Skip to content

Instantly share code, notes, and snippets.

Alain O'Dea AlainODea

Block or report user

Report or block AlainODea

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@AlainODea
AlainODea / lambda_function.py
Created Oct 30, 2019
Providing encrypted environment variables to a Lambda decrypted on boot
View lambda_function.py
from lib.secret_config import load_secret_config_from_env
def lambda_handler(event, context):
"""
The Handler function, which receives the lambda event and orchestrates the
response. It is called and passed args by Lambda.
Args:
event: The lambda event, which includes arguments from API Gateway.
context: Info about the execution context of the lambda.
"""
@AlainODea
AlainODea / DocumentBuilderFactory_XXE_mitigation.md
Last active Jul 1, 2019
DocumentBuilderFactory that mitigates XXE using OWASP guidance
View DocumentBuilderFactory_XXE_mitigation.md

Recommended mitigation:

Replace this dangerous code:

DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.isIgnoringElementContentWhitespace();
DocumentBuilder builder = factory.newDocumentBuilder();
@AlainODea
AlainODea / w.tf
Created Dec 18, 2018
A Terraform module that cannot be constructed (Error: module "WTF": missing required argument "version")
View w.tf
variable "version" {}
@AlainODea
AlainODea / main.tf
Last active Sep 26, 2018
Terraform: Codacy Enterprise infrastructure bootstrap
View main.tf
output "primary_vpc_id" {
value = "${data.aws_vpc.primary.id}"
}
output "private_a_subnet_id" {
value = "${data.aws_subnet.private_a.id}"
}
output "web_proxy_sg_id" {
value = "${data.aws_security_group.web_proxy.id}"
@AlainODea
AlainODea / main.tf
Last active Nov 12, 2019
Terraform: Latest Amazon Linux 2 encrypted AMI (Terraform v0.11.3, aws provider v1.60.0)
View main.tf
resource "aws_ami_copy" "amazon-linux-2-encrypted" {
name = "${data.aws_ami.amazon-linux-2.name}-encrypted"
description = "${data.aws_ami.amazon-linux-2.description} (encrypted)"
source_ami_id = "${data.aws_ami.amazon-linux-2.id}"
source_ami_region = "${var.region}"
encrypted = true
tags {
ImageType = "encrypted-amzn2-linux"
}
@AlainODea
AlainODea / main.tf
Last active Jan 28, 2020
Terraform: Latest Ubuntu 18.04 LTS encrypted AMI
View main.tf
resource "aws_ami_copy" "ubuntu-18_04-encrypted" {
name = "${data.aws_ami.ubuntu-18_04.name}-encrypted"
description = "${data.aws_ami.ubuntu-18_04.description} (encrypted)"
source_ami_id = "${data.aws_ami.ubuntu-18_04.id}"
source_ami_region = "${var.region}"
encrypted = true
tags {
ImageType = "encrypted-ubuntu-18_04"
}
@AlainODea
AlainODea / main.tf
Last active Sep 22, 2018
Terraform: Latest Ubuntu 16.04 LTS encrypted AMI
View main.tf
resource "aws_ami_copy" "ubuntu-16_04-encrypted" {
name = "${data.aws_ami.ubuntu-16_04.name}-encrypted"
description = "${data.aws_ami.ubuntu-16_04.description} (encrypted)"
source_ami_id = "${data.aws_ami.ubuntu-16_04.id}"
source_ami_region = "${var.region}"
encrypted = true
tags {
ImageType = "encrypted-ubuntu-16_04"
}
@AlainODea
AlainODea / what-is-my-ip.html
Created Aug 4, 2018
CORS from file:// origin
View what-is-my-ip.html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>What is my IP?</title>
<script type="text/javascript">
function reqListener () {
var response = JSON.parse(this.responseText);
document.getElementById("ip").innerText =
'Your public IP is ' + response.origin;
@AlainODea
AlainODea / urlencoded-base64-decoded.html
Created Aug 1, 2018
Local web page that can decode URL-encoded Base64-encoded content (like SAMLResponse)
View urlencoded-base64-decoded.html
<!DOCTYPE html>
<html>
<head>
<title>URL Encoded Base 64 Decoder</title>
<script type="text/javascript">
function decode() {
var urlDecoded = decodeURIComponent(document.getElementById('urlencoded-base64-input').value);
var base64Decoded = atob(urlDecoded);
var encodedStr = base64Decoded.replace(/[\u00A0-\u9999<>\&]/gim, function(i) {
return '&#' + i.charCodeAt(0) + ';';
@AlainODea
AlainODea / config
Created Jul 26, 2018
Multi-level SSH proxying and selective host key trust
View config
ServerAliveInterval 60
# bastions are permanent or semi-permanent
# connections should be minimized
# host key changes should not be accepted (pre-populate known_hosts with them)
Host *-bastion
ControlMaster auto
ControlPath /Users/your.username/.ssh/tmp/%h_%p_%r
StrictHostKeyChecking yes
You can’t perform that action at this time.