Skip to content

Instantly share code, notes, and snippets.

View aliaspooryorik's full-sized avatar

John Whish aliaspooryorik

27 followers · 3 following
View GitHub Profile
@aliaspooryorik
aliaspooryorik / reg_exp_speed_test.cfm
Last active July 20, 2018 13:55
reg exp speed test
<cfscript>
function test(pattern) {
return ReReplace(s, pattern, "-----", 'all');
}
s = "Fred Bloggs says 'My name is Fred
bloGGs my brother is Alfred Bloggs and I blog about people called fred or freddie'. x:Fred bloggss y: Fred bloggsss Yours FRED BLOGGS";
variations = [
"(?im)(?:(\b|^)Fred\s+Bloggss?(\b|$))",
"(?im)(\b|^)Fred\s+Bloggss?(\b|$)",
"(?im)\bFred\s+Bloggss?\b",
@aliaspooryorik
aliaspooryorik / range.cfml
Created July 18, 2018 16:14
CFML range - no loops
// not intended for real-life usage :)
function range (start, end) {
return repeatString("_,", end-start+1).listToArray().map(function(el, i) {
return start+i-1;
});
}
@aliaspooryorik
aliaspooryorik / validateemails.cfm
Last active April 16, 2018 15:07
validate email example
<cfscript>
input = [
'foo@bar.com',
'bar@locahost',
'bar"locahost'
];
foo = validateEmails(input);
writeDump(foo.hasErrors());
writeDump(foo.getErrors());
@aliaspooryorik
aliaspooryorik / queryreduce.cfm
Last active April 13, 2018 13:10
query group count
<cfscript>
foo = queryNew(
"id,name,group",
"Integer,Varchar,varchar",
[
[1,"One", "A"],
[2,"Two", "A"],
[3,"Three", "B"],
[4,"Four", "C"],
@aliaspooryorik
aliaspooryorik / humaniseSeconds.cfm
Last active April 12, 2018 14:02
humaniseSeconds
<cfscript>
// Kudos to Jamie Purchase
function humaniseSeconds(seconds) {
var result = [];
var parts = createObject("java", "java.util.LinkedHashMap").init();
parts["week"] = (3600 * 24) * 7;
parts["day"] = (3600 * 24);
parts["hour"] = 60 * 60;
parts["minute"] = 60;
@aliaspooryorik
aliaspooryorik / EvilSAMLTest2.xml
Created March 21, 2018 14:11
EvilSAMLTest2.xml
<SAMLResponse>
<Issuer>https://idp.com/</Issuer>
<Assertion ID="_id1234">
<Subject>
<NameID>user@user.com<!--hack-->.evil.com</NameID>
</Subject>
</Assertion>
<Signature>
<SignedInfo>
<CanonicalizationMethod Algorithm="xml-c14n11"/>
@aliaspooryorik
aliaspooryorik / EvilSAMLCheck.cfm
Last active March 21, 2018 14:35
EvilSAMLCheck
<!---
SEE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
Testing if SAML comment injection can be used to chnage XmlText without changing the signature
--->
<cfhttp url="https://gist.githubusercontent.com/aliaspooryorik/5c72724d5c3614f5e31d10d47dd3e52f/raw/be3631a275fcdfcc1dc882bdeeeb947118e19268/EvilSAMLtest.xml" result="saml"></cfhttp>
<cfset xml = XmlParse(saml.filecontent)>
<cfdump var="#XmlSearch(xml, "SAMLResponse/Assertion/Subject/NameID")#">
@aliaspooryorik
aliaspooryorik / EvilSAMLtest.xml
Created March 21, 2018 11:48
Evil SAML test
<SAMLResponse>
<Issuer>https://idp.com/</Issuer>
<Assertion ID="_id1234">
<Subject>
<NameID>user@user.com<!---->.evil.com</NameID>
</Subject>
</Assertion>
<Signature>
<SignedInfo>
<CanonicalizationMethod Algorithm="xml-c14n11"/>
@aliaspooryorik
aliaspooryorik / gist:01db81e0628ed9aa8137aad5c08c8923
Created February 2, 2018 09:45
block scope
public class MyClass {
public static void main(String args[]) {
int x=10;
for (int i=0; i != 100; i++) {
int a = x+i;
}
System.out.println("X is = " + x);
System.out.println("A is = " + a);
@aliaspooryorik
aliaspooryorik / callStackGet.cfm
Created January 11, 2018 15:03
callStackGet - stolen from Ryan Guill
private function expect (required any testValue, required any targetValue, string message = "") {
arguments.message &= "<br /> expected [" & encodeForHtml(toString(arguments.targetValue)) & "] <br /> but received [" & encodeForHtml(toString(testValue)) & "] <br />";
if (arguments.testValue != arguments.targetValue) {
var cs = callStackGet();
var lineRef = "";
for (var line in cs) {
if (structKeyExists(line, "Function") && line["Function"] == getFunctionCalledName()) {
continue;
}