Ruzzy
技能 活跃Ruzzy is a coverage-guided Ruby fuzzer by Trail of Bits. Use for fuzzing pure Ruby code and Ruby C extensions.
To provide a robust and production-ready tool for developers and security researchers to find memory corruption and undefined behavior bugs in Ruby applications and extensions.
功能
- Coverage-guided fuzzing for Ruby
- Fuzzing for pure Ruby code
- Fuzzing for Ruby C extensions
- AddressSanitizer (ASan) and UndefinedBehaviorSanitizer (UBSan) integration
- Detailed installation and usage instructions
使用场景
- Fuzzing Ruby applications or libraries to uncover bugs
- Testing Ruby C extensions for memory safety issues
- Improving the security and stability of Ruby codebases
- Integrating fuzzing into CI/CD pipelines for Ruby projects
非目标
- Fuzzing non-Ruby languages
- Providing a general-purpose code analysis tool beyond fuzzing
- Automating bug fixing
工作流
- Set up environment with ASAN_OPTIONS
- Install Ruzzy with clang compiler flags
- Write a fuzzing harness (tracer script for pure Ruby)
- Run the fuzzer with the harness and optional corpus
- Interpret output and reproduce crashes
实践
- Fuzzing
- Security testing
- Code quality
先决条件
- Linux x86-64 or AArch64/ARM64
- Recent version of clang (tested back to 14.0.0, latest release recommended)
- Ruby with gem installed
Trust
- warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a low closure rate (approx. 24%) and potentially slow maintainer response.
安装
请先添加 Marketplace
/plugin marketplace add trailofbits/skills/plugin install testing-handbook-skills@trailofbits质量评分
类似扩展
Senior Backend Engineer
100Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.
Metal
100Extract the conceptual essence of a repository as skills, agents, and teams — the project's roles, procedures, and coordination patterns expressed as agentskills.io-standard definitions. Reads an arbitrary codebase and produces generalized definitions that capture WHAT the project does and WHO operates it, without replicating HOW it does it. Use when onboarding to a new codebase and wanting to understand its conceptual architecture, when bootstrapping an agentic system from an existing project, when studying a project's organizational DNA for cross-pollination, or when creating a skill/agent/team library inspired by a reference implementation.
Lean Ctx
100AI 代理的上下文运行时 — 包含 59 个 MCP 工具、10 种读取模式、95+ 种 shell 模式、支持 18 种语言的 tree-sitter AST。将 LLM 上下文压缩高达 99%。用于读取文件、运行 shell 命令、搜索代码或探索目录。如果不存在,则自动安装。
Pathfinder
100将代码库映射为按功能分组的流程图,识别不同功能之间的重复关注点,并提出统一的架构。在被要求“寻找理想路径”、统一重复系统或在重构前审计架构时使用。输出一个建议的统一流程图以及针对每个系统的“制定计划”提示。
Codacy Audit
100Codacy Cloud workflow for this repository -- run Codacy's analyzers locally before `git push` (mirrors what Codacy CI runs), and fetch/cluster Codacy issues for any PR via the v3 API. Use when the user mentions Codacy, "codacy analysis", `codacy-analysis-cli`, "codacy issues on PR", "fix codacy CI", "codacy markdownlint findings", or any Codacy gate failing on a netdata-org PR. Ships scripts analyze-local.sh (docker/binary runner for codacy-analysis-cli) and pr-issues.sh (paginated v3 issue fetch + group-by tool/pattern/severity/file). Token-safe -- CODACY_TOKEN never reaches assistant-visible stdout. Read-only by design in the current SOW; write actions (mark FP, mark fixed) are deferred.
Domain Extract
100Extract domain knowledge from existing project sources and generate domain rules. Also handles vault sync and domain listing.