The LangSec Journey by Prashant Anantharaman and Dr. Sergey Bratus
Oct 17, 2016 • 2 min read

Chapter 0 - Introduction to LangSec and Installing Hammer with Ruby bindings

Language-theoretic security (LangSec) is a way of writing parsers that make them easier to audit, and enforces the validation of the input that is being received before doing any computation is performed on the input. We first fully recognize the input, and make sure it conforms with our specification. If not, we simply reject the input. The computation is completely separated from the input recognition phase.

Parser combinator libraries make it easier to write parsers, by specifying smaller parsers, and combining them later on to build the complete parser. We first decide on the language that has to be accepted by a particular protocol, which could be a regular expression, a context-free grammar, a context-sensitive grammar or a turing machine. Regular expressions and context-free grammars are easy to write and easy to enforce. Whereas the latter two are really hard to enforce.

We make use of the parser combinator library, Hammer. The hammer ruby library, which is available at Hammer Ruby Library depends on libhammer.

Quickstart

You could make use of the Docker image available for you - https://hub.docker.com/r/prashantbarca/hammer-parser/.

sudo docker run -ti prashantbarca/hammer-parser:pre

Installing hammer ruby bindings

$ git clone https://github.com/UpstandingHackers/hammer

$ cd hammer

$ scons bindings=ruby

$ sudo scons bindings=ruby install

This will install hammer to /usr/local.

gem install hammer-parser -v 0.2.0

$ irb

 > require 'hammer-parser'
 => true 

Thanks for reading the first part of the LangSec Ruby tutorial series. In the next post, we shall look at building basic regular expressions using the hammer-parser library.