Announcing kurly v1.0.0

May 1, 2017 00:00 · 612 words · 3 minutes read golang kurly web https http

In case you have missed the past few years of progress in programming language development, there is a nascent movement to replace tired old software that was written in old fashioned languages like C, with equivalents based on modern safer languages.

kurly is born of my shared desire with my friend and collaborator Al S-M to contribute to this fledgling grassroots mission by reproducing the functionality of the widely popular curl tool.

We are not security experts, and we do recognize that people are fallible (including ourselves), therefore it is with this in mind that we believe we need all the help we can get. Several languages exist which could be used to fulfill our goal, but in this case we picked Golang.

As Tony Arcieri so eloquently explained in his blog post, it’s time for a memory safety intervention. kurly is our attempt to do our part.

The aim of kurly is not to grow full feature parity, largely due to the benefit of 20 years of Internet progress since curl’s inception. Outside of nostalgia I’m pretty sure no-one cares about the Gopher protocol, for example. We’ve decided to focus initially on HTTP(S) features, and have already implemented a good chunk of those in common usage at time of writing.

$ kurly
NAME:
   kurly - [options] URL

USAGE:
   kurly [global options] command [command options] [arguments...]

VERSION:
   1.0.0

COMMANDS:
     help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --output value, -o value       Filename to name url content to
   --upload-file value, -T value  File to upload
   --remote-name, -O              Save output to file named with file part of URL
   -v                             Verbose output
   --max-time value, -m value     Maximum time to wait for an operation to complete in seconds (default: 0)
   -R                             Set the timestamp of the local file to that of the remote file, if available
   --location, -L                 Follow 3xx redirects
   --max-redirs value             Maximum number of 3xx redirects to follow (default: 10)
   --silent, -s                   Mute kurly entirely, operation without any output
   --request value, -X value      HTTP method to use (default: "GET")
   --user-agent value, -A value   User agent to set for this request (default: "Kurly/1.0")
   --header value, -H value       Extra headers to be sent with the request
   --expect100-timeout value      Timeout in seconds for Expect: 100-continue wait period (default: 1)
   --data value, -d value         Sends the specified data in a POST request to the server
   --data-ascii value             The same as --data, -d
   --data-raw value               Basically the same as --data-binary (no @ interpretation)
   --data-binary value            Sends the data as binary
   --data-urlencode value         Sends the data as urlencoded ascii
   --help, -h                     show help
   --version, -V                  print the version

Are we expecting zero bugs or security holes? No. That would be the absolute height of arrogance, and we’re pretty confident bugs will be found. That being said, we are expecting a certain amount of safety implied in the fact that we’re not manually manipulating pointers in memory, and are otherwise benefitting from Golang’s implicit design safety.

kurly is being published under the Apache 2.0 license, and is being open sourced today. We’d love to receive bug reports, feature requests, and pull requests! Please feel free to pitch in!

The source can be found on GitHub.

Binaries are initially being provided for the following platforms with the possibility of more depending on demand:

So, in summary, please give kurly a try and see how it fits into your workflow. We’re really interested in feedback regarding how it works for you, limitations, glaring contrasts with curl, what you’d like to see added, altered, etc. Please feel free to file issues through the GitHub project or email us.