coreyshuman / geekwiseapplicationsecurity Goto Github PK
View Code? Open in Web Editor NEW12-week Geekwise course on web application security and hardening.
12-week Geekwise course on web application security and hardening.
The docker migrations aren't waiting for the previous to finish before continuing.
It is currently using Promise.all(filePromises)
, this should be changed to a synchronous solution.
The browser strips invalid html tags before my parsing script can fix it up.
Example:
<pre><code class="php"><html>
<body>
<?php
print "Not found: " . urldecode($_SERVER["REQUEST_URI"]);
?>
</body>
</html></code></pre>
becomes:
<pre><code class="php">
<?php
print "Not found: " . urldecode($_SERVER["REQUEST_URI"]);
?>
</code></pre>
I added the following script tag to encapsulate these types of code sections:
<script type="code-template"></script>
These will be stripped out. However if there is embedded script tags, it doesn't work properly:
<pre><code><script type='code-template'><script>alert("You've been hacked!")</script></script></code></pre>
Options:
<code>
tag and pass in the script content. HLJS already seems to have some support for something like this.Something is up with the scripting in Firefox (works fine in chrome).
Try clicking edit
to see the issue.
May want to implement the chmod a+x
command as part of the image startup process, or look into better options.
Postgres takes a long time start up on some machines (30+ seconds).
In this situation, the migration server will try to run and will crash because Postgres will either not have opened the port yet, or it will send a incomplete startup packet.
Migration server should have a retry mechanism to keep trying until success (or container kill).
I am getting the following error when using docker-compose up
$ docker-compose up
01basicinsecurewebapp_frontend_1 is up-to-date
01basicinsecurewebapp_postgres_1 is up-to-date
Starting 01basicinsecurewebapp_apiserver_1 ... error
ERROR: for 01basicinsecurewebapp_apiserver_1 Cannot start service apiserver: OCI runtime create failed: container_linux.go:296: starting container process caused "exec: \"/home/node/server/scripts/entrypoint.sh\": permission denied": unknown
ERROR: for apiserver Cannot start service apiserver: OCI runtime create failed: container_linux.go:296: starting container process caused "exec: \"/home/node/server/scripts/entrypoint.sh\": permission denied": unknown
ERROR: Encountered errors while bringing up the project.
Example:
$stmt = $dbh->prepare("SELECT * FROM product WHERE price BETWEEN :price1 AND :price2");
$stmt->bindParam(':price1', $price1);
$stmt->bindParam(':price2', $price2);
$price1 = 1;
$price2 = 10;
$stmt->execute();
Becomes:
$stmt = $dbh->prepare("SELECT * FROM product WHERE price BETWEEN :price1 AND :price2");
$stmt->bindParam(':price1', $price1);
$stmt->bindParam(':price2', $price2);
$price1 = 1;
$price2 = 10;
$stmt->execute();
The regex needs to be adjusted to be more greedy and grab everything until the last closed url.
example that would break:
[My Site](http://mysite.com/(test))
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.