Aboobacker MK redtachyons

mikaelhg
Last active August 4, 2023 06:01
Workaround for the trustAnchors parameter must be non-empty
# Ubuntu 18.04 and various Docker images such as openjdk:9-jdk throw exceptions when
# Java applications use SSL and HTTPS, because Java 9 changed a file format, if you
# create that file from scratch, like Debian / Ubuntu do.
# Before applying, run your application with the Java command line parameter
# java ...
# to verify that this workaround is relevant to your particular issue.
# The parameter by itself can be used as a workaround, as well.
EdOverflow
Last active December 6, 2024 06:26
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python --org organization -o /tmp/output
camertron / asset_preloader.rb
Created June 10, 2017 04:46
Preload assets to make rails dev faster
require 'parallel'
require 'thread'
# The asset preloader is designed to precompute and cache all precompilable
# assets in parallel to avoid doing it in serial on the first request. As of
# Sprockets 3, all assets on the precompile list (i.e. config.assets.precompile)
# are compiled on the first request whether the current page has asked for them
# or not. Obviously such behavior can mean a very slow initial request (we were
# seeing load times on the order of 10-11 minutes). By preloading, or warming the
# sprockets cache, initial page load times can be reduced to ~15 seconds (with
cobusc / postgres_queries_and_commands.sql
Created April 13, 2016 08:23 — forked from rgreenjr/postgres_queries_and_commands.sql
Useful PostgreSQL Queries and Commands
-- show running queries (pre 9.2)
SELECT procpid, age(query_start, clock_timestamp()), usename, current_query
FROM pg_stat_activity
WHERE current_query != '<IDLE>' AND current_query NOT ILIKE '%pg_stat_activity%'
ORDER BY query_start desc;
-- show running queries (9.2)
SELECT pid, age(query_start, clock_timestamp()), usename, query
FROM pg_stat_activity
WHERE query != '<IDLE>' AND query NOT ILIKE '%pg_stat_activity%'
rmm5t
Last active August 19, 2024 15:05
How to properly introduce a new counter_cache to an existing Rails project.

Fast/efficient approach:

-- execute("UPDATE posts SET comments_count = (SELECT count(1) FROM comments WHERE comments.post_id =")
   -> 1.3197s

Slow/naïve approach:

class Pageviews < ActiveRecord::Base
#google analytics api shenanigans
require 'google/api_client'
require 'date'
include ReportingHelper
def self.getviews post
client, analytics, parameters = ReportingHelper.initclient
parameters = {
just3ws
Created November 5, 2014 15:02
VCR configuration that does a pretty good job of filtering out GitHub, Twitter, and LinkedIn keys.
VCR.configure do |c|
c.cassette_library_dir = 'spec/fixtures/vcr_cassettes'
c.hook_into :webmock
c.ignore_localhost = true
c.default_cassette_options = { record: :new_episodes }
c.allow_http_connections_when_no_cassette = false
c.ignore_hosts ''
require 'rails_helper'
RSpec.describe TodosController, :type => :controller do
describe "GET #index" do
#describe "POST #create" do
#describe "GET #show" do
#describe "PATCH #update" do (or PUT #update)
#describe "DELETE #destroy" do
#describe "GET #new" do
SabretWoW / rspec_model_testing_template.rb
Last active September 23, 2024 03:01
Rails Rspec model testing skeleton & cheat sheet using rspec-rails, shoulda-matchers, shoulda-callbacks, and factory_girl_rails. Pretty much a brain dump of examples of what you can (should?) test in a model. Pick & choose what you like, and please let me know if there are any errors or new/changed features out there. Reddit comment thread: http…
# This is a skeleton for testing models including examples of validations, callbacks,
# scopes, instance & class methods, associations, and more.
# Pick and choose what you want, as all models don't NEED to be tested at this depth.
# I'm always eager to hear new tips & suggestions as I'm still new to testing,
# so if you have any, please share!
# @kyletcarlson
# This skeleton also assumes you're using the following gems:
arnab / controller.rb
Last active April 6, 2021 15:02
Allow & test CORS requests in Rails
before_filter: allow_cors_requests
def allow_cors
headers["Access-Control-Allow-Origin"] = "*"
headers["Access-Control-Allow-Methods"] = %w{GET POST PUT DELETE}.join(",")
headers["Access-Control-Allow-Headers"] = %w{Origin Accept Content-Type X-Requested-With X-CSRF-Token}.join(",")
head(:ok) if request.request_method == "OPTIONS"
# or, render text: ''
# if that's more your style