[langsec-discuss] An Input Validator for HTTP based on Context-free Languages

Pedro pedro.valero at imdea.org
Fri Nov 11 13:21:20 UTC 2016


Hello all,

We are glad to share with you our results on input validation following the
spirit of langsec.

We have built a proof of concept input validator for HTTP messages solely by
writing down context-free grammars, regular expressions and, last but not
least, no user-defined code other than boilerplate.  The checks our 
validator
implements are a subset of those implemented in HTTPolice 
<https://github.com/vfaronov/httpolice>.

Our publicly available proof of concept 
<https://github.com/pevalme/HTTPValidator> is implemented on top of
Flex and Bison but, in principle, any other parser/scanner generator 
would do.
The rationale of our approach is explained in a technical report 
<https://arxiv.org/abs/1610.07198>.

Any comments, suggestions or pull requests are welcome!

Pedro.

HTTPValidator : https://github.com/pevalme/HTTPValidator
Technical report: https://arxiv.org/abs/1610.07198

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20161111/4e36b4a2/attachment.html>


More information about the langsec-discuss mailing list