Search
Items tagged with: CURL
I have a newfound enormous appreciation for curl's ability to re-use connections in combination with the curl multi interface. Lightning fast way to make craploads of HTTPS requests!
In the #curl project, being written in C, we always work on simplifying the code. One way is to use more internal helper functions and avoid direct use of some functions that are often involved in C mistakes/vulnerabilities.
To measure how this develops, we count number of these function calls used per every thousand lines of code. Over time.
In a graph.
DEPRECATE.md: TLS libraries without 1.3 support by bagder · Pull Request #13544 · curl/curl
Brought to the curl-library list on March 7, 2024. Discussed since then. No particular objections have been heard except the worry that apple device people might miss Secure Transport. Once #13539 ...GitHub
In the #curl project, we spend 3.3 days/day on running tests - around 140,000 tests per commit/PR. In addition to what every developer runs in their own systems of course.
Our test failure rate in CI jobs is at 0.004%, which is annoyingly high when running this many tests.
Data from Dan Fandrich's curl up 2024 talk: https://www.youtube.com/watch?v=TxNdAm845Ts
Test Clutch by Dan Fandrich - curl up 2024
Dan talks about his test results analytics system and the combat and struggle against flaky tests and failing CI jobs.YouTube
Cool bug 🪳
Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses in #curl results in indeterminate SSRF #vulnerabilities.
https://hackerone.com/reports/2493548
curl disclosed on HackerOne: Incorrect Type Conversion in...
## Summary: Octal Type Handling of Errors in IPv4 Mapped IPv6 Addresses in curl allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that...HackerOne
Please consider donating a few minutes of your time and answer the #curl user survey 2024:
https://daniel.haxx.se/blog/2024/05/14/curl-user-survey-2024/
This looks interesting
Hurl is a command line tool that runs HTTP requests defined in a simple plain text format.
It can chain requests, capture values and evaluate queries on headers and body response. Hurl is very versatile: it can be used for both fetching data and testing HTTP sessions.
Hurl makes it easy to work with HTML content, #REST / SOAP / GraphQL APIs, or any other XML / JSON based APIs.
(Built with #rustlang powered by #curl)
Hurl - Run and Test HTTP Requests
Hurl, run and test HTTP requests with plain text and curl. Hurl can run fast automated integration tests.hurl.dev
Twenty-six years ago on this day, we shipped #curl 4.4. Adding support for specifying the port number for the proxy given to the -x flag. Simpler times.
It has been a long time coming, but I've made it official:
"Daniel no longer answers questions on stackoverflow. Use a dedicated public curl forum for accurate and timely answers about anything #curl. "
(yes, speaking about myself in 3rd person)
https://stackoverflow.com/users/93747/daniel-stenberg
User Daniel Stenberg
Stack Overflow | The World’s Largest Online Community for DevelopersStack Overflow
1. do not assume that URLs will be treated the same cross user-agents.
2. do not assume that IPv4-mapped IPv6-addresses can be written in octal.
Another day. Another security report against #curl we could close.
https://hackerone.com/reports/2493548
curl disclosed on HackerOne: Incorrect Type Conversion in...
## Summary: Octal Type Handling of Errors in IPv4 Mapped IPv6 Addresses in curl allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that...HackerOne
"To me, the latest is the latest my OS provides me. If #curl maintainers dont care about pushing the latest into the OSes they support, it's not me to blame. I think curl maintainers should push Centos to provide the latest to all users. What's the purpose of you fixing multiple bugs and security holes if you dont spend time to make it available to the broader audience?"
We are obviously all just too lazy.
https://github.com/curl/curl/issues/13546
americanas.com.br immediately sends RST_STREAM · Issue #13546 · curl/curl
I did this The website americanas.com.br is the largest ecommerce in brazil after amazon.com. For some reason, simply requesting the main page returns with error. It's not a protection or any secur...GitHub
DEPRECATE.md: TLS libraries without 1.3 support by bagder · Pull Request #13544 · curl/curl
Brought to the curl-library list on March 7, 2024. Discussed since then. No particular objections have been heard except the worry that apple device people might miss Secure Transport. Once #13539 ...GitHub
I survived #curl up 2024.
https://daniel.haxx.se/blog/2024/05/06/i-survived-curl-up-2024/
Includes videos of the twelve recorded presentations. Nerd-level: high.
only 3 severity high vulnerabilities in #curl during the last 5 years
(slide from my curl security talk I did over the weekend)
CURL Up 2024
The second day of the curl-up conference is about to start.
Learn more about #CURL. Live streamed on Twitch (https://twitch.tv/curlhacker).
https://github.com/curl/curl-up/wiki/2024
Did you notice how speed in #CURL changed for HTTP/2 in the last releases?
Thanks Stefan for your work!
CURL Up 2024
The curl-up conference is about to start soon with Daniel Stenberg @bagder welcoming the #opensource developers of the #CURL project.
Learn more about CURL. Live streamed on Twitch (https://www.twitch.tv/curlhacker).
https://github.com/curl/curl-up/wiki/2024
I'm happy to say that #curl celebrated its 7th year as hosted by Fastly's CDN network just yesterday.
454 TB of curl website contents were cranked out over the last twelve months. Up 27% from the previous period!
I talked about #curl and #rust on the podcast "rust in production":
https://corrode.dev/podcast/s02e01-curl/
curl - Rust in Production Podcast | corrode Rust Consulting
In the season premier we talk to none other than Daniel Stenberg! We focus on integrating Rust modules in curl, their benefits, ways in which Rust and Rust crates helped improve curl, but also how curl helped those crates, and where curl is used in t…Corrode Rust Consulting
Two laptops, webcam on stand, mike, mike-stand, power for laptops, cable kit, repair kit, 12 curl mugs, eight packs with different curl stickers, carton coasters, pcb coasters, t-shirts, name tags + pens, two UCB-C to HDMI adapters
Preparing for #curl up 2024.
https://github.com/curl/curl-up/wiki/2024
My "predicting the future" slide, used in several presentations over the last few years. It involves #curl.
"everything will be networked"
cmake: FindNGHTTP2 add static lib name to find_library call by fuzzard · Pull Request #13495 · curl/curl
Adds the static library name, nghttp2_static as a name to search. This provides cmake parity with the winbuild Makefile.vc allowing the cmake build to find and allow the link to static nghttp2 libr...GitHub
How many authors have their contributions in #curl product source code? How many have had their previous work completely removed. Over time.
The first #curl release with code present authored by 200 persons was done in 2015-04-22. In that release, we had already removed all traces of contributions from 20 authors.
In the latest release, 604 authors' code is still present. 171 authors' work have been replaced.
It is already *six* years ago #curl introduced bold names when showing headers in the terminal!
https://daniel.haxx.se/blog/2018/04/28/would-you-like-some-bold-with-those-headers/
Over the last five years of #curl's bug-bounty we have received 489 submissions. For these 489 submissions the *median* first-response time has been, as calculated by Hackerone: 0 (zero) hours. If this does not ooze of awesomeness from a security team I don't know what does.
I presume they round or truncate to the nearest integer hour. Still means more than half of them got answered within an hour. Whenever or from wherever they were filed.
We take security seriously.
"#curl is being used by several hundred projects around the European Commission"
curl is everywhere for everyone
Not bad for a "hobby"!
sendf: Curl_cwriter_write: remove comment disallowing zero length by schicho · Pull Request #13477 · curl/curl
Curl_client_write calls Curl_cwriter_write, which already has this limitation in place in its comment. blen is not checked in Curl_client_write. Stumbled upon this working on my other MQTT PR.GitHub
Awesome, so much to learn wrt. libcurl! 😍 Posting links below in case anyone is looking for them ✨
📺 Getting started with libcurl
• https://youtube.com/watch?v=aS2eJDA5nSM
📺 Mastering libcurl
• https://youtube.com/watch?v=ZQXv5v9xocU
• https://youtube.com/watch?v=9KqnXsSxqGA
Mastering libcurl (2/2) with Daniel Stenberg
Transfers, Share API, TLS, Proxies, HTTP, Header API, URL API. WebSocket. Future0:00 mastering libcurl part two0:35 setup2:30 agenda4:56 Transfers5:14 Downl...YouTube
