Skip to content

Instantly share code, notes, and snippets.

View rgranadino's full-sized avatar

beeplogic rgranadino

36 followers · 7 following
View GitHub Profile
@rgranadino
rgranadino / gist:62dd03a7b380d0c5dac9
Created February 19, 2015 01:10
<?xml version="1.0" encoding="UTF-8"?>
<config>
<global>
<sales>
<quote>
<item>
<product_attributes>
<reel_enable/>
</product_attributes>
</item>
@rgranadino
rgranadino / gist:97611298b195d335164c
Created June 17, 2015 14:00
csrf draft

I believe it will be difficult to source a definitive answer to this question of why a CSRF token is "needed" in Magento's add to cart GET action. I'll make an attempt to interpret its purpose. I'm by no means a security expert and this is my interpretation of CSRF in this particular context.

Context

From [owasp.org][1]

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.

One example of this attack is embedding a hidden image in an email or an alternate webpage:

@rgranadino
rgranadino / gist:52070d6ec9ff7607636ea2890bdc1942
Created September 11, 2017 19:07
### Keybase proof
I hereby claim:
* I am rgranadino on github.
* I am beeplogic (https://keybase.io/beeplogic) on keybase.
* I have a public key ASAbXks9Scgwvunw_13NMBXnVYDNLdWqCEZRRNKFZGzP7go
To claim this, I am signing this object:
@rgranadino
rgranadino / ecs-ssh.rb
Last active February 16, 2018 18:12
AWS ECS ssh helper
#!/usr/bin/ruby
require 'json'
$sshUser = 'ec2user'
#NOTE all of our ecs clusters are prefixed with "ecs-"
#which we assume here to save the time & trouble of having to type that out
#all of our tasks are also suffixed with the "environment" name
def sshToEcsInstance(clusterName)
cmd = "aws ecs list-container-instances --cluster ecs-"+ clusterName
instances = JSON.parse(`#{cmd}`)["containerInstanceArns"]
ec2InstanceHostname = getInstanceInfo(clusterName, instances.sample)
@rgranadino
rgranadino / main.tf
Created September 7, 2018 16:27
terraform example of app autoscaling based on customized metric specification
resource "aws_appautoscaling_policy" "scale_out" {
name = "scale-up"
policy_type = "TargetTrackingScaling"
resource_id = "service/${data.terraform_remote_state.ecs_cluster.ecs_cluster_name}/${var.service_name}"
scalable_dimension = "ecs:service:DesiredCount"
service_namespace = "ecs"
target_tracking_scaling_policy_configuration {
target_value = "${var.scaling_target_value}"
scale_in_cooldown = "${var.scale_in_cooldown}"