HTTP Parser
American Fuzzy Lop
Our great sponsors
| HTTP Parser | American Fuzzy Lop | |
|---|---|---|
| 8 | 21 | |
| 6,115 | 2,903 | |
| - | - | |
| 0.0 | 0.0 | |
| almost 2 years ago | almost 3 years ago | |
| C | C | |
| MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
HTTP Parser
-
eBPF will help solve service mesh by getting rid of sidecars
It looks not too different from the majority of HTTP parsers out there written in C. Here is an example of NodeJS [0].
[0] https://github.com/nodejs/http-parser/blob/main/http_parser....
-
C in Web Dev
NodeJS's HTTP parser used to be a handwritten C lib: http-parser
-
The history and reasons behind CORS, and how to use it
Whoa, I didn't know that! But yeah, it seems like https://github.com/nodejs/http-parser is based on nginx. It now uses https://github.com/nodejs/llhttp but has some of the same legacy.
On the other hand, deno's HTTP stuff is built on top of Hyper, a Rust library https://github.com/hyperium/hyper
-
A Universal I/O Abstraction for C++ (2020)
Boost.Beast has its own HTTP parser[0], during the development of which Vinnie Falco (the principle author of Beast) found many bugs/inconsistencies in Node.js's own parser[1]
[0] https://www.boost.org/doc/libs/develop/libs/beast/doc/html/b...
[1] https://github.com/nodejs/http-parser/issues?q=is%3Aissue+au...
-
How to pass ownership of std::function object to function pointer?
For cases where it is necessary to pass local information to/from a callback, the http_parser object's data field can be used.
-
Plain Text Protocols
Legacy HTTP/1.1 suffers a few issues, see the current RFC errata:
https://www.rfc-editor.org/errata_search.php?rfc=7230&rec_st...
There are issues particularly around how whitespace and obsolete line folding should be handled
https://github.com/nodejs/http-parser/issues?q=is%3Aissue+wh...
https://github.com/httpwg/http-core/issues/53
It's not as trivial as a few string splits.
-
Looking for good http parser in C++ or C
There's picohttpparser and the one used in node.js: https://github.com/nodejs/http-parser
American Fuzzy Lop
-
Prefer table driven tests (2019)
There's some efforts to guide test generation for property based testing to make the instruction pointer explore as large a space as possible.
This effort is more mature in the fuzzing community. See eg American Fuzzy Lop https://github.com/google/AFL
-
C++ Faker library
What you're describing, just generating random input to test a program, is sometimes called "blind fuzzing" but the state-of-the-art is far beyond that. Maybe try reading through the documentation of e.g. https://github.com/google/AFL to see what a fuzzer does and why just producing random input isn't even scratching the surface.
-
Hyperpom: An Apple Silicon Fuzzer for 64-bit ARM Binaries
for general riscv I used to use this https://github.com/google/AFL I dont know if it supports x64 tho.
-
How to fuzz java code with jazzar?
Ex ( AFL, WinAFL, HonggFuzz, LibFuzzer, Jazzer )
-
One year ago I wrote a buddy memory allocator - project update
I wrote this little fuzz test target in order to fuzz it with afl (under ASan and UBSan):
-
Beariish/little: A small, easily embedded language implemented in a single .c file
afl, which is trivial to apply to this program:
-
TCL like interpreter suitable for embedded use
I made my own version of a TCL interpreter (well, a very TCL like langauge) derived from "picol" available at https://github.com/howerj/pickle. There are many different re-implementations and derivatives of this interpreter but they all seem very "crashy", this one has been significantly hardened by using a fuzzer on it which ran for months called American Fuzzy Lop https://lcamtuf.coredump.cx/afl/ . It is also more suitable for embedded use whilst still not having arbitrary restrictions like many other implementations.
-
What's in your tool belt?
On Linux afl is a very powerful bug-finding tool, and it's a great companion when doing code review. Composes well with ASan and UBSan.
- Afl - American fuzzy lop - a security-oriented fuzzer
-
Difficulty of CSCA48 compared to other first year cs/math courses
b-, https://lcamtuf.coredump.cx/afl/
What are some alternatives?
llhttp - Port of http_parser to llparse
boofuzz - A fork and successor of the Sulley Fuzzing Framework
C++ Format - A modern formatting library
honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
semver.c - Semantic version in ANSI C
Cppcheck - static analysis of C/C++ code
PHP CPP - Library to build PHP extensions with C++
stb - stb single-file public domain libraries for C/C++
ZXing - ZXing ("Zebra Crossing") barcode scanning library for Java, Android
Klib - A standalone and lightweight C library
Experimental Boost.DI - C++14 Dependency Injection Library