leveryd

@migueldemoura any difference between "\0 terminated string" and "just a buffer with arbitrary bytes whose last byte is a \0"?

``` import functools import builtins original_compile = builtins.compile @functools.wraps(original_compile) def rewriting_compile(*args, **kwargs): flags = (len(args) >= 4 and args[3]) or kwargs.get("flags") or 0 print("rewriting_compile") return False builtins.compile = rewriting_compile compile...

@ubogdan i have sent to you.

i need this feature too,so unfamilar to c code.

从python代码层面fuzz怎么样？这样就不用自己写很多的c代码了。 比如 ``` import requests requests.get(sys.stdin.readline().strip()) ```

额，我之前的意思是用 afl去fuzz ``` afl-fuzz -m 300 -i fuzz_in -o fuzz_out ./python test.py ``` ``` # test.py import requests requests.get(sys.stdin.readline().strip()) ```

> @leveryd Try adding this line before `m.log`: `pcall(require, "m")` It still behave the same, i can not find the log message.

``` crash> search -u AB 7f08dff58ca8: ab ... crash> rd 0x7f08dff58ca8 7f08dff58ca8: 00000000000000ab ........ crash> x /10x 0x7f08dff58ca8 0x7f08dff58ca8: Cannot access memory at address 0x7f08dff58ca8 ``` why `x` command can...

If u just want to test lua script with crs rule, u can try `leveryd/modsecurity:CVE-2024-1019` image, edit `/tmp/debug.lua` and test it. ``` ~ # docker run -ti -p 80:80 -e...

> 这个文件是从 MySQL 8.0 的[语法文件](https://github.com/mysql/mysql-server/blob/8.0/sql/sql_yacc.yy)转换而成的。 是怎么转的？有脚本么？ 我对照这两个文件，似乎是 去掉了所有的声明部分、语法中规则中的 {...} 代码，只保留了 %%...%% 中的部分语法。 --- How is it transferred? Is there a script? When I compare the two files, it seems to...