Merge remote-tracking branch 'origin/main' into libafl-section

Author: elopez

.github/workflows/hugo.yml

@@ -39,12 +39,12 @@ jobs:
       - name: Install Dart Sass Embedded
         run: sudo snap install dart-sass-embedded
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: recursive
       - name: Setup Pages
         id: pages
-        uses: actions/configure-pages@v3
+        uses: actions/configure-pages@v5
       - name: Install Node.js dependencies
         run: "[[ -f package-lock.json || -f npm-shrinkwrap.json ]] && npm ci || true"
       - name: Build with Hugo
@@ -57,7 +57,7 @@ jobs:
             --minify \
             --baseURL "${{ steps.pages.outputs.base_url }}/"
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v1
+        uses: actions/upload-pages-artifact@v3
         with:
           path: ./public
 
@@ -71,4 +71,4 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v1
+        uses: actions/deploy-pages@v4

.github/workflows/markdown.yml

@@ -18,7 +18,7 @@ jobs:
          path: .lycheecache
          key: cache-lychee-${{ github.sha }}
          restore-keys: cache-lychee-
-    - uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 # for v1.10.0
+    - uses: lycheeverse/lychee-action@f613c4a64e50d792e0b31ec34bbcbba12263c6a6 # for v2.3.0
       with:
         args: --base . -a 100..=103,200..=299,429 --verbose --no-progress --cache --max-cache-age 1d --scheme http --scheme https './**/*.md' './layout/shortcodes/fuzzing/*.html'
         fail: true
@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - uses: DavidAnson/markdownlint-cli2-action@v15
+    - uses: DavidAnson/markdownlint-cli2-action@v19
       with:
         globs: "**/*.md"
   # Spellcheck Markdown files using `retext` and `remark`

README.md

@@ -80,6 +80,7 @@ create a new GitHub issue and/or fix it in the new pull request.
    git checkout -b name-of-your-new-branch
    # or
    git checkout name-of-existing-branch
+   ```
 
 4. Run the Hugo server with drafts turned on (`-D`) from the project's root directory.
 Your browser will be automatically refreshed with changes whenever you save a file.

content/docs/crypto/zkdocs/_index.md

@@ -0,0 +1,23 @@
+---
+title: "Zero-knowledge protocols"
+weight: 4
+summary: "ZKDocs provides comprehensive, detailed, and interactive documentation on zero-knowledge proof systems and related primitives."
+bookCollapseSection: true
+# math: true
+# bookFlatSection: false
+# bookToc: true
+# bookHidden: false
+# bookComments: false
+# bookSearchExclude: false
+---
+# Zero-knowledge protocols
+
+ZKDocs provides comprehensive, detailed, and interactive documentation on zero-knowledge proof systems and related primitives.
+
+At [Trail of Bits](https://www.trailofbits.com/), we audit many implementations of non-standardized cryptographic protocols and often find the same issues. As we discovered more instances of these bugs, we wanted to find a way to prevent them in the future. Unfortunately, for these protocols, the burden is on the developers to figure out all of the low-level implementation details and security pitfalls.
+
+We hope that ZKDocs can fill in this gap and benefit the larger cryptography community.
+
+{{< hint info >}}
+**For in-depth resources and interactive guides on zero-knowledge proof systems, visit https://zkdocs.com.**
+{{< /hint >}}

content/docs/fuzzing/c-cpp/10-libfuzzer/index.md

@@ -14,7 +14,7 @@ Note that libFuzzer has been in [maintenance-only](https://llvm.org/docs/LibFuzz
 The more performant AFL++ fuzzer is compatible with fuzzing harnesses written for libFuzzer, which means transitioning from libFuzzer to AFL++ is easy and requires only changing your compiler from `clang++` to `afl-clang-fast++`.
 
 {{< fuzzing/intro-os >}}
-If possible, we recommend fuzzing on a local x64_64 VM or renting one on DigitalOcean, AWS, Hetzner, etc.
+If possible, we recommend fuzzing on a local x86_64 VM or renting one on DigitalOcean, AWS, Hetzner, etc.
 
 
 ## Installation {#installation}

content/docs/fuzzing/c-cpp/11-aflpp/index.md

@@ -316,10 +316,6 @@ out/default/
 
 {{< hint info >}}
 PRO TIP: The filename of a crash gives precise information about where it originated. The name `id:000000,sig:06,src:000002,time:286,execs:13105,op:havoc,rep:4` indicates that the crash with ID 0 caused a signal 6 in the SUT. The crash input originates from the source test case with ID 2. Test case 2 originates from the seed input with the test case ID 0. Additional data indicates, for example, when the crash was discovered or which mutation led to the discovery.
-
-```shell
-./afl++ <host/docker> AFL_PIZZA_MODE=1 afl-fuzz -i seeds -o out -- ./fuzz
-```
 {{< /hint >}}
 
 

content/docs/fuzzing/c-cpp/techniques/01-coverage/index.md

@@ -39,7 +39,7 @@ PRO TIP: You should not use the statistics returned by your specific fuzzer to t
 The most comparable data is generated by tools specifically made for measuring coverage.
 {{< /hint >}}
 
-The following section reviews two methods to generate coverage reports: the an LLVM-based instrumentation and a GCC-based one. LLVM offers a stable and very fast way to generate coverage reports. The LLVM toolkit supports the [SanitizerCoverage](https://clang.llvm.org/docs/SanitizerCoverage.html) instrumentation that is unique to Clang and the GCC-compatible [gcov](https://gcc.gnu.org/onlinedocs/gcc/Gcov.html) instrumentation. GCC only supports the gcov instrumentation.
+The following section reviews two methods to generate coverage reports: an LLVM-based instrumentation and a GCC-based one. LLVM offers a stable and very fast way to generate coverage reports. The LLVM toolkit supports the [SanitizerCoverage](https://clang.llvm.org/docs/SanitizerCoverage.html) instrumentation that is unique to Clang and the GCC-compatible [gcov](https://gcc.gnu.org/onlinedocs/gcc/Gcov.html) instrumentation. GCC only supports the gcov instrumentation.
 
 Both methods allow the generation of a clear representation of coverage, with the resulting HTML report consisting of multiple pages. However, the report generation with gcov output is more inefficient and requires more time compared to the LLVM one.
 
@@ -307,7 +307,7 @@ HTML coverage report generated by gcovr
 {{< /resourceFigure >}}
 
 
-**We already mentioned that gcov incrementally updates `.gcda` files over multiple runes of the coverage binaries. To start from scratch, you can manually delete all `.gcda` files after executing gcovr, or add the flag `--delete`.**
+**We already mentioned that gcov incrementally updates `.gcda` files over multiple runs of the coverage binaries. To start from scratch, you can manually delete all `.gcda` files after executing gcovr, or add the flag `--delete`.**
 
 
 ## Real-world examples {#real-world-examples}

content/docs/static-analysis/semgrep/00-installation.md

@@ -56,7 +56,7 @@ A new version of Semgrep is available. See https://semgrep.dev/docs/upgrading
 ```
 
 You can also check for updates manually by visiting the
-[Semgrep Releases](https://github.com/returntocorp/semgrep/releases) page.
+[Semgrep Releases](https://github.com/semgrep/semgrep/releases) page.
 
 #### Updating Semgrep
 
@@ -228,7 +228,7 @@ according to your preferences and tooling.
      - Use the `--severity [INFO|WARNING|ERROR]` flag to report findings only from rules that match
        the specified severity (`INFO`/`WARNING`/`ERROR`).
      - There is currently no obvious flag to limit results based on specific rule metadata (e.g., impact).
-       See the [Feature request: CLI support for filtering by rule metadata](https://github.com/returntocorp/semgrep/issues/6752)
+       See the [Feature request: CLI support for filtering by rule metadata](https://github.com/semgrep/semgrep/issues/6752)
        GitHub issue for a possible workaround.
 
    d. Data flow tracing:

content/docs/static-analysis/semgrep/10-advanced.md

@@ -20,14 +20,14 @@ semgrep --config /path/to/your/config --lang python --scan-unknown-extensions /p
 In this example, Semgrep will scan the `/path/to/your/file.xyz` file as a Python file,
 even though the `.xyz` extension is not a standard Python file extension.
 
-See also the [Allow user to specify file extensions for languages #3090](https://github.com/returntocorp/semgrep/issues/3090)
+See also the [Allow user to specify file extensions for languages #3090](https://github.com/semgrep/semgrep/issues/3090)
 GitHub issue to work around restrictions if you want to use Semgrep against your specific language, even if the file
 extension is not standard.
 
 ### Files/directories
 
 - By default, Semgrep follows the default
-[.semgrepignore](https://github.com/returntocorp/semgrep/blob/develop/cli/src/semgrep/templates/.semgrepignore) file.
+[.semgrepignore](https://github.com/semgrep/semgrep/blob/develop/cli/src/semgrep/templates/.semgrepignore) file.
 - If present, Semgrep will look at the repository's `.gitignore` file.
 - In case of a conflict between the two files, the `.semgrepignore` file takes precedence. This means that if the
   `.gitignore` file includes a file and the `.semgrepignore` file excludes it, Semgrep will not analyze the file.
@@ -109,7 +109,7 @@ for writing and testing rules. However, it is essential to consider the followin
       (e.g., `# ruleid: <id>`) into your test code to evaluate your rule's effectiveness while working in the Semgrep
       Playground (see [example](https://semgrep.dev/s/ezxE)).
     - **Note the limitations with comments**: Be aware that the Semgrep Playground does not retain comments when sharing
-      a link or "forking" a rule (Ctrl+S). Refer to this [GitHub issue](https://github.com/returntocorp/semgrep/issues/7120)
+      a link or "forking" a rule (Ctrl+S). Refer to this [GitHub issue](https://github.com/semgrep/semgrep/issues/7120)
        for more information.
 
 ### Building blocks
@@ -1019,7 +1019,7 @@ development. The channel is staffed by knowledgeable developers familiar with Se
 They are usually quick to respond to questions. They can guide you in structuring your rules and in debugging any issues
 that arise. Additionally, the Slack channel is a great place to connect with other developers working on similar
 projects, allowing you to learn from others' experiences and share your insights.
-- Use [Semgrep GitHub issues](https://github.com/returntocorp/semgrep/issues) to report bugs, suggest new features, and
+- Use [Semgrep GitHub issues](https://github.com/semgrep/semgrep/issues) to report bugs, suggest new features, and
 ask for help with specific issues.
 
 ## Thoroughly testing Semgrep rules for optimal performance

content/docs/static-analysis/semgrep/30-org.md

@@ -98,7 +98,7 @@ to reduce false positives/negatives.
     - Pay attention to the Semgrep Community Slack, where the Semgrep community helps with problems or writing custom
     rules.
     - Encourage the team to report existing limitations/bugs while using Semgrep to the Semgrep team by filling out
-    GitHub issues (see this [example issue](https://github.com/returntocorp/semgrep/issues/4587) submitted by
+    GitHub issues (see this [example issue](https://github.com/semgrep/semgrep/issues/4587) submitted by
     Trail of Bits).
 
 7. Implement Semgrep in the CI/CD pipeline by getting acquainted with the Semgrep documentation related to your CI