[langsec-discuss] An Input Validator for HTTP based on Context-free Languages
pedro.valero at imdea.org
Fri Nov 11 13:21:20 UTC 2016
We are glad to share with you our results on input validation following the
spirit of langsec.
We have built a proof of concept input validator for HTTP messages solely by
writing down context-free grammars, regular expressions and, last but not
least, no user-defined code other than boilerplate. The checks our
implements are a subset of those implemented in HTTPolice
Our publicly available proof of concept
<https://github.com/pevalme/HTTPValidator> is implemented on top of
Flex and Bison but, in principle, any other parser/scanner generator
The rationale of our approach is explained in a technical report
Any comments, suggestions or pull requests are welcome!
HTTPValidator : https://github.com/pevalme/HTTPValidator
Technical report: https://arxiv.org/abs/1610.07198
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the langsec-discuss