Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
30 million TL fear! The hacker gang was smashed, the money was left behind ...
#CyberAttacks
#CyberAttacks
β β β Uππ»βΊπ«Δπ¬πβ β β β
SafeSQL is a static analysis tool for Go that protects against SQL injections :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½
1) $ go get github.com/stripe/safesql
2) $ safesql
Usage: safesql [-q] [-v] package1 [package2 ...]
-q=false: Only print on failure
-v=false: Verbose mode
3) $ safesql example.com/an/unsafe/package
Found 1 potentially unsafe SQL statements:
- /Users/alice/go/src/example.com/an/unsafe/package/db.go:14:19
4) Please ensure that all SQL queries you use are compile-time constants.
5) You should always use parameterized queries or prepared statements
instead of building queries from strings.
6) $ safesql example.com/a/safe/package
You're safe from SQL injection! Yay \o/
7) If SafeSQL passes, your application is free from SQL injections (modulo bugs in the tool), however there are a great many safe programs which SafeSQL will declare potentially unsafe. These false positives fall roughly into two buckets:
First, SafeSQL does not currently recursively trace functions through the call graph. If you have a function that looks like this:
func MyQuery(query string, args ...interface{}) (*sql.Rows, error) {
return globalDBObject.Query(query, args...)
}
and only call MyQuery with compile-time constants, your program is safe; however SafeSQL will report that (*database/sql.DB).
8) Query is called with a non-constant parameter (namely the parameter to MyQuery). This is by no means a fundamental limitation: SafeSQL could recursively trace the query argument through every intervening helper function to ensure that its argument is always constant, but this code has yet to be written.
9) The second sort of false positive is based on a limitation in the sort of analysis SafeSQL performs: there are many safe SQL statements which are not feasible (or not possible) to represent as compile-time constants. More advanced static analysis techniques (such as taint analysis).
In order to ignore false positives, add the following comment to the line before or the same line as the statement:
//nolint:safesql
β β β Uππ»βΊπ«Δπ¬πβ β β β
SafeSQL is a static analysis tool for Go that protects against SQL injections :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½
1) $ go get github.com/stripe/safesql
2) $ safesql
Usage: safesql [-q] [-v] package1 [package2 ...]
-q=false: Only print on failure
-v=false: Verbose mode
3) $ safesql example.com/an/unsafe/package
Found 1 potentially unsafe SQL statements:
- /Users/alice/go/src/example.com/an/unsafe/package/db.go:14:19
4) Please ensure that all SQL queries you use are compile-time constants.
5) You should always use parameterized queries or prepared statements
instead of building queries from strings.
6) $ safesql example.com/a/safe/package
You're safe from SQL injection! Yay \o/
7) If SafeSQL passes, your application is free from SQL injections (modulo bugs in the tool), however there are a great many safe programs which SafeSQL will declare potentially unsafe. These false positives fall roughly into two buckets:
First, SafeSQL does not currently recursively trace functions through the call graph. If you have a function that looks like this:
func MyQuery(query string, args ...interface{}) (*sql.Rows, error) {
return globalDBObject.Query(query, args...)
}
and only call MyQuery with compile-time constants, your program is safe; however SafeSQL will report that (*database/sql.DB).
8) Query is called with a non-constant parameter (namely the parameter to MyQuery). This is by no means a fundamental limitation: SafeSQL could recursively trace the query argument through every intervening helper function to ensure that its argument is always constant, but this code has yet to be written.
9) The second sort of false positive is based on a limitation in the sort of analysis SafeSQL performs: there are many safe SQL statements which are not feasible (or not possible) to represent as compile-time constants. More advanced static analysis techniques (such as taint analysis).
In order to ignore false positives, add the following comment to the line before or the same line as the statement:
//nolint:safesql
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - stripe-archive/safesql: Static analysis tool for Golang that protects against SQL injections
Static analysis tool for Golang that protects against SQL injections - GitHub - stripe-archive/safesql: Static analysis tool for Golang that protects against SQL injections
we start today a secure website & simple table for Cve news, cve codes,shells, and details :
https://DailyCve.com
Twitter.com/dailycve
t.me/dailycve
https://DailyCve.com
(please note: our team always triyng to fix bugs and share with you the best experiences 12/24)
for updates:Twitter.com/dailycve
t.me/dailycve
DailyCVE
Vulnerability Database & Alerts - DailyCVE
"DailyCVE.com β The advanced vulnerability database with modern testing, patching tutorials, and up-to-date security insights. Stay ahead of threats!"
Forwarded from DailyCVE
Forwarded from DailyCVE
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
It would be necessary for Russians to prevent the authorities from dealing on their data.
#International
#International
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Important utilities for any ruby coder:
cane(https://github.com/square/cane) > Code quality threshold checking as part of your build.
> Fasterer(https://github.com/DamirSvrtan/fasterer) > Common Ruby idioms checker.
> flay(https://ruby.sadi.st/Flay.html) > Flay analyzes code for structural similarities.
> flog(https://ruby.sadi.st/Flog.html) > Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in.
> laser(https://github.com/michaeledgar/laser) :warning: > Static analysis and style linter for Ruby code.
> pelusa(https://github.com/codegram/pelusa) > Static analysis Lint>type tool to improve your OO Ruby code.
> Querly(https://github.com/soutaro/querly) > Pattern Based Checking Tool for Ruby.
|> Railroader(https://railroader.org) > An open source static analysis security vulnerability scanner for Ruby on Rails applications.
> rails_best_practices(https://rails>bestpractices.com) > A code metric tool for Rails projects
> reek(https://github.com/troessner/reek) > Code smell detector for Ruby.
> RuboCop(https://docs.rubocop.org/rubocop) > A Ruby static code analyzer, based on the community Ruby style guide.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Important utilities for any ruby coder:
cane(https://github.com/square/cane) > Code quality threshold checking as part of your build.
> Fasterer(https://github.com/DamirSvrtan/fasterer) > Common Ruby idioms checker.
> flay(https://ruby.sadi.st/Flay.html) > Flay analyzes code for structural similarities.
> flog(https://ruby.sadi.st/Flog.html) > Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in.
> laser(https://github.com/michaeledgar/laser) :warning: > Static analysis and style linter for Ruby code.
> pelusa(https://github.com/codegram/pelusa) > Static analysis Lint>type tool to improve your OO Ruby code.
> Querly(https://github.com/soutaro/querly) > Pattern Based Checking Tool for Ruby.
|> Railroader(https://railroader.org) > An open source static analysis security vulnerability scanner for Ruby on Rails applications.
> rails_best_practices(https://rails>bestpractices.com) > A code metric tool for Rails projects
> reek(https://github.com/troessner/reek) > Code smell detector for Ruby.
> RuboCop(https://docs.rubocop.org/rubocop) > A Ruby static code analyzer, based on the community Ruby style guide.
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - square/cane: Code quality threshold checking as part of your build
Code quality threshold checking as part of your build - square/cane
Forwarded from DailyCVE
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Bitcoin is nearing the $30,000 level, and in one year it has skyrocketed 3 times. What's about 2021 ?
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Malicious traffic detection system :
Server's primary role is to store the event details and provide back-end support for the reporting web application. In default configuration, server and sensor will run on the same machine. So, to prevent potential disruptions in sensor activities, the front-end reporting part is based on the "Fat client" architecture (i.e. all data post-processing is being done inside the client's web browser instance). Events (i.e. log entries) for the chosen (24h) period are transferred to the Client, where the reporting web application is solely responsible for the presentation part. Data is sent toward the client in compressed chunks, where they are processed sequentially. The final report is created in a highly condensed form, practically allowing presentation of virtually unlimited number of events.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
For Debian/Ubuntu
1) sudo apt-get install git python-pcapy
2) git clone --depth 1 https://github.com/stamparm/maltrail.git
3) cd maltrail
4) sudo python sensor.py
5) To start the (optional) Server on same machine, open a new terminal and execute the following:
[[ -d maltrail ]] || git clone --depth 1 https://github.com/stamparm/maltrail.git
cd maltrail
python server.py
Server
6) To test that everything is up and running execute the following:
ping -c 1 136.161.101.53
cat /var/log/maltrail/$(date +"%Y-%m-%d").log
Test
7) Also, to test the capturing of DNS traffic you can try the following:
nslookup morphed.ru
8) cat /var/log/maltrail/$(date +"%Y-%m-%d").log
Test2
9) To stop Sensor and Server instances (if running in background) execute the following:
sudo pkill -f sensor.py
pkill -f server.py
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Malicious traffic detection system :
Server's primary role is to store the event details and provide back-end support for the reporting web application. In default configuration, server and sensor will run on the same machine. So, to prevent potential disruptions in sensor activities, the front-end reporting part is based on the "Fat client" architecture (i.e. all data post-processing is being done inside the client's web browser instance). Events (i.e. log entries) for the chosen (24h) period are transferred to the Client, where the reporting web application is solely responsible for the presentation part. Data is sent toward the client in compressed chunks, where they are processed sequentially. The final report is created in a highly condensed form, practically allowing presentation of virtually unlimited number of events.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
For Debian/Ubuntu
1) sudo apt-get install git python-pcapy
2) git clone --depth 1 https://github.com/stamparm/maltrail.git
3) cd maltrail
4) sudo python sensor.py
5) To start the (optional) Server on same machine, open a new terminal and execute the following:
[[ -d maltrail ]] || git clone --depth 1 https://github.com/stamparm/maltrail.git
cd maltrail
python server.py
Server
6) To test that everything is up and running execute the following:
ping -c 1 136.161.101.53
cat /var/log/maltrail/$(date +"%Y-%m-%d").log
Test
7) Also, to test the capturing of DNS traffic you can try the following:
nslookup morphed.ru
8) cat /var/log/maltrail/$(date +"%Y-%m-%d").log
Test2
9) To stop Sensor and Server instances (if running in background) execute the following:
sudo pkill -f sensor.py
pkill -f server.py
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - stamparm/maltrail: Malicious traffic detection system
Malicious traffic detection system. Contribute to stamparm/maltrail development by creating an account on GitHub.
if you interested this channel only for links & Updates:
T.me/UndercodeUpdates
@UndercodeChat (for Chats & Discussion)
T.me/UndercodeUpdates
@UndercodeChat (for Chats & Discussion)
Forwarded from DailyCVE
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
The software and innovations that will run our lives until 2030 are intelligent, helpful and disturbing.
#Updates
#Updates
