What makes Ruzzy different from other Ruby testing tools?

Unlike standard unit tests, Ruzzy uses coverage-guided fuzzing to automatically discover inputs that trigger edge cases, crashes, and memory errors that manual tests often miss.

Can Ruzzy test Ruby gems that use native C extensions?

Yes, Ruzzy is specifically designed to handle Ruby C extensions and includes tools to compile them with sanitizers for deep memory safety analysis.

Do I need a special setup to fuzz pure Ruby code?

For pure Ruby code, Ruzzy requires a two-script setup involving a tracer script and a harness script to properly instrument the Ruby interpreter's execution paths.

What kind of bugs can Ruzzy find?

Ruzzy excels at finding memory corruption issues like heap-use-after-free, buffer overflows, and undefined behavior, as well as logic-breaking inputs that lead to unhandled exceptions.

Ruzzy Ruby Fuzzer

Name: Ruzzy Ruby Fuzzer
Author: monmacllcapp

bymonmacllcapp

0•

Security & Testing

Enables coverage-guided fuzzing for pure Ruby applications and Ruby C extensions to detect memory corruption and security vulnerabilities.

Ruzzy is a production-ready coverage-guided fuzzer specifically designed for the Ruby ecosystem, leveraging libFuzzer to provide deep testing capabilities for both high-level Ruby code and low-level native extensions. It allows developers to identify complex bugs, memory safety issues, and undefined behavior by automatically generating test inputs that maximize code coverage. With built-in support for AddressSanitizer (ASan) and UndefinedBehaviorSanitizer (UBSan), Ruzzy is an essential tool for security-conscious Ruby developers looking to harden their applications and gems against edge-case exploits and stability issues.

Key Features

01Coverage-guided fuzzing for pure Ruby and C extensions

02UndefinedBehaviorSanitizer (UBSan) support for C extension safety

030 GitHub stars

04Built-in tracer for instrumenting pure Ruby code paths

05Compatible with standard libFuzzer options and corpus management

06Integrated AddressSanitizer (ASan) for memory corruption detection

Use Cases

01Hardening critical infrastructure code written in Ruby against memory safety regressions

02Auditing Ruby gems with native C extensions for buffer overflows or use-after-free vulnerabilities

03Stress-testing complex Ruby parsers or logic with automatically generated edge-case inputs

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add monmacllcapp/skill-forks ruzzy

For use in Claude.ai and ChatGPT