[Fuzz] Add fuzz testing for AdvancedPaste and new pipeline for onboarding OneFuzz

[lei9444]

Summary of the Pull Request

Why we need add fuzz test? This is a request from the SFI Wave 3, currently set as Priority 1.

In this PR:

1. New Fuzz Tests Project: Created for AdvancedPaste using .NET 8-Windows. Initial testing will focus on JsonHelper.
   • Note: Since OneFuzz does not yet support .NET 9 code testing, this is a temporary solution. A .NET 8 project is used initially, linking the code through a file.
2. Linking and Dependency Management: Connected JsonHelper file to the Fuzz Tests Project, minimizing dependencies by adding a mock Logger.
3. New Pipeline: Introduced to onboard OneFuzz.

Testing Result: The new pipeline is being tested using the CI pipeline.

the fuzz job result:

PR Checklist

• [ ] Closes: #xxx
• [ ] Communication: I've discussed this with core contributors already. If work hasn't been agreed, this work might be rejected
• [ ] Tests: Added/updated and all pass
• [ ] Localization: All end user facing strings can be localized
• [ ] Dev docs: Added/updated
• [ ] New binaries: Added on the required places
  • [ ] JSON for signing for new binaries
  • [ ] WXS for installer for new binaries and localization folder
  • [ ] YML for CI pipeline for new test projects
  • [ ] YML for signed pipeline
• [ ] Documentation updated: If checked, please file a pull request on our docs repo and link it here: #xxx

Detailed Description of the Pull Request / Additional comments

Validation Steps Performed

[github-actions[bot]]

@check-spelling-bot Report

:red_circle: Please review

See the :open_file_folder: files view, the :scroll:action log, or :memo: job summary for details.

Unrecognized words (2)

leilzh onefuzz

These words are not needed and should be removed

accctrl aclapi appdata Appium appmodel atlbase atlcom atlfile atlstr bootstrapper caniuse ceq cguid Cmds cne codicon comdef commandline commctrl commdlg comutil consts cppwinrt CRSEL crx dcommon dcomp DCs desktopwindowxamlsource devpkey dxgidebug dxgiformat emmintrin Emoji endpointvolume evntrace exdisp Functiondiscoverykeys guiddef hinstance hstring Intelli junja Knownfolders lmcons LONGLONG lpt LTRB mfapi mfidl mfobjects mftransform Minimatch mmdeviceapi mmsystem msedge msiquery newdev nodoc notlike Objbase objidl pathcch Pnp Preinstalled processthreadsapi propkey propvarutil redistributable Renamer reparse restrictederrorinfo roadmap ruleset runtimes shellapi shellscalingapi shldisp shlobj stl strsafe strutil subquery SWC tailwindcss tapp thumbcache tlhelp Toolset touchpad Tsd uninstantiated uniquifier Unknwn unregistering urlmon USERDATA Uxtheme verrsrc wcautil wincodec Wincodecsdk windef windowsapp windowsx winerror winevt winsdkver winternl wsl wtsapi

To accept these unrecognized words as correct and remove the previously acknowledged and now absent words, you could run the following commands

... in a clone of the [email protected]:microsoft/PowerToys.git repository on the leilzh/add_onefuzz branch (:information_source: how do I use this?):

curl -s -S -L 'https://raw.githubusercontent.com/check-spelling/check-spelling/v0.0.24/apply.pl' |
perl - 'https://github.com/microsoft/PowerToys/actions/runs/12313130155/attempts/1'

If the flagged items are :exploding_head: false positives

If items relate to a ...

• binary file (or some other file you wouldn't want to check at all).

  Please add a file path to the excludes.txt file matching the containing file.

  File paths are Perl 5 Regular Expressions - you can test yours before committing to verify it will match your files.

  ^ refers to the file's path from the root of the repository, so ^README\.md$ would exclude README.md (on whichever branch you're using).

• well-formed pattern.

  If you can write a pattern that would match it, try adding it to the patterns.txt file.

  Patterns are Perl 5 Regular Expressions - you can test yours before committing to verify it will match your lines.

  Note that patterns can't match multiline strings.

[github-actions[bot]]

@check-spelling-bot Report

:red_circle: Please review

See the :open_file_folder: files view, the :scroll:action log, or :memo: job summary for details.

Unrecognized words (8)

aep epsf howto myaccess oip onefuzzconfig onefuzzingestionpreparationtool onmicrosoft

These words are not needed and should be removed

accctrl aclapi appdata Appium appmodel atlbase atlcom atlfile atlstr bootstrapper caniuse ceq cguid Cmds cne codicon comdef commandline commctrl commdlg comutil consts cppwinrt CRSEL crx dcommon dcomp DCs desktopwindowxamlsource devpkey dxgidebug dxgiformat emmintrin Emoji endpointvolume evntrace exdisp Functiondiscoverykeys guiddef hinstance hstring Intelli junja Knownfolders lmcons LONGLONG lpt LTRB mfapi mfidl mfobjects mftransform Minimatch mmdeviceapi mmsystem msedge msiquery newdev nodoc notlike Objbase objidl pathcch Pnp Preinstalled processthreadsapi propkey propvarutil redistributable Renamer reparse restrictederrorinfo roadmap ruleset runtimes shellapi shellscalingapi shldisp shlobj stl strsafe strutil subquery SWC tailwindcss tapp thumbcache tlhelp Toolset touchpad Tsd uninstantiated uniquifier Unknwn unregistering urlmon USERDATA Uxtheme verrsrc wcautil wincodec Wincodecsdk windef windowsapp windowsx winerror winevt winsdkver winternl wsl wtsapi

To accept these unrecognized words as correct and remove the previously acknowledged and now absent words, you could run the following commands

... in a clone of the [email protected]:microsoft/PowerToys.git repository on the leilzh/add_onefuzz branch (:information_source: how do I use this?):

curl -s -S -L 'https://raw.githubusercontent.com/check-spelling/check-spelling/v0.0.24/apply.pl' |
perl - 'https://github.com/microsoft/PowerToys/actions/runs/12347473679/attempts/1'

Forbidden patterns :no_good: (1)

In order to address this, you could change the content to not match the forbidden patterns (comments before forbidden patterns may help explain why they're forbidden), add patterns for acceptable instances, or adjust the forbidden patterns themselves.

These forbidden patterns matched content:

Do not use (click) here links

For more information, see:

• https://www.w3.org/QA/Tips/noClickHere
• https://webaim.org/techniques/hypertext/link_text
• https://granicus.com/blog/why-click-here-links-are-bad/
• https://heyoka.medium.com/dont-use-click-here-f32f445d1021

(?i)(?:>|\[)(?:(?:click |)here|this(?=\]\([^\)]+:/)|link|(?:read |)more(?!</value))(?:</|\]\()

Errors (1)

See the :open_file_folder: files view, the :scroll:action log, or :memo: job summary for details.

:x: Errors	Count
:x: forbidden-pattern	2

See :x: Event descriptions for more information.

If the flagged items are :exploding_head: false positives

If items relate to a ...

• binary file (or some other file you wouldn't want to check at all).

  Please add a file path to the excludes.txt file matching the containing file.

  File paths are Perl 5 Regular Expressions - you can test yours before committing to verify it will match your files.

  ^ refers to the file's path from the root of the repository, so ^README\.md$ would exclude README.md (on whichever branch you're using).

• well-formed pattern.

  If you can write a pattern that would match it, try adding it to the patterns.txt file.

  Patterns are Perl 5 Regular Expressions - you can test yours before committing to verify it will match your lines.

  Note that patterns can't match multiline strings.