From 175656b2767faaba58127f36ce48f966ffd862eb Mon Sep 17 00:00:00 2001 From: Matt Schwager Date: Fri, 21 Jun 2024 09:34:30 -0400 Subject: [PATCH] Add scaffolding for Python and Ruby fuzzing --- content/docs/fuzzing/10-ossfuzz.md | 2 +- content/docs/fuzzing/3-python.md | 18 ++++++++++++++++++ content/docs/fuzzing/4-ruby.md | 18 ++++++++++++++++++ content/docs/fuzzing/91-resources.md | 4 ++-- content/docs/fuzzing/techniques/_index.md | 2 +- 5 files changed, 40 insertions(+), 4 deletions(-) create mode 100644 content/docs/fuzzing/3-python.md create mode 100644 content/docs/fuzzing/4-ruby.md diff --git a/content/docs/fuzzing/10-ossfuzz.md b/content/docs/fuzzing/10-ossfuzz.md index 78101bf..c512b21 100644 --- a/content/docs/fuzzing/10-ossfuzz.md +++ b/content/docs/fuzzing/10-ossfuzz.md @@ -1,7 +1,7 @@ --- title: "OSS-Fuzz" slug: oss-fuzz -weight: 4 +weight: 6 --- diff --git a/content/docs/fuzzing/3-python.md b/content/docs/fuzzing/3-python.md new file mode 100644 index 0000000..e5e757a --- /dev/null +++ b/content/docs/fuzzing/3-python.md @@ -0,0 +1,18 @@ +--- +title: "Python" +slug: python +weight: 3 +--- + + +# Python + +Coming soon... + +Until then, we recommend using [Atheris](https://github.com/google/atheris) to fuzz Python code. + +Check out the following resources to learn more about fuzzing Python code with Atheris: + +- [Continuously fuzzing Python C extensions](https://blog.trailofbits.com/2024/02/23/continuously-fuzzing-python-c-extensions/) +- [Fuzzing pure Python code](https://github.com/google/atheris#using-atheris) +- [Fuzzing Python C extensions](https://github.com/google/atheris/blob/master/native_extension_fuzzing.md) diff --git a/content/docs/fuzzing/4-ruby.md b/content/docs/fuzzing/4-ruby.md new file mode 100644 index 0000000..d1842fc --- /dev/null +++ b/content/docs/fuzzing/4-ruby.md @@ -0,0 +1,18 @@ +--- +title: "Ruby" +slug: ruby +weight: 4 +--- + + +# Ruby + +Coming soon... + +Until then, we recommend using [Ruzzy](https://github.com/trailofbits/ruzzy) to fuzz Ruby code. + +Check out the following resources to learn more about fuzzing Ruby code with Ruzzy: + +- [Introducing Ruzzy, a coverage-guided Ruby fuzzer](https://blog.trailofbits.com/2024/03/29/introducing-ruzzy-a-coverage-guided-ruby-fuzzer/) +- [Fuzzing pure Ruby code](https://github.com/trailofbits/ruzzy#fuzzing-pure-ruby-code) +- [Fuzzing Ruby C extensions](https://github.com/trailofbits/ruzzy#fuzzing-ruby-c-extensions) diff --git a/content/docs/fuzzing/91-resources.md b/content/docs/fuzzing/91-resources.md index 1fa91b5..8912756 100644 --- a/content/docs/fuzzing/91-resources.md +++ b/content/docs/fuzzing/91-resources.md @@ -1,7 +1,7 @@ --- title: "Additional resources" slug: resources -weight: 5 +weight: 7 --- @@ -11,4 +11,4 @@ weight: 5 * **[Awesome fuzzing list 2.](https://github.com/secfigo/Awesome-Fuzzing)** GitHub-hosted list about fuzzers and fuzzing related books. * **[Fuzzing handbook.](https://www.fuzzingbook.org/)** A fuzzing handbook written from an academic perspective. * **[CNCF-Fuzzing handbook.](https://github.com/cncf/tag-security/tree/main/security-fuzzing-handbook)**. Handbook created by the CNCF. -* **[Fuzzing101.](https://github.com/antonio-morales/Fuzzing101)** Tutorial and training for various fuzzing methods by GitHub Security Lab. \ No newline at end of file +* **[Fuzzing101.](https://github.com/antonio-morales/Fuzzing101)** Tutorial and training for various fuzzing methods by GitHub Security Lab. diff --git a/content/docs/fuzzing/techniques/_index.md b/content/docs/fuzzing/techniques/_index.md index 422de94..7171979 100644 --- a/content/docs/fuzzing/techniques/_index.md +++ b/content/docs/fuzzing/techniques/_index.md @@ -1,7 +1,7 @@ --- title: "Techniques" slug: techniques -weight: 3 +weight: 5 permalink: docs/fuzzing/techniques/writing-harnesses bookCollapseSection: true # TODO readd this