Coder Social home page Coder Social logo

cve-rs's Introduction

Blazingly ๐Ÿ”ฅ fast ๐Ÿš€ memory vulnerabilities, written in 100% safe Rust. ๐Ÿฆ€

cve-rs allows you to introduce common memory vulnerabilities (such as buffer overflows and segfaults) into your Rust program in a memory safe manner.

Why choose cve-rs?

  • ๐Ÿฉธ Bleeding edge technology
  • ๐Ÿ•น๏ธ Paradigm-changing (no more unsafe code!)
  • ๐Ÿ”ฅ Blazingly fast
  • ๐Ÿ’ก Easy to use
  • ๐Ÿ† Featuring way ๐Ÿ‘‹ too 2๏ธโƒฃ many ๐Ÿคฏ emojis in the ๐Ÿ“– readme ๐Ÿ”ฅ ๐Ÿฆ€ ๐Ÿ’จ
  • ๐Ÿฆ€ Built in 100% memory-safe Rust

Example

// With cve-rs, you can crash prod in a ๐Ÿ”ฅ blazingly fast manner!
pub fn segfault() {
	let null: &mut u8 = cve_rs::null_mut::<u8>();
	*null = 42;
}

Segfault demo

Rust is an amazing language. You can program a lot of useful things while ensuring that your program will stay safe. Unfortunately, safe Rust is quite limiting. For example, you cannot introduce code that could corrupt the program's memory. Now, with cve-rs, you can corrupt your program's memory without corrupting your program's memory.

We are very committed to making sure cve-rs is memory-safe. We know that unsafe code can have unintended consequences, such as memory unsafety that causes bugs like segmentation faults, use-after-frees, and buffer overflows.

That is why cve-rs uses #![deny(unsafe_code)] in the entire codebase. There is not a single block of unsafe code (except for some tests) in this project.

cve-rs implements the following bugs in safe Rust:

  • Use after free
  • Buffer overflow
  • Segmentation fault

cve-rs also contains safe reimplementations of:

  • std::mem::transmute
  • std::ptr::null()/null_mut() but for references

Installation

cve-rs can be used directly with Cargo.

To use it as a library:

cargo add cve-rs

Or to run our example binary:

cargo install cve-rs
cve-rs

WASM support

cve-rs supports WASM through the WASI API, and also to Webassembly that you can run in a browser.

You can compile it and run it using Wasmer with the following commands:

cargo build --target wasm32-wasi
wasmer run target/wasm32-wasi/debug/cve-rs.wasm

Contributors

Special thanks to @Bright-Shard and @Creative0708, and everyone else who contributed to cve-rs.

Can I use cve-rs in production?

This project is licensed under the GLWTSPL.

Wait, how safe is cve-rs?!?

This project is licensed under the GLWTSPL.

License

This project is licensed under the GLWTSPL.

Good Luck

...and godspeed.

cve-rs's People

Contributors

speykious avatar creative0708 avatar bright-shard avatar antifuchs avatar elihunter173 avatar flareflo avatar eltociear avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.