mschwager
mschwager
Creating this issue to begin tracking requests for Semgrep support on Windows. Note that we expect Semgrep to work via `pip` installation on WSL, so this issue is focused on...
Hi there, I'm researching web framework route security and am using your repository as a test harness. I believe the following file/view is unused: - https://github.com/flaskbb/flaskbb/blob/master/flaskbb/utils/views.py This doesn't have any...
**Describe the bug** A clear and concise description of what the bug is. In C, I think from a code search perspective, `0` should be equivalent to `0L` to `0ULL`...
Hi there, I've been working on a new fuzzer for Ruby, and I used your library as a test harness. I was able to produce an "unexpected" exception. In this...
Ruzzy implements libFuzzer's [SanitizerCoverage](https://clang.llvm.org/docs/SanitizerCoverage.html) to achieve coverage-guided fuzzing of Ruby code. It achieves this via three of SanitizerCoverage's features: 1. [Inline 8-bit counters](https://clang.llvm.org/docs/SanitizerCoverage.html#inline-8bit-counters) 2. [PC-Table](https://clang.llvm.org/docs/SanitizerCoverage.html#pc-table) 3. [Tracing data flow](https://clang.llvm.org/docs/SanitizerCoverage.html#tracing-data-flow) To...
ASan flags can be specified in a number of ways: https://github.com/google/sanitizers/wiki/AddressSanitizerFlags#run-time-flags. Currently, we use the `ASAN_OPTIONS` ENV variable in a number of places: https://github.com/trailofbits/ruzzy/blob/be400457316933d607550580aa68f33e01ce16a3/README.md#L57-L70 https://github.com/trailofbits/ruzzy/blob/be400457316933d607550580aa68f33e01ce16a3/Dockerfile#L23-L26 The downside of this approach...
When fuzzing [`bson-ruby`](https://github.com/mongodb/bson-ruby) I'm repeatedly getting this error. `sigaltstack`: ``` AddressSanitizer: CHECK failed: asan_thread.cpp:383 "((ptr[0] == kCurrentStackFrameMagic)) != (0)" (0x0, 0x0) (tid=40) #0 0xffff82d21d60 in __asan::CheckUnwind() /home/tcwg-buildslave/workspace/tcwg-llvm-release/tcwg-jade-03/final/llvm-project/compiler-rt/lib/asan/asan_rtl.cpp:69:3 #1 0xffff82d3a658 in...
- https://github.com/msgpack/msgpack-ruby - https://github.com/flori/json - https://github.com/ruby/psych (YAML) - https://github.com/cabo/cbor-ruby - https://github.com/mongodb/bson-ruby - https://github.com/ruby/date - https://github.com/ruby/zlib EDIT: more: - https://github.com/puma/puma/tree/master/ext/puma_http11 - https://github.com/k0kubun/hamlit - https://github.com/jgarber/redcloth - https://github.com/ruby/strscan - https://github.com/ruby/etc - https://github.com/ruby/openssl/blob/master/ext/openssl/ossl_asn1.c -...
- https://github.com/google/fuzzing/blob/master/docs/split-inputs.md#fuzzed-data-provider - https://github.com/google/atheris?tab=readme-ov-file#fuzzeddataprovider
Adding support for fuzzing pure Ruby code on Macs shouldn't be too heavy of a lift. Atheris [supports it](https://github.com/google/atheris#mac). Fuzzing Ruby C extensions on Mac may theoretically be possible, but...