Zum Hauptinhalt springen
Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

Ruzzy

Skill Aktiv
Teil von:Testing Handbook Skills

Ruzzy is a coverage-guided Ruby fuzzer by Trail of Bits. Use for fuzzing pure Ruby code and Ruby C extensions.

Zweck

To provide a robust and production-ready tool for developers and security researchers to find memory corruption and undefined behavior bugs in Ruby applications and extensions.

Funktionen

  • Coverage-guided fuzzing for Ruby
  • Fuzzing for pure Ruby code
  • Fuzzing for Ruby C extensions
  • AddressSanitizer (ASan) and UndefinedBehaviorSanitizer (UBSan) integration
  • Detailed installation and usage instructions

Anwendungsfälle

  • Fuzzing Ruby applications or libraries to uncover bugs
  • Testing Ruby C extensions for memory safety issues
  • Improving the security and stability of Ruby codebases
  • Integrating fuzzing into CI/CD pipelines for Ruby projects

Nicht-Ziele

  • Fuzzing non-Ruby languages
  • Providing a general-purpose code analysis tool beyond fuzzing
  • Automating bug fixing

Workflow

  1. Set up environment with ASAN_OPTIONS
  2. Install Ruzzy with clang compiler flags
  3. Write a fuzzing harness (tracer script for pure Ruby)
  4. Run the fuzzer with the harness and optional corpus
  5. Interpret output and reproduce crashes

Praktiken

  • Fuzzing
  • Security testing
  • Code quality

Voraussetzungen

  • Linux x86-64 or AArch64/ARM64
  • Recent version of clang (tested back to 14.0.0, latest release recommended)
  • Ruby with gem installed

Trust

  • warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a low closure rate (approx. 24%) and potentially slow maintainer response.

Installation

Zuerst Marketplace hinzufügen

/plugin marketplace add trailofbits/skills
/plugin install testing-handbook-skills@trailofbits

Qualitätspunktzahl

75 /100
Analysiert about 22 hours ago

Vertrauenssignale

Letzter Commit3 days ago
GitHub-Inhaber trailofbits (opens in new tab)
Sterne5.2k
LizenzCC-BY-SA-4.0
Status
Quellcode ansehen

Ähnliche Erweiterungen

Senior Backend Engineer

100

Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.

Skill
alirezarezvani

Metal

100

Extract the conceptual essence of a repository as skills, agents, and teams — the project's roles, procedures, and coordination patterns expressed as agentskills.io-standard definitions. Reads an arbitrary codebase and produces generalized definitions that capture WHAT the project does and WHO operates it, without replicating HOW it does it. Use when onboarding to a new codebase and wanting to understand its conceptual architecture, when bootstrapping an agentic system from an existing project, when studying a project's organizational DNA for cross-pollination, or when creating a skill/agent/team library inspired by a reference implementation.

Skill
pjt222

Lean Ctx

100

Context Runtime für KI-Agenten — 59 MCP-Tools, 10 Lesemodi, über 95 Shell-Muster, Tree-sitter AST für 18 Sprachen. Komprimiert LLM-Kontext um bis zu 99%. Verwenden Sie es beim Lesen von Dateien, Ausführen von Shell-Befehlen, Suchen von Code oder Erkunden von Verzeichnissen. Automatische Installation, falls nicht vorhanden.

Skill
yvgude

Pathfinder

100

Ordnet eine Codebasis in Feature-gruppierte Flussdiagramme ein, identifiziert doppelte Belange über Features hinweg und schlägt eine einheitliche Architektur vor. Wird verwendet, wenn nach "dem idealen Pfad" gefragt wird, duplizierte Systeme vereinheitlicht oder die Architektur vor einem Refactoring auditiert werden soll. Gibt ein vorgeschlagenes einheitliches Flussdiagramm sowie Prompts zum Erstellen eines Plans pro System aus.

Skill
thedotmack

Codacy Audit

100

Codacy Cloud workflow for this repository -- run Codacy's analyzers locally before `git push` (mirrors what Codacy CI runs), and fetch/cluster Codacy issues for any PR via the v3 API. Use when the user mentions Codacy, "codacy analysis", `codacy-analysis-cli`, "codacy issues on PR", "fix codacy CI", "codacy markdownlint findings", or any Codacy gate failing on a netdata-org PR. Ships scripts analyze-local.sh (docker/binary runner for codacy-analysis-cli) and pr-issues.sh (paginated v3 issue fetch + group-by tool/pattern/severity/file). Token-safe -- CODACY_TOKEN never reaches assistant-visible stdout. Read-only by design in the current SOW; write actions (mark FP, mark fixed) are deferred.

Skill
netdata

Domain Extract

100

Extract domain knowledge from existing project sources and generate domain rules. Also handles vault sync and domain listing.

Skill
luiseiman