Brandon Williams williamsbdev
williamsbdev
/ python-security-vulnerability-egrep.sh
Last active
June 10, 2016 02:27
— forked from nstarke/python-security-vulnerability-egrep.sh
Python Security Vulnerability Egrep
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this command will return places where the application shells out or dynamically executes code: | |
| egrep -r --include "*.py" -e "(exec|eval)\(|subprocess|popen" . | |
| # DJANGO: find places where HTML encoding is turned off via the "safe" attribute: | |
| grep -r --include "*.py" --include "*.html" -e "|safe" . | |
| # DJANGO: find places where unsafe SQL queries are executed: | |
| egrep -r --include "*.py" -e "\.(raw|execute)\(" . | |
| # Non zero values indicate that some sort of CSRF protection is probably enabled. |
williamsbdev
/ Ruby Security Vulnerability Egrep
Created
June 10, 2016 02:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this command will return places where the application shells out or dynamically executes code: | |
| egrep -r --include "*.rb" -e "(exec|eval|system)(\(| \"| \')|\`.*\`|%x(\(|\[|\{|\<)" . | |
| # RAILS: find places where unsafe SQL queries are executed: | |
| egrep -r --include "*.rb" -e "\.(find_by_sql|select_all|exec_query|execute)(\(| \"| \')" . | |
| # RAILS: find places where HTML encoding is turned off via the "safe" attribute: | |
| egrep -r --include "*.erb" -e ".html_safe|raw(\(| \"| \')" . | |
| # returns hardcoded credentials |
williamsbdev
/ injection-refactor.js
Created
July 21, 2015 01:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import Ember from 'ember'; | |
| var injection = function(key, name) { | |
| return Ember.computed(function(propertyName) { | |
| var objectName = name || propertyName; | |
| return this.container.lookup(key + ':' + objectName); | |
| }); | |
| }; | |
| export default injection; |
williamsbdev
/ osx-for-hackers.sh
Last active
August 29, 2015 14:08
— forked from brandonb927/osx-for-hackers.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Some things taken from here | |
| # https://github.com/mathiasbynens/dotfiles/blob/master/.osx | |
| # Set the colours you can use | |
| black='\033[0;30m' | |
| white='\033[0;37m' | |
| red='\033[0;31m' | |
| green='\033[0;32m' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Put the following in the .config/flake8 file in your root directory. | |
| [flake8] | |
| max-line-length=120 |
williamsbdev
/ shifts.handlebars
Created
December 29, 2013 20:20
ember-promises blog post handlebars example
williamsbdev
/ new_class.coffee
Created
January 26, 2013 01:33
Including jQuery in your coffeeScript class.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| NewClass = (($) -> | |
| NewClass = (params) -> | |
| @params = params | |
| NewClass::someFunction = -> | |
| console.log "do something" | |
| NewClass | |
| )(jQuery) |