Steven Johnstone
Steven Johnstone
Awesome tool, really useful. Thanks! I read the README and accompanying paper but failed to realise that random outputs may be chosen which would be rejected by a corresponding ANTLR...
Version 0.1.0. ```go package foo import ( "io/ioutil" "log" "os" "path/filepath" ) func output(name string) error { f, err := os.Open(name) if err != nil { return err } f.Write([]byte("foo"))...
Finding gokart really useful so far: nice work! Using 0.1.0, I see quite a lot of false positives for SSRF. For example, ```go package bug import "net/http" func doSomething(req *http.Request)...
I installed Luarocks 3.3.1 on Debian as per instructions [here](https://github.com/luarocks/luarocks/wiki/Installation-instructions-for-Unix). I modified my /etc/hosts so that luarocks.org would resolve to a local server. The local server has a self-signed certificate:...
I've made a fuzzer for lua: https://github.com/stevenjohnstone/afl-lua. I was trying it out on known vulnerabilities and verified that it could detect the issues flagged in CVE-2018-11218 with 0.4.0-0. I then...
With the current instructions, luarocks will fail to install the github version instead falling back to 0.4.0-0 which is vulnerable to CVE-2018-11218.