@elizaos/skills 2.0.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +126 -0
- package/package.json +53 -0
- package/skills/1password/SKILL.md +70 -0
- package/skills/1password/references/cli-examples.md +29 -0
- package/skills/1password/references/get-started.md +17 -0
- package/skills/apple-notes/SKILL.md +77 -0
- package/skills/apple-reminders/SKILL.md +96 -0
- package/skills/bear-notes/SKILL.md +107 -0
- package/skills/bird/SKILL.md +224 -0
- package/skills/blogwatcher/SKILL.md +69 -0
- package/skills/blucli/SKILL.md +47 -0
- package/skills/bluebubbles/SKILL.md +131 -0
- package/skills/camsnap/SKILL.md +45 -0
- package/skills/canvas/SKILL.md +203 -0
- package/skills/clawhub/SKILL.md +77 -0
- package/skills/coding-agent/SKILL.md +284 -0
- package/skills/discord/SKILL.md +578 -0
- package/skills/eightctl/SKILL.md +50 -0
- package/skills/food-order/SKILL.md +48 -0
- package/skills/gemini/SKILL.md +43 -0
- package/skills/gifgrep/SKILL.md +79 -0
- package/skills/github/SKILL.md +77 -0
- package/skills/gog/SKILL.md +116 -0
- package/skills/goplaces/SKILL.md +52 -0
- package/skills/healthcheck/SKILL.md +245 -0
- package/skills/himalaya/SKILL.md +257 -0
- package/skills/himalaya/references/configuration.md +184 -0
- package/skills/himalaya/references/message-composition.md +199 -0
- package/skills/imsg/SKILL.md +74 -0
- package/skills/local-places/SERVER_README.md +101 -0
- package/skills/local-places/SKILL.md +102 -0
- package/skills/local-places/pyproject.toml +21 -0
- package/skills/local-places/src/local_places/__init__.py +2 -0
- package/skills/local-places/src/local_places/google_places.py +314 -0
- package/skills/local-places/src/local_places/main.py +65 -0
- package/skills/local-places/src/local_places/schemas.py +107 -0
- package/skills/mcporter/SKILL.md +61 -0
- package/skills/model-usage/SKILL.md +69 -0
- package/skills/model-usage/references/codexbar-cli.md +33 -0
- package/skills/model-usage/scripts/model_usage.py +310 -0
- package/skills/nano-banana-pro/SKILL.md +58 -0
- package/skills/nano-banana-pro/scripts/generate_image.py +184 -0
- package/skills/nano-pdf/SKILL.md +38 -0
- package/skills/notion/SKILL.md +172 -0
- package/skills/obsidian/SKILL.md +81 -0
- package/skills/openai-image-gen/SKILL.md +89 -0
- package/skills/openai-image-gen/scripts/gen.py +240 -0
- package/skills/openai-whisper/SKILL.md +38 -0
- package/skills/openai-whisper-api/SKILL.md +52 -0
- package/skills/openai-whisper-api/scripts/transcribe.sh +85 -0
- package/skills/openhue/SKILL.md +51 -0
- package/skills/oracle/SKILL.md +125 -0
- package/skills/ordercli/SKILL.md +78 -0
- package/skills/peekaboo/SKILL.md +190 -0
- package/skills/sag/SKILL.md +87 -0
- package/skills/security-ask-questions-if-underspecified/.claude-plugin/plugin.json +10 -0
- package/skills/security-ask-questions-if-underspecified/README.md +24 -0
- package/skills/security-ask-questions-if-underspecified/skills/ask-questions-if-underspecified/SKILL.md +85 -0
- package/skills/security-audit-context-building/.claude-plugin/plugin.json +10 -0
- package/skills/security-audit-context-building/README.md +58 -0
- package/skills/security-audit-context-building/commands/audit-context.md +21 -0
- package/skills/security-audit-context-building/skills/audit-context-building/SKILL.md +297 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/COMPLETENESS_CHECKLIST.md +47 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/FUNCTION_MICRO_ANALYSIS_EXAMPLE.md +355 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/OUTPUT_REQUIREMENTS.md +71 -0
- package/skills/security-building-secure-contracts/.claude-plugin/plugin.json +10 -0
- package/skills/security-building-secure-contracts/README.md +241 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/SKILL.md +284 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +405 -0
- package/skills/security-building-secure-contracts/skills/audit-prep-assistant/SKILL.md +409 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/SKILL.md +329 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +722 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/SKILL.md +218 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/ASSESSMENT_CRITERIA.md +355 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/EXAMPLE_REPORT.md +248 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/REPORT_FORMAT.md +33 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/SKILL.md +334 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +740 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/SKILL.md +252 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/ASSESSMENT_AREAS.md +329 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/DELIVERABLES.md +118 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/EXAMPLE_REPORT.md +298 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/SKILL.md +161 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/EXAMPLE_REPORT.md +279 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/WORKFLOW_STEPS.md +132 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/SKILL.md +389 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +669 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/SKILL.md +298 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +791 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/SKILL.md +362 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/ASSESSMENT_CATEGORIES.md +571 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/REPORT_TEMPLATES.md +141 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/SKILL.md +388 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +595 -0
- package/skills/security-burpsuite-project-parser/.claude-plugin/plugin.json +10 -0
- package/skills/security-burpsuite-project-parser/README.md +103 -0
- package/skills/security-burpsuite-project-parser/commands/burp-search.md +18 -0
- package/skills/security-burpsuite-project-parser/skills/SKILL.md +358 -0
- package/skills/security-burpsuite-project-parser/skills/scripts/burp-search.sh +99 -0
- package/skills/security-claude-in-chrome-troubleshooting/.claude-plugin/plugin.json +8 -0
- package/skills/security-claude-in-chrome-troubleshooting/README.md +31 -0
- package/skills/security-claude-in-chrome-troubleshooting/skills/claude-in-chrome-troubleshooting/SKILL.md +251 -0
- package/skills/security-constant-time-analysis/.claude-plugin/plugin.json +9 -0
- package/skills/security-constant-time-analysis/README.md +381 -0
- package/skills/security-constant-time-analysis/commands/ct-check.md +20 -0
- package/skills/security-constant-time-analysis/ct_analyzer/__init__.py +49 -0
- package/skills/security-constant-time-analysis/ct_analyzer/analyzer.py +1284 -0
- package/skills/security-constant-time-analysis/ct_analyzer/script_analyzers.py +3081 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/__init__.py +1 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_analyzer.py +1397 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/bn_excerpt.js +205 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_constant_time.c +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.c +74 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.go +78 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.rs +92 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.cs +174 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.java +161 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.kt +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.php +140 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.py +252 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.rb +188 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.swift +199 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.ts +154 -0
- package/skills/security-constant-time-analysis/pyproject.toml +52 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/README.md +90 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/SKILL.md +219 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/compiled.md +129 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/javascript.md +136 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/kotlin.md +252 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/php.md +172 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/python.md +179 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/ruby.md +198 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/swift.md +288 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/vm-compiled.md +354 -0
- package/skills/security-constant-time-analysis/uv.lock +8 -0
- package/skills/security-culture-index/.claude-plugin/plugin.json +8 -0
- package/skills/security-culture-index/README.md +79 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/SKILL.md +293 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/anti-patterns.md +255 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/conversation-starters.md +408 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/interview-trait-signals.md +253 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/motivators.md +158 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/patterns-archetypes.md +147 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/primary-traits.md +307 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/secondary-traits.md +228 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/team-composition.md +148 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/check_deps.py +108 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/__init__.py +20 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/constants.py +122 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/extract.py +187 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/models.py +16 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/opencv_extractor.py +520 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/extract_pdf.py +237 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/pyproject.toml +18 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/burnout-report.md +113 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/comparison-report.md +103 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/hiring-profile.md +127 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/individual-report.md +85 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/predicted-profile.md +165 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/team-report.md +109 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/analyze-team.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/coach-manager.md +267 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/compare-profiles.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/define-hiring-profile.md +220 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/detect-burnout.md +206 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/extract-from-pdf.md +121 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interpret-individual.md +183 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interview-debrief.md +234 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/mediate-conflict.md +306 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/plan-onboarding.md +322 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/predict-from-interview.md +250 -0
- package/skills/security-differential-review/.claude-plugin/plugin.json +10 -0
- package/skills/security-differential-review/README.md +109 -0
- package/skills/security-differential-review/commands/diff-review.md +21 -0
- package/skills/security-differential-review/skills/differential-review/SKILL.md +220 -0
- package/skills/security-differential-review/skills/differential-review/adversarial.md +203 -0
- package/skills/security-differential-review/skills/differential-review/methodology.md +234 -0
- package/skills/security-differential-review/skills/differential-review/patterns.md +300 -0
- package/skills/security-differential-review/skills/differential-review/reporting.md +369 -0
- package/skills/security-dwarf-expert/.claude-plugin/plugin.json +10 -0
- package/skills/security-dwarf-expert/README.md +38 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/SKILL.md +93 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/coding.md +31 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/dwarfdump.md +50 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/readelf.md +8 -0
- package/skills/security-entry-point-analyzer/.claude-plugin/plugin.json +10 -0
- package/skills/security-entry-point-analyzer/README.md +74 -0
- package/skills/security-entry-point-analyzer/commands/entry-points.md +18 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/SKILL.md +251 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/cosmwasm.md +182 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-aptos.md +107 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-sui.md +87 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solana.md +155 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solidity.md +135 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/ton.md +185 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/vyper.md +141 -0
- package/skills/security-firebase-apk-scanner/.claude-plugin/plugin.json +10 -0
- package/skills/security-firebase-apk-scanner/README.md +85 -0
- package/skills/security-firebase-apk-scanner/commands/scan-apk.md +18 -0
- package/skills/security-firebase-apk-scanner/scanner.sh +1408 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/SKILL.md +197 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/references/vulnerabilities.md +803 -0
- package/skills/security-fix-review/.claude-plugin/plugin.json +13 -0
- package/skills/security-fix-review/README.md +118 -0
- package/skills/security-fix-review/commands/fix-review.md +24 -0
- package/skills/security-fix-review/skills/fix-review/SKILL.md +264 -0
- package/skills/security-fix-review/skills/fix-review/references/bug-detection.md +408 -0
- package/skills/security-fix-review/skills/fix-review/references/finding-matching.md +298 -0
- package/skills/security-fix-review/skills/fix-review/references/report-parsing.md +398 -0
- package/skills/security-insecure-defaults/.claude-plugin/plugin.json +10 -0
- package/skills/security-insecure-defaults/README.md +45 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/SKILL.md +117 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/references/examples.md +409 -0
- package/skills/security-modern-python/.claude-plugin/plugin.json +10 -0
- package/skills/security-modern-python/README.md +58 -0
- package/skills/security-modern-python/hooks/hooks.json +16 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.bats +388 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.sh +109 -0
- package/skills/security-modern-python/hooks/test_helper.bash +75 -0
- package/skills/security-modern-python/skills/modern-python/SKILL.md +333 -0
- package/skills/security-modern-python/skills/modern-python/references/dependabot.md +43 -0
- package/skills/security-modern-python/skills/modern-python/references/migration-checklist.md +141 -0
- package/skills/security-modern-python/skills/modern-python/references/pep723-scripts.md +259 -0
- package/skills/security-modern-python/skills/modern-python/references/prek.md +211 -0
- package/skills/security-modern-python/skills/modern-python/references/pyproject.md +254 -0
- package/skills/security-modern-python/skills/modern-python/references/ruff-config.md +240 -0
- package/skills/security-modern-python/skills/modern-python/references/security-setup.md +255 -0
- package/skills/security-modern-python/skills/modern-python/references/testing.md +284 -0
- package/skills/security-modern-python/skills/modern-python/references/uv-commands.md +200 -0
- package/skills/security-modern-python/skills/modern-python/templates/dependabot.yml +36 -0
- package/skills/security-modern-python/skills/modern-python/templates/pre-commit-config.yaml +66 -0
- package/skills/security-property-based-testing/.claude-plugin/plugin.json +9 -0
- package/skills/security-property-based-testing/README.md +47 -0
- package/skills/security-property-based-testing/skills/property-based-testing/README.md +88 -0
- package/skills/security-property-based-testing/skills/property-based-testing/SKILL.md +109 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/design.md +191 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/generating.md +200 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/libraries.md +130 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/refactoring.md +181 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/reviewing.md +209 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/strategies.md +124 -0
- package/skills/semgrep-rule-creator/.claude-plugin/plugin.json +8 -0
- package/skills/semgrep-rule-creator/README.md +43 -0
- package/skills/semgrep-rule-creator/commands/semgrep-rule.md +26 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/SKILL.md +168 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/quick-reference.md +203 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/workflow.md +240 -0
- package/skills/semgrep-rule-variant-creator/.claude-plugin/plugin.json +9 -0
- package/skills/semgrep-rule-variant-creator/README.md +86 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/SKILL.md +205 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/applicability-analysis.md +250 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md +324 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/workflow.md +518 -0
- package/skills/session-logs/SKILL.md +115 -0
- package/skills/sharp-edges/.claude-plugin/plugin.json +10 -0
- package/skills/sharp-edges/README.md +48 -0
- package/skills/sharp-edges/skills/sharp-edges/SKILL.md +292 -0
- package/skills/sharp-edges/skills/sharp-edges/references/auth-patterns.md +252 -0
- package/skills/sharp-edges/skills/sharp-edges/references/case-studies.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/config-patterns.md +333 -0
- package/skills/sharp-edges/skills/sharp-edges/references/crypto-apis.md +190 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-c.md +205 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-csharp.md +285 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-go.md +270 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-java.md +263 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-javascript.md +269 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-kotlin.md +265 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-php.md +245 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-python.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-ruby.md +273 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-rust.md +272 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-swift.md +287 -0
- package/skills/sharp-edges/skills/sharp-edges/references/language-specific.md +588 -0
- package/skills/sherpa-onnx-tts/SKILL.md +103 -0
- package/skills/sherpa-onnx-tts/bin/sherpa-onnx-tts +178 -0
- package/skills/skill-creator/SKILL.md +370 -0
- package/skills/skill-creator/license.txt +202 -0
- package/skills/skill-creator/scripts/init_skill.py +378 -0
- package/skills/skill-creator/scripts/package_skill.py +111 -0
- package/skills/skill-creator/scripts/quick_validate.py +101 -0
- package/skills/slack/SKILL.md +144 -0
- package/skills/songsee/SKILL.md +49 -0
- package/skills/sonoscli/SKILL.md +46 -0
- package/skills/spec-to-code-compliance/.claude-plugin/plugin.json +10 -0
- package/skills/spec-to-code-compliance/README.md +67 -0
- package/skills/spec-to-code-compliance/commands/spec-compliance.md +22 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/SKILL.md +349 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/COMPLETENESS_CHECKLIST.md +69 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/IR_EXAMPLES.md +417 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/OUTPUT_REQUIREMENTS.md +105 -0
- package/skills/spotify-player/SKILL.md +64 -0
- package/skills/static-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/static-analysis/README.md +59 -0
- package/skills/static-analysis/skills/codeql/SKILL.md +315 -0
- package/skills/static-analysis/skills/sarif-parsing/SKILL.md +479 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/jq-queries.md +162 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/sarif_helpers.py +331 -0
- package/skills/static-analysis/skills/semgrep/SKILL.md +337 -0
- package/skills/summarize/SKILL.md +87 -0
- package/skills/testing-handbook-skills/.claude-plugin/plugin.json +8 -0
- package/skills/testing-handbook-skills/README.md +241 -0
- package/skills/testing-handbook-skills/scripts/pyproject.toml +8 -0
- package/skills/testing-handbook-skills/scripts/validate-skills.py +657 -0
- package/skills/testing-handbook-skills/skills/address-sanitizer/SKILL.md +341 -0
- package/skills/testing-handbook-skills/skills/aflpp/SKILL.md +640 -0
- package/skills/testing-handbook-skills/skills/atheris/SKILL.md +515 -0
- package/skills/testing-handbook-skills/skills/cargo-fuzz/SKILL.md +454 -0
- package/skills/testing-handbook-skills/skills/codeql/SKILL.md +549 -0
- package/skills/testing-handbook-skills/skills/constant-time-testing/SKILL.md +507 -0
- package/skills/testing-handbook-skills/skills/coverage-analysis/SKILL.md +607 -0
- package/skills/testing-handbook-skills/skills/fuzzing-dictionary/SKILL.md +297 -0
- package/skills/testing-handbook-skills/skills/fuzzing-obstacles/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/harness-writing/SKILL.md +614 -0
- package/skills/testing-handbook-skills/skills/libafl/SKILL.md +625 -0
- package/skills/testing-handbook-skills/skills/libfuzzer/SKILL.md +795 -0
- package/skills/testing-handbook-skills/skills/ossfuzz/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/ruzzy/SKILL.md +443 -0
- package/skills/testing-handbook-skills/skills/semgrep/SKILL.md +601 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/SKILL.md +372 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/agent-prompt.md +280 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/discovery.md +452 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/domain-skill.md +504 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md +454 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/technique-skill.md +527 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/tool-skill.md +366 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/testing.md +482 -0
- package/skills/testing-handbook-skills/skills/wycheproof/SKILL.md +533 -0
- package/skills/things-mac/SKILL.md +86 -0
- package/skills/tmux/SKILL.md +135 -0
- package/skills/tmux/scripts/find-sessions.sh +112 -0
- package/skills/tmux/scripts/wait-for-text.sh +83 -0
- package/skills/trello/SKILL.md +95 -0
- package/skills/variant-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/variant-analysis/README.md +41 -0
- package/skills/variant-analysis/commands/variants.md +23 -0
- package/skills/variant-analysis/skills/variant-analysis/METHODOLOGY.md +327 -0
- package/skills/variant-analysis/skills/variant-analysis/SKILL.md +142 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/cpp.ql +119 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/go.ql +69 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/java.ql +71 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/javascript.ql +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/python.ql +80 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/cpp.yaml +98 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/go.yaml +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/java.yaml +61 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/javascript.yaml +60 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/python.yaml +72 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/variant-report-template.md +75 -0
- package/skills/video-frames/SKILL.md +46 -0
- package/skills/video-frames/scripts/frame.sh +81 -0
- package/skills/voice-call/SKILL.md +45 -0
- package/skills/wacli/SKILL.md +72 -0
- package/skills/weather/SKILL.md +54 -0
- package/skills/yara-authoring/.claude-plugin/plugin.json +9 -0
- package/skills/yara-authoring/README.md +131 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/SKILL.md +645 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Mac_ProtonRAT_Jan25.yar +99 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_NPM_SupplyChain_Jan25.yar +170 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Win_Remcos_Jan25.yar +103 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_CRX_SuspiciousPermissions.yar +134 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_JS_Obfuscation_Jan25.yar +185 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/crx-module.md +214 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/dex-module.md +383 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/performance.md +333 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/strings.md +433 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/style-guide.md +257 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/testing.md +399 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/atom_analyzer.py +526 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/pyproject.toml +25 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/yara_lint.py +631 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/workflows/rule-development.md +493 -0
|
@@ -0,0 +1,443 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ruzzy
|
|
3
|
+
type: fuzzer
|
|
4
|
+
description: >
|
|
5
|
+
Ruzzy is a coverage-guided Ruby fuzzer by Trail of Bits.
|
|
6
|
+
Use for fuzzing pure Ruby code and Ruby C extensions.
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Ruzzy
|
|
10
|
+
|
|
11
|
+
Ruzzy is a coverage-guided fuzzer for Ruby built on libFuzzer. It enables fuzzing both pure Ruby code and Ruby C extensions with sanitizer support for detecting memory corruption and undefined behavior.
|
|
12
|
+
|
|
13
|
+
## When to Use
|
|
14
|
+
|
|
15
|
+
Ruzzy is currently the only production-ready coverage-guided fuzzer for Ruby.
|
|
16
|
+
|
|
17
|
+
**Choose Ruzzy when:**
|
|
18
|
+
- Fuzzing Ruby applications or libraries
|
|
19
|
+
- Testing Ruby C extensions for memory safety issues
|
|
20
|
+
- You need coverage-guided fuzzing for Ruby code
|
|
21
|
+
- Working with Ruby gems that have native extensions
|
|
22
|
+
|
|
23
|
+
## Quick Start
|
|
24
|
+
|
|
25
|
+
Set up environment:
|
|
26
|
+
```bash
|
|
27
|
+
export ASAN_OPTIONS="allocator_may_return_null=1:detect_leaks=0:use_sigaltstack=0"
|
|
28
|
+
```
|
|
29
|
+
|
|
30
|
+
Test with the included toy example:
|
|
31
|
+
```bash
|
|
32
|
+
LD_PRELOAD=$(ruby -e 'require "ruzzy"; print Ruzzy::ASAN_PATH') \
|
|
33
|
+
ruby -e 'require "ruzzy"; Ruzzy.dummy'
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
This should quickly find a crash demonstrating that Ruzzy is working correctly.
|
|
37
|
+
|
|
38
|
+
## Installation
|
|
39
|
+
|
|
40
|
+
### Platform Support
|
|
41
|
+
|
|
42
|
+
Ruzzy supports Linux x86-64 and AArch64/ARM64. For macOS or Windows, use the [Dockerfile](https://github.com/trailofbits/ruzzy/blob/main/Dockerfile) or [development environment](https://github.com/trailofbits/ruzzy#developing).
|
|
43
|
+
|
|
44
|
+
### Prerequisites
|
|
45
|
+
|
|
46
|
+
- Linux x86-64 or AArch64/ARM64
|
|
47
|
+
- Recent version of clang (tested back to 14.0.0, latest release recommended)
|
|
48
|
+
- Ruby with gem installed
|
|
49
|
+
|
|
50
|
+
### Installation Command
|
|
51
|
+
|
|
52
|
+
Install Ruzzy with clang compiler flags:
|
|
53
|
+
|
|
54
|
+
```bash
|
|
55
|
+
MAKE="make --environment-overrides V=1" \
|
|
56
|
+
CC="/path/to/clang" \
|
|
57
|
+
CXX="/path/to/clang++" \
|
|
58
|
+
LDSHARED="/path/to/clang -shared" \
|
|
59
|
+
LDSHAREDXX="/path/to/clang++ -shared" \
|
|
60
|
+
gem install ruzzy
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
**Environment variables explained:**
|
|
64
|
+
- `MAKE`: Overrides make to respect subsequent environment variables
|
|
65
|
+
- `CC`, `CXX`, `LDSHARED`, `LDSHAREDXX`: Ensure proper clang binaries are used for latest features
|
|
66
|
+
|
|
67
|
+
### Troubleshooting Installation
|
|
68
|
+
|
|
69
|
+
If installation fails, enable debug output:
|
|
70
|
+
|
|
71
|
+
```bash
|
|
72
|
+
RUZZY_DEBUG=1 gem install --verbose ruzzy
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
### Verification
|
|
76
|
+
|
|
77
|
+
Verify installation by running the toy example (see Quick Start section).
|
|
78
|
+
|
|
79
|
+
## Writing a Harness
|
|
80
|
+
|
|
81
|
+
### Fuzzing Pure Ruby Code
|
|
82
|
+
|
|
83
|
+
Pure Ruby fuzzing requires two scripts due to Ruby interpreter implementation details.
|
|
84
|
+
|
|
85
|
+
**Tracer script (`test_tracer.rb`):**
|
|
86
|
+
|
|
87
|
+
```ruby
|
|
88
|
+
# frozen_string_literal: true
|
|
89
|
+
|
|
90
|
+
require 'ruzzy'
|
|
91
|
+
|
|
92
|
+
Ruzzy.trace('test_harness.rb')
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
**Harness script (`test_harness.rb`):**
|
|
96
|
+
|
|
97
|
+
```ruby
|
|
98
|
+
# frozen_string_literal: true
|
|
99
|
+
|
|
100
|
+
require 'ruzzy'
|
|
101
|
+
|
|
102
|
+
def fuzzing_target(input)
|
|
103
|
+
# Your code to fuzz here
|
|
104
|
+
if input.length == 4
|
|
105
|
+
if input[0] == 'F'
|
|
106
|
+
if input[1] == 'U'
|
|
107
|
+
if input[2] == 'Z'
|
|
108
|
+
if input[3] == 'Z'
|
|
109
|
+
raise
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
end
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
test_one_input = lambda do |data|
|
|
118
|
+
fuzzing_target(data)
|
|
119
|
+
return 0
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
Ruzzy.fuzz(test_one_input)
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
Run with:
|
|
126
|
+
|
|
127
|
+
```bash
|
|
128
|
+
LD_PRELOAD=$(ruby -e 'require "ruzzy"; print Ruzzy::ASAN_PATH') \
|
|
129
|
+
ruby test_tracer.rb
|
|
130
|
+
```
|
|
131
|
+
|
|
132
|
+
### Fuzzing Ruby C Extensions
|
|
133
|
+
|
|
134
|
+
C extensions can be fuzzed with a single harness file, no tracer needed.
|
|
135
|
+
|
|
136
|
+
**Example harness for msgpack (`fuzz_msgpack.rb`):**
|
|
137
|
+
|
|
138
|
+
```ruby
|
|
139
|
+
# frozen_string_literal: true
|
|
140
|
+
|
|
141
|
+
require 'msgpack'
|
|
142
|
+
require 'ruzzy'
|
|
143
|
+
|
|
144
|
+
test_one_input = lambda do |data|
|
|
145
|
+
begin
|
|
146
|
+
MessagePack.unpack(data)
|
|
147
|
+
rescue Exception
|
|
148
|
+
# We're looking for memory corruption, not Ruby exceptions
|
|
149
|
+
end
|
|
150
|
+
return 0
|
|
151
|
+
end
|
|
152
|
+
|
|
153
|
+
Ruzzy.fuzz(test_one_input)
|
|
154
|
+
```
|
|
155
|
+
|
|
156
|
+
Run with:
|
|
157
|
+
|
|
158
|
+
```bash
|
|
159
|
+
LD_PRELOAD=$(ruby -e 'require "ruzzy"; print Ruzzy::ASAN_PATH') \
|
|
160
|
+
ruby fuzz_msgpack.rb
|
|
161
|
+
```
|
|
162
|
+
|
|
163
|
+
### Harness Rules
|
|
164
|
+
|
|
165
|
+
| Do | Don't |
|
|
166
|
+
|----|-------|
|
|
167
|
+
| Catch Ruby exceptions if testing C extensions | Let Ruby exceptions crash the fuzzer |
|
|
168
|
+
| Return 0 from test_one_input lambda | Return other values |
|
|
169
|
+
| Keep harness deterministic | Use randomness or time-based logic |
|
|
170
|
+
| Use tracer script for pure Ruby | Skip tracer for pure Ruby code |
|
|
171
|
+
|
|
172
|
+
> **See Also:** For detailed harness writing techniques, patterns for handling complex inputs,
|
|
173
|
+
> and advanced strategies, see the **fuzz-harness-writing** technique skill.
|
|
174
|
+
|
|
175
|
+
## Compilation
|
|
176
|
+
|
|
177
|
+
### Installing Gems with Sanitizers
|
|
178
|
+
|
|
179
|
+
When installing Ruby gems with C extensions for fuzzing, compile with sanitizer flags:
|
|
180
|
+
|
|
181
|
+
```bash
|
|
182
|
+
MAKE="make --environment-overrides V=1" \
|
|
183
|
+
CC="/path/to/clang" \
|
|
184
|
+
CXX="/path/to/clang++" \
|
|
185
|
+
LDSHARED="/path/to/clang -shared" \
|
|
186
|
+
LDSHAREDXX="/path/to/clang++ -shared" \
|
|
187
|
+
CFLAGS="-fsanitize=address,fuzzer-no-link -fno-omit-frame-pointer -fno-common -fPIC -g" \
|
|
188
|
+
CXXFLAGS="-fsanitize=address,fuzzer-no-link -fno-omit-frame-pointer -fno-common -fPIC -g" \
|
|
189
|
+
gem install <gem-name>
|
|
190
|
+
```
|
|
191
|
+
|
|
192
|
+
### Build Flags
|
|
193
|
+
|
|
194
|
+
| Flag | Purpose |
|
|
195
|
+
|------|---------|
|
|
196
|
+
| `-fsanitize=address,fuzzer-no-link` | Enable AddressSanitizer and fuzzer instrumentation |
|
|
197
|
+
| `-fno-omit-frame-pointer` | Improve stack trace quality |
|
|
198
|
+
| `-fno-common` | Better compatibility with sanitizers |
|
|
199
|
+
| `-fPIC` | Position-independent code for shared libraries |
|
|
200
|
+
| `-g` | Include debug symbols |
|
|
201
|
+
|
|
202
|
+
## Running Campaigns
|
|
203
|
+
|
|
204
|
+
### Environment Setup
|
|
205
|
+
|
|
206
|
+
Before running any fuzzing campaign, set ASAN_OPTIONS:
|
|
207
|
+
|
|
208
|
+
```bash
|
|
209
|
+
export ASAN_OPTIONS="allocator_may_return_null=1:detect_leaks=0:use_sigaltstack=0"
|
|
210
|
+
```
|
|
211
|
+
|
|
212
|
+
**Options explained:**
|
|
213
|
+
1. `allocator_may_return_null=1`: Skip common low-impact allocation failures (DoS)
|
|
214
|
+
2. `detect_leaks=0`: Ruby interpreter leaks data, ignore these for now
|
|
215
|
+
3. `use_sigaltstack=0`: Ruby recommends disabling sigaltstack with ASan
|
|
216
|
+
|
|
217
|
+
### Basic Run
|
|
218
|
+
|
|
219
|
+
```bash
|
|
220
|
+
LD_PRELOAD=$(ruby -e 'require "ruzzy"; print Ruzzy::ASAN_PATH') \
|
|
221
|
+
ruby harness.rb
|
|
222
|
+
```
|
|
223
|
+
|
|
224
|
+
**Note:** `LD_PRELOAD` is required for sanitizer injection. Unlike `ASAN_OPTIONS`, do not export it as it may interfere with other programs.
|
|
225
|
+
|
|
226
|
+
### With Corpus
|
|
227
|
+
|
|
228
|
+
```bash
|
|
229
|
+
LD_PRELOAD=$(ruby -e 'require "ruzzy"; print Ruzzy::ASAN_PATH') \
|
|
230
|
+
ruby harness.rb /path/to/corpus
|
|
231
|
+
```
|
|
232
|
+
|
|
233
|
+
### Passing libFuzzer Options
|
|
234
|
+
|
|
235
|
+
All libFuzzer options can be passed as arguments:
|
|
236
|
+
|
|
237
|
+
```bash
|
|
238
|
+
LD_PRELOAD=$(ruby -e 'require "ruzzy"; print Ruzzy::ASAN_PATH') \
|
|
239
|
+
ruby harness.rb /path/to/corpus -max_len=1024 -timeout=10
|
|
240
|
+
```
|
|
241
|
+
|
|
242
|
+
See [libFuzzer options](https://llvm.org/docs/LibFuzzer.html#options) for full reference.
|
|
243
|
+
|
|
244
|
+
### Reproducing Crashes
|
|
245
|
+
|
|
246
|
+
Re-run a crash case by passing the crash file:
|
|
247
|
+
|
|
248
|
+
```bash
|
|
249
|
+
LD_PRELOAD=$(ruby -e 'require "ruzzy"; print Ruzzy::ASAN_PATH') \
|
|
250
|
+
ruby harness.rb ./crash-253420c1158bc6382093d409ce2e9cff5806e980
|
|
251
|
+
```
|
|
252
|
+
|
|
253
|
+
### Interpreting Output
|
|
254
|
+
|
|
255
|
+
| Output | Meaning |
|
|
256
|
+
|--------|---------|
|
|
257
|
+
| `INFO: Running with entropic power schedule` | Fuzzing campaign started |
|
|
258
|
+
| `ERROR: AddressSanitizer: heap-use-after-free` | Memory corruption detected |
|
|
259
|
+
| `SUMMARY: libFuzzer: fuzz target exited` | Ruby exception occurred |
|
|
260
|
+
| `artifact_prefix='./'; Test unit written to ./crash-*` | Crash input saved |
|
|
261
|
+
| `Base64: ...` | Base64 encoding of crash input |
|
|
262
|
+
|
|
263
|
+
## Sanitizer Integration
|
|
264
|
+
|
|
265
|
+
### AddressSanitizer (ASan)
|
|
266
|
+
|
|
267
|
+
Ruzzy includes a pre-compiled AddressSanitizer library:
|
|
268
|
+
|
|
269
|
+
```bash
|
|
270
|
+
LD_PRELOAD=$(ruby -e 'require "ruzzy"; print Ruzzy::ASAN_PATH') \
|
|
271
|
+
ruby harness.rb
|
|
272
|
+
```
|
|
273
|
+
|
|
274
|
+
Use ASan for detecting:
|
|
275
|
+
- Heap buffer overflows
|
|
276
|
+
- Stack buffer overflows
|
|
277
|
+
- Use-after-free
|
|
278
|
+
- Double-free
|
|
279
|
+
- Memory leaks (disabled by default in Ruzzy)
|
|
280
|
+
|
|
281
|
+
### UndefinedBehaviorSanitizer (UBSan)
|
|
282
|
+
|
|
283
|
+
Ruzzy also includes UBSan:
|
|
284
|
+
|
|
285
|
+
```bash
|
|
286
|
+
LD_PRELOAD=$(ruby -e 'require "ruzzy"; print Ruzzy::UBSAN_PATH') \
|
|
287
|
+
ruby harness.rb
|
|
288
|
+
```
|
|
289
|
+
|
|
290
|
+
Use UBSan for detecting:
|
|
291
|
+
- Signed integer overflow
|
|
292
|
+
- Null pointer dereferences
|
|
293
|
+
- Misaligned memory access
|
|
294
|
+
- Division by zero
|
|
295
|
+
|
|
296
|
+
### Common Sanitizer Issues
|
|
297
|
+
|
|
298
|
+
| Issue | Solution |
|
|
299
|
+
|-------|----------|
|
|
300
|
+
| Ruby interpreter leak warnings | Use `ASAN_OPTIONS=detect_leaks=0` |
|
|
301
|
+
| Sigaltstack conflicts | Use `ASAN_OPTIONS=use_sigaltstack=0` |
|
|
302
|
+
| Allocation failure spam | Use `ASAN_OPTIONS=allocator_may_return_null=1` |
|
|
303
|
+
| LD_PRELOAD interferes with tools | Don't export it; set inline with ruby command |
|
|
304
|
+
|
|
305
|
+
> **See Also:** For detailed sanitizer configuration, common issues, and advanced flags,
|
|
306
|
+
> see the **address-sanitizer** and **undefined-behavior-sanitizer** technique skills.
|
|
307
|
+
|
|
308
|
+
## Real-World Examples
|
|
309
|
+
|
|
310
|
+
### Example: msgpack-ruby
|
|
311
|
+
|
|
312
|
+
Fuzzing the msgpack MessagePack parser for memory corruption.
|
|
313
|
+
|
|
314
|
+
**Install with sanitizers:**
|
|
315
|
+
|
|
316
|
+
```bash
|
|
317
|
+
MAKE="make --environment-overrides V=1" \
|
|
318
|
+
CC="/path/to/clang" \
|
|
319
|
+
CXX="/path/to/clang++" \
|
|
320
|
+
LDSHARED="/path/to/clang -shared" \
|
|
321
|
+
LDSHAREDXX="/path/to/clang++ -shared" \
|
|
322
|
+
CFLAGS="-fsanitize=address,fuzzer-no-link -fno-omit-frame-pointer -fno-common -fPIC -g" \
|
|
323
|
+
CXXFLAGS="-fsanitize=address,fuzzer-no-link -fno-omit-frame-pointer -fno-common -fPIC -g" \
|
|
324
|
+
gem install msgpack
|
|
325
|
+
```
|
|
326
|
+
|
|
327
|
+
**Harness (`fuzz_msgpack.rb`):**
|
|
328
|
+
|
|
329
|
+
```ruby
|
|
330
|
+
# frozen_string_literal: true
|
|
331
|
+
|
|
332
|
+
require 'msgpack'
|
|
333
|
+
require 'ruzzy'
|
|
334
|
+
|
|
335
|
+
test_one_input = lambda do |data|
|
|
336
|
+
begin
|
|
337
|
+
MessagePack.unpack(data)
|
|
338
|
+
rescue Exception
|
|
339
|
+
# We're looking for memory corruption, not Ruby exceptions
|
|
340
|
+
end
|
|
341
|
+
return 0
|
|
342
|
+
end
|
|
343
|
+
|
|
344
|
+
Ruzzy.fuzz(test_one_input)
|
|
345
|
+
```
|
|
346
|
+
|
|
347
|
+
**Run:**
|
|
348
|
+
|
|
349
|
+
```bash
|
|
350
|
+
export ASAN_OPTIONS="allocator_may_return_null=1:detect_leaks=0:use_sigaltstack=0"
|
|
351
|
+
LD_PRELOAD=$(ruby -e 'require "ruzzy"; print Ruzzy::ASAN_PATH') \
|
|
352
|
+
ruby fuzz_msgpack.rb
|
|
353
|
+
```
|
|
354
|
+
|
|
355
|
+
### Example: Pure Ruby Target
|
|
356
|
+
|
|
357
|
+
Fuzzing pure Ruby code with a custom parser.
|
|
358
|
+
|
|
359
|
+
**Tracer (`test_tracer.rb`):**
|
|
360
|
+
|
|
361
|
+
```ruby
|
|
362
|
+
# frozen_string_literal: true
|
|
363
|
+
|
|
364
|
+
require 'ruzzy'
|
|
365
|
+
|
|
366
|
+
Ruzzy.trace('test_harness.rb')
|
|
367
|
+
```
|
|
368
|
+
|
|
369
|
+
**Harness (`test_harness.rb`):**
|
|
370
|
+
|
|
371
|
+
```ruby
|
|
372
|
+
# frozen_string_literal: true
|
|
373
|
+
|
|
374
|
+
require 'ruzzy'
|
|
375
|
+
require_relative 'my_parser'
|
|
376
|
+
|
|
377
|
+
test_one_input = lambda do |data|
|
|
378
|
+
begin
|
|
379
|
+
MyParser.parse(data)
|
|
380
|
+
rescue StandardError
|
|
381
|
+
# Expected exceptions from malformed input
|
|
382
|
+
end
|
|
383
|
+
return 0
|
|
384
|
+
end
|
|
385
|
+
|
|
386
|
+
Ruzzy.fuzz(test_one_input)
|
|
387
|
+
```
|
|
388
|
+
|
|
389
|
+
**Run:**
|
|
390
|
+
|
|
391
|
+
```bash
|
|
392
|
+
export ASAN_OPTIONS="allocator_may_return_null=1:detect_leaks=0:use_sigaltstack=0"
|
|
393
|
+
LD_PRELOAD=$(ruby -e 'require "ruzzy"; print Ruzzy::ASAN_PATH') \
|
|
394
|
+
ruby test_tracer.rb
|
|
395
|
+
```
|
|
396
|
+
|
|
397
|
+
## Troubleshooting
|
|
398
|
+
|
|
399
|
+
| Problem | Cause | Solution |
|
|
400
|
+
|---------|-------|----------|
|
|
401
|
+
| Installation fails | Wrong clang version or path | Verify clang path, use clang 14.0.0+ |
|
|
402
|
+
| `cannot open shared object file` | LD_PRELOAD not set | Set LD_PRELOAD inline with ruby command |
|
|
403
|
+
| Fuzzer immediately exits | Missing corpus directory | Create corpus directory or pass as argument |
|
|
404
|
+
| No coverage progress | Pure Ruby needs tracer | Use tracer script for pure Ruby code |
|
|
405
|
+
| Leak detection spam | Ruby interpreter leaks | Set `ASAN_OPTIONS=detect_leaks=0` |
|
|
406
|
+
| Installation debug needed | Compilation errors | Use `RUZZY_DEBUG=1 gem install --verbose ruzzy` |
|
|
407
|
+
|
|
408
|
+
## Related Skills
|
|
409
|
+
|
|
410
|
+
### Technique Skills
|
|
411
|
+
|
|
412
|
+
| Skill | Use Case |
|
|
413
|
+
|-------|----------|
|
|
414
|
+
| **fuzz-harness-writing** | Detailed guidance on writing effective harnesses |
|
|
415
|
+
| **address-sanitizer** | Memory error detection during fuzzing |
|
|
416
|
+
| **undefined-behavior-sanitizer** | Detecting undefined behavior in C extensions |
|
|
417
|
+
| **libfuzzer** | Understanding libFuzzer options (Ruzzy is built on libFuzzer) |
|
|
418
|
+
|
|
419
|
+
### Related Fuzzers
|
|
420
|
+
|
|
421
|
+
| Skill | When to Consider |
|
|
422
|
+
|-------|------------------|
|
|
423
|
+
| **libfuzzer** | When fuzzing Ruby C extension code directly in C/C++ |
|
|
424
|
+
| **aflpp** | Alternative approach for fuzzing Ruby by instrumenting Ruby interpreter |
|
|
425
|
+
|
|
426
|
+
## Resources
|
|
427
|
+
|
|
428
|
+
### Key External Resources
|
|
429
|
+
|
|
430
|
+
**[Introducing Ruzzy, a coverage-guided Ruby fuzzer](https://blog.trailofbits.com/2024/03/29/introducing-ruzzy-a-coverage-guided-ruby-fuzzer/)**
|
|
431
|
+
Official Trail of Bits blog post announcing Ruzzy, covering motivation, architecture, and initial results.
|
|
432
|
+
|
|
433
|
+
**[Ruzzy GitHub Repository](https://github.com/trailofbits/ruzzy)**
|
|
434
|
+
Source code, additional examples, and development instructions.
|
|
435
|
+
|
|
436
|
+
**[libFuzzer Documentation](https://llvm.org/docs/LibFuzzer.html)**
|
|
437
|
+
Since Ruzzy is built on libFuzzer, understanding libFuzzer options and behavior is valuable.
|
|
438
|
+
|
|
439
|
+
**[Fuzzing Ruby C extensions](https://github.com/trailofbits/ruzzy#fuzzing-ruby-c-extensions)**
|
|
440
|
+
Detailed guide on fuzzing C extensions with compilation flags and examples.
|
|
441
|
+
|
|
442
|
+
**[Fuzzing pure Ruby code](https://github.com/trailofbits/ruzzy#fuzzing-pure-ruby-code)**
|
|
443
|
+
Detailed guide on the tracer pattern required for pure Ruby fuzzing.
|