ruzzy

Ruzzy is a professional-grade, coverage-guided fuzzer specifically engineered for the Ruby ecosystem. It leverages the libFuzzer engine to provide robust testing capabilities for both pure Ruby applications and complex Ruby gems containing native C extensions. By integrating with AddressSanitizer (ASan), Ruzzy enables developers and security auditors to uncover memory corruption, buffer overflows, and undefined behavior that traditional unit tests often miss. It is an essential tool for maintaining the integrity of native extensions and ensuring the stability of Ruby-based security infrastructure.

• Employs coverage-guided mutation strategies to maximize code path exploration in Ruby interpreters.

• Supports direct fuzzing of Ruby C extensions to identify deep-seated memory safety vulnerabilities.

• Integrates with clang and ASan to provide precise stack traces for discovered crashes.

• Features a flexible harness-based architecture allowing for fine-grained input control and exception handling.

• Optimized for Linux environments with x86-64 and AArch64/ARM64 architecture support.

• Requires a compatible clang version (14.0.0+) and configured environment variables (CC, CXX, LDSHARED) for proper instrumentation during gem installation.

• Users must manage the Ruby interpreter's interaction with ASan by using LD_PRELOAD and specific ASAN_OPTIONS, such as disabling sigaltstack and setting allocator_may_return_null=1.

• Harness development requires deterministic Ruby code; testers should handle Ruby-level exceptions when fuzzing C extensions to ensure the fuzzer remains focused on memory safety issues rather than interpreter errors.

• The tool includes a tracer script requirement for pure Ruby code fuzzing to facilitate necessary runtime instrumentation.

• Effectively bridges the gap between high-level Ruby logic and low-level C memory safety, making it a critical component for supply-chain security and dependency auditing.