Ed anotheredward

## pvz.html
<style>
body {
    background-color: #81C4A6;
}
.grid {
    margin:1em auto;
    border-collapse:collapse;
}
.grid td {
    cursor:pointer;

## waikato-dcat.json
{
      "@context": "https://www.data.govt.nz/catalog.jsonld",
      "@id": "https://gist.githubusercontent.com/ebuckley/data.json",
      "@type": "dcat:Catalog",
      "conformsTo": "https://www.data.govt.nz/toolkit/schema",
      "dataset":[
    {
        "title": "Rivers and streams: monitoring and reporting",
        "description": "Waikato Regional Council regularly monitors and reports on the quality of our region's river and stream resources, and the pressures that face these waterbodies and the plants and animals that rely on them for habitat.",
        "identifier": "https://www.waikatoregion.govt.nz/Environment/Environmental-information/Environmental-indicators/River-and-streams/",

## private.xml
<?xml version="1.0"?>
<root>
  <devicevendordef>
  <vendorname>RDING</vendorname>
  <vendorid>0x0c45</vendorid>
</devicevendordef>
 <deviceproductdef>
 <productname>FOOTSWITCH</productname>
 <productid>0x7403</productid>
  </deviceproductdef>

## fpw.html
<canvas id='canvas' width='1000' height='1000'>
<script>
const c = document.getElementById('canvas')
const ctx = c.getContext('2d')
const unit = 100
let player = {x: 1, y: 1}
let wall = {x: 1, y:0 }

//wall position is 1,0, wall is unit size
//wall width and height decrease linerarly with distance

## rl2.html
<pre id="maze"></pre>
<script>
  'use strict'
  const maze = [
  '#########',
  '#@..#####',
  '###.#####',
  '#...#####',
  '#.#######',
  '#.#...###',

## rl.html
<pre id="maze"></pre>
<script>
//Why a roguelike?
//A RL is a sweetspot between effort vs. new features
//You get something awesome every 5 LoC or even just by tweaking a single variable, and this makes it fun to program
//What's exciting about JS is that you can make something you can see in a browser, fast, and then share it with everyone
//JS being a simple to understand, practical, and easy to share language has helped it develop an awesome community
//Things to tweak
//Try adding a ghost trail to the player by not replacing their last position with a .
//Try making an AI that moves randomly, that moves towards the player, that runs away from the player (like tag)

## roguelike.html
<pre id="maze"></pre>
<script>
  'use strict'
  const maze = [
  '#####',
  '#@..#',
  '###.#',
  '#...#',
  '#.#####',
  '#.#...###',

## package.js
'use strict'
// Prints the license, name and homepage of every top-level npm package
const fs = require('fs')

const folders = fs.readdirSync('node_modules')
const paths = folders.map(folder => 'node_modules/' + folder)
const directoryPaths = paths.filter(path => fs.statSync(path).isDirectory())
const packagePaths = directoryPaths.map(path => `${path}/package.json`)
const existingPackagePaths = packagePaths.filter(path => fs.existsSync(path))
const packageFiles = existingPackagePaths.map(path => fs.readFileSync(path))

## swaggerScan.js
// Download swagger.json from /explorer/swagger.json
'use strict'
const api = require('./swagger.json')
const rp = require('request-promise')

const apiUrl = 'http://something.com/api'

let requests = []
for (let path of Object.keys(api.paths)) {
  for (let method of Object.keys(api.paths[path])) {

## inputvalidation.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                anotheredward
                / inputvalidation.md
            
            
              Last active
              April 11, 2019 19:35
            
              
                Input Validation Cheatsheet
              
          
    1 SQL Injection


Search the codebase for "select", see if the queries are joined together with user input by + or string interpolation eg: `Name: ${user.name}`
Fix: Parameterized queries or replace with ORM queries

2 Cross-site Scripting (XSS)


Search the codebase for "{{{", if you see anywhere where the user input is displayed inside {{{ tags, it's probably vulnerable to XSS
Fix: Either remove {{{ tags or add sanitization if that's not possible
XSS Can also occur when creating elements with Javascript
XSS: Try pasting in one of the below XSS polyglots, and then inspecting the response to see if any tags got through:
	<style>
	body {
	background-color: #81C4A6;
	}
	.grid {
	margin:1em auto;
	border-collapse:collapse;
	}
	.grid td {
	cursor:pointer;
	{
	"@context": "https://www.data.govt.nz/catalog.jsonld",
	"@id": "https://gist.githubusercontent.com/ebuckley/data.json",
	"@type": "dcat:Catalog",
	"conformsTo": "https://www.data.govt.nz/toolkit/schema",
	"dataset":[
	{
	"title": "Rivers and streams: monitoring and reporting",
	"description": "Waikato Regional Council regularly monitors and reports on the quality of our region's river and stream resources, and the pressures that face these waterbodies and the plants and animals that rely on them for habitat.",
	"identifier": "https://www.waikatoregion.govt.nz/Environment/Environmental-information/Environmental-indicators/River-and-streams/",
	<?xml version="1.0"?>
	<root>
	<devicevendordef>
	<vendorname>RDING</vendorname>
	<vendorid>0x0c45</vendorid>
	</devicevendordef>
	<deviceproductdef>
	<productname>FOOTSWITCH</productname>
	<productid>0x7403</productid>
	</deviceproductdef>
	<canvas id='canvas' width='1000' height='1000'>
	<script>
	const c = document.getElementById('canvas')
	const ctx = c.getContext('2d')
	const unit = 100
	let player = {x: 1, y: 1}
	let wall = {x: 1, y:0 }

	//wall position is 1,0, wall is unit size
	//wall width and height decrease linerarly with distance
	<pre id="maze"></pre>
	<script>
	'use strict'
	const maze = [
	'#########',
	'#@..#####',
	'###.#####',
	'#...#####',
	'#.#######',
	'#.#...###',
	<pre id="maze"></pre>
	<script>
	//Why a roguelike?
	//A RL is a sweetspot between effort vs. new features
	//You get something awesome every 5 LoC or even just by tweaking a single variable, and this makes it fun to program
	//What's exciting about JS is that you can make something you can see in a browser, fast, and then share it with everyone
	//JS being a simple to understand, practical, and easy to share language has helped it develop an awesome community
	//Things to tweak
	//Try adding a ghost trail to the player by not replacing their last position with a .
	//Try making an AI that moves randomly, that moves towards the player, that runs away from the player (like tag)
	'use strict'
	// Prints the license, name and homepage of every top-level npm package
	const fs = require('fs')

	const folders = fs.readdirSync('node_modules')
	const paths = folders.map(folder => 'node_modules/' + folder)
	const directoryPaths = paths.filter(path => fs.statSync(path).isDirectory())
	const packagePaths = directoryPaths.map(path => `${path}/package.json`)
	const existingPackagePaths = packagePaths.filter(path => fs.existsSync(path))
	const packageFiles = existingPackagePaths.map(path => fs.readFileSync(path))
	// Download swagger.json from /explorer/swagger.json
	'use strict'
	const api = require('./swagger.json')
	const rp = require('request-promise')

	const apiUrl = 'http://something.com/api'

	let requests = []
	for (let path of Object.keys(api.paths)) {
	for (let method of Object.keys(api.paths[path])) {