In case you have missed the past few years of progress in programming language development, there is a nascent movement to replace tired old software that was written in old fashioned languages like C, with equivalents based on modern safer languages.
kurly is born of my shared desire with my friend and collaborator Al S-M to contribute to this fledgling grassroots mission by reproducing the functionality of the widely popular
We are not security experts, and we do recognize that people are fallible (including ourselves), therefore it is with this in mind that we believe we need all the help we can get. Several languages exist which could be used to fulfill our goal, but in this case we picked Golang.
As Tony Arcieri so eloquently explained in his blog post, it’s time for a memory safety intervention.
kurly is our attempt to do our part.
The aim of
kurly is not to grow full feature parity, largely due to the benefit of 20 years of Internet progress since curl’s inception. Outside of nostalgia I’m pretty sure no-one cares about the Gopher protocol, for example. We’ve decided to focus initially on HTTP(S) features, and have already implemented a good chunk of those in common usage at time of writing.
$ kurly NAME: kurly - [options] URL USAGE: kurly [global options] command [command options] [arguments...] VERSION: 1.0.0 COMMANDS: help, h Shows a list of commands or help for one command GLOBAL OPTIONS: --output value, -o value Filename to name url content to --upload-file value, -T value File to upload --remote-name, -O Save output to file named with file part of URL -v Verbose output --max-time value, -m value Maximum time to wait for an operation to complete in seconds (default: 0) -R Set the timestamp of the local file to that of the remote file, if available --location, -L Follow 3xx redirects --max-redirs value Maximum number of 3xx redirects to follow (default: 10) --silent, -s Mute kurly entirely, operation without any output --request value, -X value HTTP method to use (default: "GET") --user-agent value, -A value User agent to set for this request (default: "Kurly/1.0") --header value, -H value Extra headers to be sent with the request --expect100-timeout value Timeout in seconds for Expect: 100-continue wait period (default: 1) --data value, -d value Sends the specified data in a POST request to the server --data-ascii value The same as --data, -d --data-raw value Basically the same as --data-binary (no @ interpretation) --data-binary value Sends the data as binary --data-urlencode value Sends the data as urlencoded ascii --help, -h show help --version, -V print the version
Are we expecting zero bugs or security holes? No. That would be the absolute height of arrogance, and we’re pretty confident bugs will be found. That being said, we are expecting a certain amount of safety implied in the fact that we’re not manually manipulating pointers in memory, and are otherwise benefitting from Golang’s implicit design safety.
kurly is being published under the Apache 2.0 license, and is being open sourced today. We’d love to receive bug reports, feature requests, and pull requests! Please feel free to pitch in!
The source can be found on GitHub.
Binaries are initially being provided for the following platforms with the possibility of more depending on demand:
So, in summary, please give
kurly a try and see how it fits into your workflow. We’re really interested in feedback regarding how it works for you, limitations, glaring contrasts with curl, what you’d like to see added, altered, etc. Please feel free to file issues through the GitHub project or email us.