We are proud to express our love to Rust that keeps the vulns rolling in
Summary
What we do is parse security vulnerabilities and
match them against user profiles.
In order to cover the majority of platforms
and software we need to dig throw a ton of
vulnerabilities. We do everything from
parse large XML blobs from operating system
to writing custom spiders that gather the data
and the list goes on.
In order to make Firo work we need to write good
and effective code and the programming language Rust
is making us very happy and we love the Rust devs for that ❤.
Rust is a pretty new programming language
that is trying to achieve a programming language
trifecta:
* Speed
* Safety
* Concurrency
Rust can be looked at like a modern c++ with built in
memory management and a great library manager Cargo!
Some of our favorite Crates(Libraries)
lmdb_rs
lmdb is our favorite key value based database because it simply provides us with great performance. Here is a syntax example:
extern crate lmdb_rs as lmdb;
use lmdb::{EnvBuilder, DbFlags};
let env = EnvBuilder::new();
let env = env.map_size(10485760 * 1024);
let env = env.open("database-lmdb", 0o777).unwrap();
let db_handle = env.get_default_db(DbFlags::empty()).unwrap();
let txn = env.new_transaction().unwrap();
{
let db = txn.bind(&db_handle);
db.set(&input0, &input1).unwrap();
}
match txn.commit() {
Err(_) => println!("failed to commit!"),
Ok(_) => ()
}
lmdb is also used by a lot of projects such as openldap and Monero! Links: lmdb on wikipedia
Note:
After we have run lmdb for a while we realized how unstable it was,
so for larger systems we do not recommend it.
reqwest
Reqwest is almost like what the request library in python is, a great http swizz army knife library for all your http needs. During bench marking http downloads reqwest performed a lot better then regular old wget! Syntax example:
extern crate reqwest;
let mut res = reqwest::get(&url)?;
let mut body = String::new();
res.read_to_string(&mut body)?;
Link: Reqwest crates.io
xml-rs
Like a grave digger looking for gold xml-rs is our pick ax in the hunt for vulnerabilities in the xml swamp :) Link: xml-rs
blake2
Blake was one of the candidates to sha3 and now its mainly used by a lot of paranoid people people writing encryption applications. The blake2 is both a nice implementation of blake2 and has a simple syntax for creating a hash:
use blake2::{Blake2b, Digest};
let hash = Blake2b::digest(inputstring.as_bytes());
let hashstring = format!("{:x}", hash);
Link: https://crates.io/crates/blake2
jobsteal
A simple to use threadpool library with a great name! Link: https://github.com/rphmeier/jobsteal