✨ Detect .NET property-based fuzz testing

checks/raw/fuzzing.go

@@ -170,6 +170,29 @@ var languageFuzzSpecs = map[clients.LanguageName]languageFuzzConfig{
 		Desc: asPointer(
 			"Fuzzed with Swift LibFuzzer"),
 	},
+	// Fuzz patterns for C# and F# based on property-based testing.
+	//
+	// Based on the import of one of these packages:
+	// * https://www.nuget.org/packages/Expecto.FsCheck
+	// * https://www.nuget.org/packages/FsCheck
+	// * https://www.nuget.org/packages/FsCheck.Nunit
+	// * https://www.nuget.org/packages/FsCheck.Xunit
+	//
+	// This is not an exhaustive list.
+	clients.CSharp: {
+		filePatterns: []string{"*.cs"},
+		// Look for direct imports of FsCheck and its test runner integrations.
+		funcPattern: `(using\s+(FsCheck|FsCheck\.(NUnit|Xunit)|Expecto\.ExpectoFsCheck));`,
+		Name:        fuzzers.PropertyBasedCSharp,
+		Desc:        propertyBasedDescription("C#"),
+	},
+	clients.FSharp: {
+		filePatterns: []string{"*.fs"},
+		// Look for direct imports of FsCheck and its test runner integrations.
+		funcPattern: `(open\s+(FsCheck|FsCheck\.(NUnit|Xunit)|Expecto\.ExpectoFsCheck))`,
+		Name:        fuzzers.PropertyBasedFSharp,
+		Desc:        propertyBasedDescription("F#"),
+	},
 	// TODO: add more language-specific fuzz patterns & configs.
 }
 

checks/raw/fuzzing_test.go

@@ -694,6 +694,126 @@ func Test_checkFuzzFunc(t *testing.T) {
 			},
 			fileContent: "const fc = require('fast-other');",
 		},
+		{
+			name:     "C# with no property-based testing",
+			want:     false,
+			fileName: []string{"test.cs"},
+			langs: []clients.Language{
+				{
+					Name:     clients.CSharp,
+					NumLines: 50,
+				},
+			},
+			fileContent: "using Xunit;",
+		},
+		{
+			name:     "C# with FsCheck",
+			want:     true,
+			fileName: []string{"csharp-fscheck.cs"},
+			langs: []clients.Language{
+				{
+					Name:     clients.CSharp,
+					NumLines: 50,
+				},
+			},
+			fileContent: "using FsCheck;",
+		},
+		{
+			name:     "C# with FsCheck.Nunit",
+			want:     true,
+			fileName: []string{"csharp-fscheck-nunit.cs"},
+			langs: []clients.Language{
+				{
+					Name:     clients.CSharp,
+					NumLines: 50,
+				},
+			},
+			fileContent: "using FsCheck.NUnit;",
+		},
+		{
+			name:     "C# with FsCheck.Xunit",
+			want:     true,
+			fileName: []string{"csharp-fscheck-xunit.cs"},
+			langs: []clients.Language{
+				{
+					Name:     clients.CSharp,
+					NumLines: 50,
+				},
+			},
+			fileContent: "using FsCheck.Xunit;",
+		},
+		{
+			name:     "C# with Expecto.FsCheck",
+			want:     true,
+			fileName: []string{"csharp-expecto-fscheck.cs"},
+			langs: []clients.Language{
+				{
+					Name:     clients.CSharp,
+					NumLines: 50,
+				},
+			},
+			fileContent: "using Expecto.ExpectoFsCheck;",
+		},
+		{
+			name:     "F# with no property-based testing",
+			want:     false,
+			fileName: []string{"test.fs"},
+			langs: []clients.Language{
+				{
+					Name:     clients.FSharp,
+					NumLines: 50,
+				},
+			},
+			fileContent: "open Xunit",
+		},
+		{
+			name:     "F# with FsCheck",
+			want:     true,
+			fileName: []string{"fsharp-fscheck.fs"},
+			langs: []clients.Language{
+				{
+					Name:     clients.FSharp,
+					NumLines: 50,
+				},
+			},
+			fileContent: "open FsCheck",
+		},
+		{
+			name:     "F# with FsCheck.Nunit",
+			want:     true,
+			fileName: []string{"fsharp-fscheck-nunit.fs"},
+			langs: []clients.Language{
+				{
+					Name:     clients.FSharp,
+					NumLines: 50,
+				},
+			},
+			fileContent: "open FsCheck.NUnit",
+		},
+		{
+			name:     "F# with FsCheck.Xunit",
+			want:     true,
+			fileName: []string{"fsharp-fscheck-xunit.fs"},
+			langs: []clients.Language{
+				{
+					Name:     clients.FSharp,
+					NumLines: 50,
+				},
+			},
+			fileContent: "open FsCheck.Xunit",
+		},
+		{
+			name:     "F# with Expecto.FsCheck",
+			want:     true,
+			fileName: []string{"fsharp-expecto-fscheck.fs"},
+			langs: []clients.Language{
+				{
+					Name:     clients.FSharp,
+					NumLines: 50,
+				},
+			},
+			fileContent: "open Expecto.ExpectoFsCheck",
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

clients/languages.go

@@ -41,7 +41,7 @@ const (
 	// Java: https://www.java.com/en/
 	Java LanguageName = "java"
 
-	// C#: https://docs.microsoft.com/en-us/dotnet/csharp/
+	// C#: https://docs.microsoft.com/dotnet/csharp/
 	CSharp LanguageName = "c#"
 
 	// ObjectiveC: the objective c language.
@@ -92,6 +92,9 @@ const (
 	// All indicates all programming languages.
 	All LanguageName = "all"
 
+	// F#: https://learn.microsoft.com/dotnet/fsharp/
+	FSharp LanguageName = "f#"
+
 	// Add more languages here if needed,
 	// please use lowercases for the LanguageName value.
 )

docs/checks.md

@@ -345,6 +345,7 @@ This check tries to determine if the project uses
    - a limited set of property-based testing libraries for Haskell including [QuickCheck](https://hackage.haskell.org/package/QuickCheck), [Hedgehog](https://hedgehog.qa/), [validity](https://hackage.haskell.org/package/validity) or [SmallCheck](https://hackage.haskell.org/package/smallcheck),
    - a limited set of property-based testing libraries for JavaScript and TypeScript including [fast-check](https://fast-check.dev/).
    - a limited set of property-based testing libraries for Erlang, including proper and quickcheck.
+   - a limited set of property-based testing libraries for C# and F# including [FsCheck](https://github.com/fscheck/FsCheck).
 
 Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data
 into a program to expose bugs. Regular fuzzing is important to detect

docs/checks/fuzzing/README.md

@@ -1,4 +1,5 @@
 # Supported Fuzzers
+
 * [LibFuzzer](https://llvm.org/docs/LibFuzzer.html)
   * Detection is based on usages of a function named `LLVMFuzzerTestOneInput` in C, C++, or Swift files.
 * [ClusterFuzzLite](https://github.com/google/clusterfuzzlite)
@@ -23,8 +24,10 @@
   * Detection based on the presence of `import atheris` in Python files.
 * [cargo-fuzz](https://rust-fuzz.github.io/book/cargo-fuzz.html)
   * Detection based on presence of `libfuzzer_sys` in Rust files.
+* [FsCheck](https://github.com/fscheck/FsCheck)
+  * Detection based on import statements in C# and F# files.
 
-# Add Support
+## Add Support
 
-Don't see your fuzzing tool listed? 
+Don't see your fuzzing tool listed?
 Search for an existing issue, or create one, to discuss adding support.

docs/checks/internal/checks.yaml

@@ -405,6 +405,7 @@ checks:
          - a limited set of property-based testing libraries for Haskell including [QuickCheck](https://hackage.haskell.org/package/QuickCheck), [Hedgehog](https://hedgehog.qa/), [validity](https://hackage.haskell.org/package/validity) or [SmallCheck](https://hackage.haskell.org/package/smallcheck),
          - a limited set of property-based testing libraries for JavaScript and TypeScript including [fast-check](https://fast-check.dev/).
          - a limited set of property-based testing libraries for Erlang, including proper and quickcheck.
+         - a limited set of property-based testing libraries for C# and F# including [FsCheck](https://github.com/fscheck/FsCheck).
 
       Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data
       into a program to expose bugs. Regular fuzzing is important to detect

finding/probe.go

@@ -170,7 +170,7 @@ func validateSupportedLanguages(r pyaml.Ecosystem) error {
 			clients.PHP, clients.StarLark, clients.Scala,
 			clients.Kotlin, clients.Swift, clients.Rust,
 			clients.Haskell, clients.All, clients.Dockerfile,
-			clients.ObjectiveC:
+			clients.ObjectiveC, clients.FSharp:
 			continue
 		default:
 			return fmt.Errorf("%w: %v", errInvalid, fmt.Sprintf("language '%v'", r))

internal/fuzzers/fuzzers.go

@@ -31,5 +31,7 @@ const (
 	SwiftLibFuzzer          = "SwiftLibFuzzer"
 	RustCargoFuzz           = "RustCargoFuzzer"
 	JavaJazzerFuzzer        = "JavaJazzerFuzzer"
+	PropertyBasedCSharp     = "CSharpPropertyBasedTesting"
+	PropertyBasedFSharp     = "FSharpPropertyBasedTesting"
 	// TODO: add more fuzzing check supports.
 )