Steven Johnstone
Steven Johnstone
Awesome tool, really useful. Thanks! I read the README and accompanying paper but failed to realise that random outputs may be chosen which would be rejected by a corresponding ANTLR...
Version 0.1.0. ```go package foo import ( "io/ioutil" "log" "os" "path/filepath" ) func output(name string) error { f, err := os.Open(name) if err != nil { return err } f.Write([]byte("foo"))...
Finding gokart really useful so far: nice work! Using 0.1.0, I see quite a lot of false positives for SSRF. For example, ```go package bug import "net/http" func doSomething(req *http.Request)...
I installed Luarocks 3.3.1 on Debian as per instructions [here](https://github.com/luarocks/luarocks/wiki/Installation-instructions-for-Unix). I modified my /etc/hosts so that luarocks.org would resolve to a local server. The local server has a self-signed certificate:...
I've made a fuzzer for lua: https://github.com/stevenjohnstone/afl-lua. I was trying it out on known vulnerabilities and verified that it could detect the issues flagged in CVE-2018-11218 with 0.4.0-0. I then...
With the current instructions, luarocks will fail to install the github version instead falling back to 0.4.0-0 which is vulnerable to CVE-2018-11218.
On 1da0733f147ed0a4547791576db53c04780cd498, compile and run testcase.c below to see an out-of-bounds read: ```C // testcase.c #include /* 00000000: 2330 2020 3a22 2020 20 #0 :" */ uint8_t input[] = {...
On 1da0733f147ed0a4547791576db53c04780cd498, compile & run the following to see an out-of-bounds read: ```C #include // utf-8 BOM uint8_t input[] = { 0xEF, 0xBB, 0xBF }; int main(int argc, const char...
On 1da0733f147ed0a4547791576db53c04780cd498, testcase.c ```C #include /* 00000000: 7420 6e65 7874 2626 646f 2065 6e64 263d t next&&do end&= 00000016: 2727 7768 696c 653d 20 ''while= */ uint8_t input[] = {...
On 1da0733f147ed0a4547791576db53c04780cd498, ```C #include /* 00000000: 250a 237b 3c3c 307d 0a00 %.#{ list->offsets[list->size - 1]' failed. Aborted ```