Hello all,
We are glad to share with you our results on input validation following the
spirit of langsec.
We have built a proof of concept input validator for HTTP messages solely by
writing down context-free grammars, regular expressions and, last but not
least, no user-defined code other than boilerplate. The checks our
validator
implements are a subset of those implemented in HTTPolice
<https://github.com/vfaronov/httpolice>.
Our publicly available proof of concept
<https://github.com/pevalme/HTTPValidator> is implemented on top of
Flex and Bison but, in principle, any other parser/scanner generator
would do.
The rationale of our approach is explained in a technical report
<https://arxiv.org/abs/1610.07198>.
Any comments, suggestions or pull requests are welcome!
Pedro.
HTTPValidator : https://github.com/pevalme/HTTPValidator
Technical report: https://arxiv.org/abs/1610.07198
_______________________________________________
langsec-discuss mailing list
langsec-discuss@mail.langsec.org
https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
