gazagnaire.org / ocaml-csrf
CSRF protection using HMAC-signed state tokens (RFC 5869, RFC 2104)
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Migrate from vendored crowbar to opam-pinned alcobar

- Remove vendored crowbar/ directory
- Replace all Crowbar references with Alcobar across 176 .ml files
- Update all fuzz dune files: crowbar → alcobar in libraries
- Remove 77 gen_corpus.ml files (alcobar handles corpus internally)
- Update dune-project files: crowbar → alcobar in dependencies
- Update merlint rules (e705, e726): Crowbar → Alcobar in checks,
docs, and examples
- Update merlint generated docs (index.html)

428 files changed, ~1200 lines removed net.

Thomas Gazagnaire 7194cf98 8170be21

+5 -27
+2 -8
fuzz/dune
··· 3 3 (executable 4 4 (name fuzz) 5 5 (modules fuzz fuzz_csrf) 6 - (libraries csrf crowbar crypto-rng.unix)) 7 - 8 - (executable 9 - (name gen_corpus) 10 - (modules gen_corpus) 11 - (libraries unix)) 6 + (libraries csrf alcobar crypto-rng.unix)) 12 7 13 8 (rule 14 9 (alias runtest) ··· 24 19 (= %{profile} afl)) 25 20 (deps 26 21 (source_tree corpus) 27 - fuzz.exe 28 - gen_corpus.exe) 22 + fuzz.exe) 29 23 (action 30 24 (echo "AFL fuzzer built: %{exe:fuzz.exe}\n")))
+1 -1
fuzz/fuzz.ml
··· 1 - let () = Crowbar.run "csrf" [ Fuzz_csrf.suite ] 1 + let () = Alcobar.run "csrf" [ Fuzz_csrf.suite ]
+1 -1
fuzz/fuzz_csrf.ml
··· 1 1 (** Fuzz tests for CSRF module *) 2 2 3 - open Crowbar 3 + open Alcobar 4 4 5 5 let () = Crypto_rng_unix.use_default () 6 6
+1 -1
fuzz/fuzz_csrf.mli
··· 1 1 (** Fuzz tests for {\!Csrf}. *) 2 2 3 - val suite : string * Crowbar.test_case list 3 + val suite : string * Alcobar.test_case list 4 4 (** Test suite. *)
-16
fuzz/gen_corpus.ml
··· 1 - (** Generate seed corpus for fuzz testing. *) 2 - 3 - let () = 4 - (try Unix.mkdir "corpus" 0o755 5 - with Unix.Unix_error (Unix.EEXIST, _, _) -> ()); 6 - let write name data = 7 - let oc = open_out_bin (Filename.concat "corpus" name) in 8 - output_string oc data; 9 - close_out oc 10 - in 11 - write "seed_000" "secret-key"; 12 - write "seed_001" "csrf-state-value"; 13 - write "seed_002" ""; 14 - write "seed_003" (String.make 64 'A'); 15 - write "seed_004" "key\x00with\x00nulls"; 16 - write "seed_005" (String.init 32 (fun i -> Char.chr (i + 65)))