main.go:143

• helpView still uses direct indexing into col1 and now hardcodes an empty right column for the "u" row. Since BasePagerModel now provides FormatHelpColumns/helpColumnValue to safely handle short column lists, it would be more robust to use that helper here and remove the dead if len(col1) > 5 branch (col1 is a fixed 4-element literal).

	s += "k/↑      up                  " + col1[0] + "\n"
	s += "j/↓      down                " + col1[1] + "\n"
	s += "b/pgup   page up             " + col1[2] + "\n"
	s += "f/pgdn   page down           " + col1[3] + "\n"
	s += "u        ½ page up           " + "\n"
	s += "d        ½ page down         "

	if len(col1) > 5 {
		s += col1[5]
	}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

FuzzConvertDoesNotPanic doesn't bound input size (unlike the other fuzz tests in this PR). A fuzzer can quickly generate very large strings, which can lead to excessive CPU/memory usage or CI timeouts. Add a reasonable length guard (e.g., skip when len(input) exceeds a few KB) similar to the other fuzzers.