Skip to content

Instantly share code, notes, and snippets.

@archisgore
archisgore / gist:6471ea7b89ba93ab95082948a3e19307
Created December 23, 2021 04:32
Extracting license info from Rust crate dependencies
cargo license --json | jq -r '.[] | "Zerotect,\"" + .name + "\",\"" + .version + "\",\"https://crates.io/crates/" + .name + "\",\"" + .license + "\",\"" + .repository + "/blob/master/LICENSE\",\"" + .description + "\",Production (Distributed),Static link,No,No,No"' > dependencies.csv
@archisgore
archisgore / cloc_github_org.sh
Last active May 30, 2024 18:43
Count Lines of code in entire github org
#!/bin/bash
# This command clones all repos in a GitHub org and counts lines of code in each
# It can be re-run to collect new repos and pull the latest changes
set -euo pipefail
USAGE="Usage: $0 <user|org> [depth]"
@archisgore
archisgore / yum-make-everything-old.sh
Last active June 5, 2021 16:15
Make everything old and install more oldest-possible-packages and start all services.
#!/bin/bash
install_version() {
# This would be: NetworkManager.x86_64 1:1.14.0-14.el8 rhel-8-baseos-rhui-rpms
local -r version_entry="$1"
# What yum operation do you want?
local -r operation="$2"
echo " Attempting to install version entry: $version_entry"
@archisgore
archisgore / yum-downgrade-all.sh
Last active June 2, 2021 17:35
Downgrades all packages on a yum/redhat based system to oldest possible versions.
#!/bin/bash
install_version() {
# This would be: NetworkManager.x86_64 1:1.14.0-14.el8 rhel-8-baseos-rhui-rpms
version_entry="$1"
echo " Attempting to install version entry: $version_entry"
# This would be: NetworkManager.x86_64
package_arch="$(echo $version_entry | awk -F" " '{print $1}')"
# This would be: NetworkManager (we remove the .x86_64 or any architecture)
How to SSH into server:
ssh [email protected]
#Password: admin
@archisgore
archisgore / npm_dependency_confusion.md
Last active February 17, 2021 05:52
NPM/Node.js code injection attack

NPM/Node.js recently had a clever, yet simple, code injection attack using "dependency confusion" as the vulnerability. I describe the attack as conducted (simulated, really), and a systemic solution Polyverse has been building for the past two years designed to solve specifically this problem.

A recap of the attack, for baseline:

Node dependencies are specified by name and version but not address/location, i.e., {“sorter”: “1.0”, “binary-search”: “2.0”, “polyverse-billing”: 1.0}.

Notice the last one? It’s intended to be Polyverse internal and contains our proprietary (and sensitive) billing code. Obviously it does not exist on npmjs.com, the public upstream node package repository. It instead comes from a private repository hosted by Polyverse.

In a Sequence Diagram, this is how the flow worked before the attack. Pretty straight-forward.

@archisgore
archisgore / ffbuilds
Last active November 23, 2020 05:36
FireFox builds
SOURCE:
https://polyverse-downloads.s3.amazonaws.com/firefox/mozilla-unified.tar.bz2
BUILDS:
https://polyverse-downloads.s3.amazonaws.com/firefox/plain-firefox-85.0a1.en-US.linux-x86_64.tar.bz2
https://polyverse-downloads.s3.amazonaws.com/firefox/gcc-firefox-85.0a1.en-US.linux-x86_64.tar.bz2
https://polyverse-downloads.s3.amazonaws.com/firefox/debug-new-static-firefox-85.0a1.en-US.linux-x86_64.tar.bz2
@archisgore
archisgore / gist:ed301e6e674218f24d6930f4367b61c2
Created September 3, 2020 02:43
Access to blockchain server
ssh 107.180.100.242
@archisgore
archisgore / gist:d1dda9965db63342546501689fa3f309
Created May 3, 2020 07:05
Convert json-schema into AWS Glue struct schema (for automating JSON parsing in Glue using AWS CDK)
import request from 'sync-request';
import * as glue from '@aws-cdk/aws-glue';
export function polytectJsonSchemaToGlue(): glue.Type {
console.log("Getting Polytect reference schema...")
const res = request('GET', 'https://raw.githubusercontent.com/polyverse/polytect/master/reference/schema.json');
const body = res.getBody();
const schema = JSON.parse(body.toString());
return recursiveGlueColumns(schema, schema.definitions);
}
@archisgore
archisgore / aws-cdk-s3-notification-from-existing-bucket.ts
Last active June 17, 2021 12:44
AWS CDK add notification from existing S3 bucket to SQS queue
import * as cr from '@aws-cdk/custom-resources';
import * as logs from '@aws-cdk/aws-logs';
import * as s3 from '@aws-cdk/aws-s3';
import * as sqs from '@aws-cdk/aws-sqs';
import * as iam from '@aws-cdk/aws-iam';
import {Construct} from '@aws-cdk/core';
// You can drop this construct anywhere, and in your stack, invoke it like this:
// const s3ToSQSNotification = new S3NotificationToSQSCustomResource(this, 's3ToSQSNotification', existingBucket, queue);