Kirill Kirill89
Kirill89
/ client.js
Created
August 13, 2018 06:55
— forked from steinwaywhw/client.js
A minimal term.js server/client demo. To be used with node.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var client = {}; | |
| client.run = function (options) { | |
| options = options || {}; | |
| var socket = io.connect(options.remote || "http://localhost:8080"); | |
| socket.on('connect', function() { | |
| var term = new Terminal({ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class GoodError extends Error { | |
| constructor(...args) { | |
| super(...args); | |
| this.name = 'GoodError'; | |
| Error.captureStackTrace(this, GoodError); | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| if ! [[ -x "$(command -v lebab)" ]]; then | |
| echo 'Error: lebab is not installed.' >&2 | |
| echo 'Please run: npm install -g lebab tslint' >&2 | |
| exit 1 | |
| fi | |
| if ! [[ -x "$(command -v tslint)" ]]; then | |
| echo 'Error: tslint is not installed.' >&2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # put it into your ~/.zshrc | |
| edit64() | |
| { | |
| DECODED=$(pbpaste | base64 --decode) | |
| TMP=$(mktemp) | |
| echo "Temporary file: $TMP" | |
| echo "$DECODED" > "$TMP" | |
| vi "$TMP" | |
| UPDATED=$(cat ${TMP}) |
Kirill89
/ readFileSync_vs_readFile.js
Last active
March 23, 2019 00:10
readFileSync vs readFile benchmark
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const fs = require('fs'); | |
| const util = require('util'); | |
| const readFile = util.promisify(fs.readFile); | |
| fs.writeFileSync('a', 'a'); | |
| const attempts = 100000; | |
| function runInCallback(left, cb) { |
Kirill89
/ prototype-pollution-merge-check.js
Last active
June 27, 2023 15:32
prototype pollution check
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // https://github.com/Kirill89/prototype-pollution-explained | |
| const mergeFn = require('lodash').defaultsDeep; | |
| const payloads = [ | |
| '{"constructor": {"prototype": {"a0": true}}}', | |
| '{"__proto__": {"a1": true}}', | |
| ]; | |
| function check() { | |
| for (const p of payloads) { | |
| mergeFn({}, JSON.parse(p), {}); |
Kirill89
/ Dockerfile
Last active
March 6, 2023 10:27
Prototype Pollution security vulnerability in minimist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ubuntu:18.04 | |
| COPY ./app /app | |
| RUN chmod u+s /app | |
| RUN useradd -s /bin/bash just-user | |
| USER just-user |
Kirill89
/ Dockerfile
Created
March 12, 2020 08:36
Prototype Pollution security vulnerability in yargs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ubuntu:18.04 | |
| COPY ./app /app | |
| RUN chmod u+s /app | |
| RUN useradd -s /bin/bash just-user | |
| USER just-user |
Kirill89
/ gist:8a19a391a207962e07d902d7d229d0b8
Created
August 6, 2020 15:03
— forked from looping/gist:cd25b16e93b8fa3158cf
Hack a .a library file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Using libtool, lipo, ar and otool | |
| lipo -info input.a | |
| lipo -extract_family arm64 -output output.a input.a | |
| # output.a is a fat file (use libtool(1) or lipo(1) and ar(1) on it) | |
| # lipo output.a -thin arm64 -output output_arm64.a | |
| ar -x output_arm64.a |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const fs = require('fs'); | |
| let data = fs.readFileSync('IRONCLAD.autosave.json', 'utf8'); | |
| const out = []; | |
| for (let i = 0; i < data.length; i++) { | |
| const key = 'key'; | |
| out.push(data.charCodeAt(i) ^ key.charCodeAt(i % key.length)); | |
| } |