In the #curl project, being written in C, we always work on simplifying the code. One way is to use more internal helper functions and avoid direct use of some functions that are often involved in C mistakes/vulnerabilities.
To measure how this develops, we count number of these function calls used per every thousand lines of code. Over time. In a graph.
Brought to the curl-library list on March 7, 2024. Discussed since then. No particular objections have been heard except the worry that apple device people might miss Secure Transport.
Once #13539 ...
In the #curl project, we spend 3.3 days/day on running tests - around 140,000 tests per commit/PR. In addition to what every developer runs in their own systems of course.
Our test failure rate in CI jobs is at 0.004%, which is annoyingly high when running this many tests.
## Summary:
Octal Type Handling of Errors in IPv4 Mapped IPv6 Addresses in curl allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that...
Hurl is a command line tool that runs HTTP requests defined in a simple plain text format.
It can chain requests, capture values and evaluate queries on headers and body response. Hurl is very versatile: it can be used for both fetching data and testing HTTP sessions.
Hurl makes it easy to work with HTML content, #REST / SOAP / GraphQL APIs, or any other XML / JSON based APIs.
Twenty-six years ago on this day, we shipped #curl 4.4. Adding support for specifying the port number for the proxy given to the -x flag. Simpler times.
## Summary:
Octal Type Handling of Errors in IPv4 Mapped IPv6 Addresses in curl allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that...
"To me, the latest is the latest my OS provides me. If #curl maintainers dont care about pushing the latest into the OSes they support, it's not me to blame. I think curl maintainers should push Centos to provide the latest to all users. What's the purpose of you fixing multiple bugs and security holes if you dont spend time to make it available to the broader audience?"
I did this The website americanas.com.br is the largest ecommerce in brazil after amazon.com. For some reason, simply requesting the main page returns with error. It's not a protection or any secur...
Brought to the curl-library list on March 7, 2024. Discussed since then. No particular objections have been heard except the worry that apple device people might miss Secure Transport.
Once #13539 ...
In the season premier we talk to none other than Daniel Stenberg! We focus on integrating Rust modules in curl, their benefits, ways in which Rust and Rust crates helped improve curl, but also how curl helped those crates, and where curl is used in t…
Two laptops, webcam on stand, mike, mike-stand, power for laptops, cable kit, repair kit, 12 curl mugs, eight packs with different curl stickers, carton coasters, pcb coasters, t-shirts, name tags + pens, two UCB-C to HDMI adapters
Adds the static library name, nghttp2_static as a name to search.
This provides cmake parity with the winbuild Makefile.vc allowing the cmake build to find and allow the link to static nghttp2 libr...
How many authors have their contributions in #curl product source code? How many have had their previous work completely removed. Over time.
The first #curl release with code present authored by 200 persons was done in 2015-04-22. In that release, we had already removed all traces of contributions from 20 authors.
In the latest release, 604 authors' code is still present. 171 authors' work have been replaced.
Curl_client_write calls Curl_cwriter_write, which already has this limitation in place in its comment.
blen is not checked in Curl_client_write. Stumbled upon this working on my other MQTT PR.
with all due respect this sounds like a confusing cli argument design. I am the one doing it wrong :’) I personally can never remember all the #curl arguments, only the most commonly used ones, and -X is one that is easy to remember and can be used for many occasions. Maybe the solution should be to prefer -X always and a separate argument for whether the redirects should follow explicitly given method
This fixes a regression of 75d79a4. The code in tool-operate truncated the etag save file, under the assumption that the file would be written with a new etag value. However since 75d79a4 that migh...
Today we celebrate the five year anniversary of #curl's bug-bounty. It has resulted in 69 reported vulnerabilities and almost 80,000 USD payouts. Out of a total of 439 submissions. 86 of them were considered "informative", which mostly means they were handled as normal bugs.
This PR is intended to test the CICD for now, as when I tried this test with the latest hyper it worked.
Edit:
It seems the test is successful on CICD, so it may be enabled. (Sorry If I missed some...
