Adding Ruby Support into OSS-Fuzz via Ruzzy

[AdvenamTacet]

This is a follow-up to the discussions held during our Monthly Fuzzing Collaboration meetings and directly relates to issue #11967.

This Pull Request integrates Ruzzy support for Ruby fuzzing into OSS-Fuzz. Ruzzy is a coverage-guided fuzzer for pure Ruby code and Ruby C extensions, developed by Matt (@mschwager) at Trail of Bits. More information on Ruzzy can be found in the blog post titled "Introducing Ruzzy, a coverage-guided Ruby fuzzer".

The first commit of this PR integrates Ruby support into the OSS-Fuzz project via Ruzzy, while the second one includes the Ox project as an example of its usage.

The first commit introduces changes in the infra directory, most notably by adding the base-builder-ruby docker and the ruby install script.

Two scripts, ruzzy-build and ruzzy, have been added to base-builder-ruby and base-runner respectively. The former creates scripts that start harnesses with the latter one, and the latter is simply a wrapper for ruby with LD_PRELOAD. In order to prevent the duplication of many gigabytes of data, we use separate installation directories for RubyGem. Technically, Ruzzy can be installed in the default directory without any performance disadvantage, but having a separate directory may facilitate troubleshooting.

This implementation was arrived at through testing a few ideas. If you have suggestions for further improvements, please let me know. I am currently addressing my concerns in the related issue.

Using the provided scripts isn't necessary but it does simplify the process. Installation directories are set using environment variables in the Dockerfiles, making it transparent for users.

The second commit simply adds a project to illustrate how straightforward the integration process is. You can test it using the standard helper commands.

Fixes: #11967

Co-authored-by: mschwager matt.schwager@trailofbits.com

[google-cla[bot]]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[github-actions[bot]]

AdvenamTacet is integrating a new project:
- Main repo: https://github.com/ohler55/ox
- Criticality score: 0.61870

[jonathanmetzman]

Can both of you sign the CLA?

[jonathanmetzman]

/gcbrun trial_build.py ruby --fuzzing-engines libfuzzer --sanitizers coverage

[jonathanmetzman]

I fixed an issue with the testing infra. Let's try agian.

[jonathanmetzman]

/gcbrun trial_build.py ruby --fuzzing-engines libfuzzer --sanitizers coverage

[jonathanmetzman]

Can you add ruby to LANGUAGES in infra/constants.py please?

[jonathanmetzman]

Can you add ruby to LANGUAGES in infra/constants.py please?

Can we do this? Really excited to get this landed.

[AdvenamTacet]

I'm happy to report that I solved CLA failure, but I had to force-push to accomplish that (squashed all changed while doing that).

I will test installing rvm from apt `ppa:rael-gc/rvm` repo Tomorrow ``` sudo apt-add-repository -y ppa:rael-gc/rvm sudo apt-get update sudo apt-get install rvm ``` and if it works, I will push that change. I don't see anything else I should do before merge, let me know if I missed something. One more time, thank you for your help!

[jonathanmetzman]

/gcbrun trial_build.py ruby --fuzzing-engines libfuzzer --sanitizers coverage

[jonathanmetzman]

I think the integration is still broken. I'm going to try to fix it when i gt to the office. I'm going to use my own email for the ruby project for now so no one gets spurious emails.