✨ Detect .NET property-based fuzz testing

[martincostello]

What kind of change does this PR introduce?

Add feature to detect use of FsCheck in C# and F# code for the fuzzing check.

• PR title follows the guidelines defined in our pull request documentation

What is the current behavior?

Use of FsCheck in C# or F# test code does not contribute to the fuzzing check.

What is the new behavior (if this is a feature change)?**

Use of FsCheck, FsCheck.Nunit, FsCheck.Xunit or Expecto.FsCheck in .cs or fs files counts as property-based fuzz testing for C# and F# respectively.

• Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

NONE

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

Treat use of FsCheck in C# and F# code as use of fuzzing.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.59%. Comparing base (353ed60) to head (ffcf354).
⚠️ Report is 295 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4860      +/-   ##
==========================================
+ Coverage   66.80%   69.59%   +2.78%     
==========================================
  Files         230      251      +21     
  Lines       16602    15657     -945     
==========================================
- Hits        11091    10896     -195     
+ Misses       4808     3891     -917     
- Partials      703      870     +167     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

This PR adds support for detecting property-based fuzz testing in .NET languages (C# and F#) using the FsCheck library. It extends the fuzzing check to recognize FsCheck and its test framework integrations (NUnit, Xunit, and Expecto) through import statement pattern matching.

Key Changes:

• Added F# as a supported language with regex-based detection for FsCheck imports
• Extended C# fuzzing detection to recognize FsCheck property-based testing libraries
• Added comprehensive test coverage for both C# and F# FsCheck detection scenarios

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
internal/fuzzers/fuzzers.go	Added constants for C# and F# property-based testing fuzzer identifiers
finding/probe.go	Added F# to the list of validated supported languages
docs/checks/internal/checks.yaml	Updated fuzzing check documentation to include FsCheck for C# and F#
docs/checks/fuzzing/README.md	Added FsCheck to the list of supported fuzzers with minor formatting improvements
docs/checks.md	Updated fuzzing check description to mention C# and F# FsCheck support
clients/languages.go	Added F# language constant and updated C# documentation URL
checks/raw/fuzzing_test.go	Added 10 test cases covering various FsCheck import scenarios for C# and F#
checks/raw/fuzzing.go	Implemented fuzzing detection logic with regex patterns for C# and F# FsCheck imports

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[spencerschrock]

/scdiff generate Fuzzing

[github-actions]

Here's a link to the scdiff run

[spencerschrock]

Generally looks good. Are there any GitHub repos which would be good to manually run this against before merge? The one C# repo we have in our test corpus doesnt seem to have any usages of it

[martincostello]

Polly has some usage: https://github.com/App-vNext/Polly

[martincostello]

> go run main.go --repo https://github.com/App-vNext/Polly --checks Fuzzing

Starting (https://github.com/App-vNext/Polly) [Fuzzing]
Finished (https://github.com/App-vNext/Polly) [Fuzzing]

RESULTS
-------
Aggregate score: 10.0 / 10

Check scores:
|---------|---------|-------------------|--------------------------------------------------------------------|
|  SCORE  |  NAME   |      REASON       |                    DOCUMENTATION / REMEDIATION                     |
|---------|---------|-------------------|--------------------------------------------------------------------|
| 10 / 10 | Fuzzing | project is fuzzed | https://github.com/ossf/scorecard/blob/main/docs/checks.md#fuzzing |
|---------|---------|-------------------|--------------------------------------------------------------------|

[spencerschrock]

Thanks Martin!