coreyshuman / geekwiseapplicationsecurity Goto Github PK

The docker migrations aren't waiting for the previous to finish before continuing.

It is currently using Promise.all(filePromises), this should be changed to a synchronous solution.

The browser strips invalid html tags before my parsing script can fix it up.

Example:

<pre><code class="php"><html>
<body>

  <?php
  print "Not found: " . urldecode($_SERVER["REQUEST_URI"]);
  ?>

</body>
</html></code></pre>

becomes:

<pre><code class="php">

  <?php
  print "Not found: " . urldecode($_SERVER["REQUEST_URI"]);
  ?>

</code></pre>

I added the following script tag to encapsulate these types of code sections:
<script type="code-template"></script>

These will be stripped out. However if there is embedded script tags, it doesn't work properly:

<pre><code><script type='code-template'><script>alert("You've been hacked!")</script></script></code></pre>

Options:

• Fix the stripping code by building an algorithm to keep track of nested divs
• Go a different route:
  • Use the script tags only and have my implementation manually add the <code> tag and pass in the script content. HLJS already seems to have some support for something like this.

https://forums.docker.com/t/getting-panic-spanic-standard-init-linux-go-178-exec-user-process-caused-no-such-file-or-directory-red-while-running-the-docker-image/27318/10

Something is up with the scripting in Firefox (works fine in chrome).
Try clicking edit to see the issue.

May want to implement the chmod a+x command as part of the image startup process, or look into better options.

Postgres takes a long time start up on some machines (30+ seconds).
In this situation, the migration server will try to run and will crash because Postgres will either not have opened the port yet, or it will send a incomplete startup packet.

Migration server should have a retry mechanism to keep trying until success (or container kill).

I am getting the following error when using docker-compose up

$ docker-compose up

01basicinsecurewebapp_frontend_1 is up-to-date
01basicinsecurewebapp_postgres_1 is up-to-date
Starting 01basicinsecurewebapp_apiserver_1 ... error

ERROR: for 01basicinsecurewebapp_apiserver_1  Cannot start service apiserver: OCI runtime create failed: container_linux.go:296: starting container process caused "exec: \"/home/node/server/scripts/entrypoint.sh\": permission denied": unknown

ERROR: for apiserver  Cannot start service apiserver: OCI runtime create failed: container_linux.go:296: starting container process caused "exec: \"/home/node/server/scripts/entrypoint.sh\": permission denied": unknown
ERROR: Encountered errors while bringing up the project.

Example:

$stmt = $dbh->prepare("SELECT * FROM product WHERE price BETWEEN :price1 AND :price2");
$stmt->bindParam(':price1', $price1);
$stmt->bindParam(':price2', $price2);
$price1 = 1;
$price2 = 10;
$stmt->execute();

Becomes:

$stmt = $dbh->prepare("SELECT * FROM product WHERE price BETWEEN :price1 AND :price2");
$stmt->bindParam(':price1', $price1);
$stmt->bindParam(':price2', $price2);
$price1 = 1;
$price2 = 10;
$stmt->execute();

The regex needs to be adjusted to be more greedy and grab everything until the last closed url.

example that would break:

[My Site](http://mysite.com/(test))