Mike Samuel mikesamuel
mikesamuel
/ hashable-json.js
Last active
February 21, 2019 05:43
A canonicalizing function to make it easy to hash JSON
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "use strict"; | |
| // Prompted by https://esdiscuss.org/topic/json-canonicalize | |
| // Given a string of JSON produces a string of JSON without unnecessary | |
| // degrees of freedom like whitespace, optional escape sequences, and | |
| // unnecessary variance in number representation. | |
| function hashable(json) { | |
| const strs = [] // Side table to collect string bodies | |
| return reorderProperties( |
mikesamuel
/ frenemies.md
Last active
February 28, 2018 16:29
Frenemies: Mutual suspicion in Node.js
Lets project teams trust code they know with more than code they don't.
This is now implemented: https://github.com/OWASP/url-classifier
Matching URLs with regular expressions is hard.
Even experienced programmers who are familiar with the URL spec produce code like /http:\/\/example.com/
which spuriously matches unintended URLs like
mikesamuel
/ header-safe-defaults.md
Last active
June 19, 2021 04:08
Golang header safe defaults library proposal
A proposed library that provides safe defaults (with opt-out) for security-relevant HTTP response headers.
daicham
/ .gitlab-ci.yml
Last active
November 13, 2024 07:47
A sample of .gitlab-ci.yml for a gradle project
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| image: java:8-jdk | |
| stages: | |
| - build | |
| - test | |
| - deploy | |
| before_script: | |
| # - echo `pwd` # debug | |
| # - echo "$CI_BUILD_NAME, $CI_BUILD_REF_NAME $CI_BUILD_STAGE" # debug |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "use strict"; | |
| const vm = require("vm"); | |
| const sandbox = { anObject: {} }; | |
| const whatIsThis = vm.runInNewContext(` | |
| const ForeignObject = anObject.constructor; | |
| const ForeignFunction = ForeignObject.constructor; | |
| const process = ForeignFunction("return process")(); | |
| const require = process.mainModule.require; | |
| require("fs"); |
git clone [email protected]:YOUR-USERNAME/YOUR-FORKED-REPO.git
cd into/cloned/fork-repo
git remote add upstream git://github.com/ORIGINAL-DEV-USERNAME/REPO-YOU-FORKED-FROM.git
git fetch upstream