Jonathan Claudius claudijd

## example.py
# In boto
import boto

    conn = boto.connect_s3(aws_access_key_id=aws_access_key_id,aws_secret_access_key=aws_secret_access_key)
    bucket = conn.get_bucket(bucket_name, validate=False)
    key = boto.s3.key.Key(bucket)
    key.key = key_name
    key.set_contents_from_filename(file_path)
    url = "https://{}.s3.amazonaws.com/{}".format(bucket.name, key.name)

## steal_1password_creds.rb
# Path setting slight of hand:
$: << File.expand_path("../../lib", __FILE__)
require 'packetfu'
require 'json'

capture_thread = Thread.new do
  cap = PacketFu::Capture.new(:iface => 'lo0', :start => true)
  cap.stream.each do |p|
    pkt = PacketFu::Packet.parse p
    if pkt.payload.include?("executeFillScript")

## poc.py
import re

# Current
>>> re.search(r"((ssh|https)://)?(git@)?github.com[:/](?P<repo_name>[A-Za-z0-9\/\-_]+)(.git)?", "bananas://github.com:/")
'/'

# Proposed
>>> re.search(r"^((https|ssh)://)?(git@)?github.com/(?P<repo_name>[A-Za-z0-9\/\-_]+)(.git)?$", "https://github.com/org/foo").group("repo_name")
'org/foo'
>>> re.search(r"^((https|ssh)://)?(git@)?github.com/(?P<repo_name>[A-Za-z0-9\/\-_]+)(.git)?$", "https://github.com/org/foo.git").group("repo_name")

## connections_example.py
import datetime
import time

# Simple connections management dict in Python example

connections = {}


class Connection:
    def __init__(self):

## index.js
'use strict';

exports.handler = (event, context, callback) => {
    const response = event.Records[0].cf.response;
    const headers = response.headers;

    // See https://wiki.mozilla.org/Security/Guidelines/Web_Security
    headers['Strict-Transport-Security'] = [{'key': 'Strict-Transport-Security', 'value': 'max-age=63072000'}];
    headers['X-Content-Type-Options'] = [{'key': 'X-Content-Type-Options', 'value': 'nosniff'}];
    headers['X-Frame-Options'] = [{'key': 'X-Frame-Options', 'value': 'DENY'}];

## report.json
{
  "overall": "orange",
  scanner_reports: {
    "ssh_observatory": "green",
    "http_observatory": "orange",
    "dir_scan": "green",
    "ssh_observatory": "green",
    "ssh_observatory": "green"
  }
}

## shark.py

thing = "foo"


class Baz():
    def override_thing(self):
        global thing
        thing = 1

    def update_thing(self):

## poc.sh
#!/usr/bin/env bash

# Pass in your BEARER_TOKEN to this script to make it dance
mkdir -p ./testing

while true; do
  echo "$(date): Polling /api/v2/users/ad%7CMozilla-LDAP%7Cjclaudius and dumping app_metadata and groups to file"
  curl -H "Authorization: Bearer $BEARER_TOKEN" "https://auth.mozilla.auth0.com/api/v2/users/ad%7CMozilla-LDAP%7Cjclaudius" 2> /dev/null | jq -r '"\(.app_metadata)|\(.groups)"' > ./testing/$(date +%s)
  sleep 5
done

## gist:f88803af5c44e817678b3eb95f056b93
require 'levenshtein-ffi'

class String
  def edit_distance(other)
    raise unless other.is_a?(::String)
    diff = Levenshtein.distance(self, other)
  end
end

# Arbitrary gem list to test to determine if they are bad or not

## pickle_random_testing.py
import pickle
import os.path
import random


# Old pickle queue logic (summarized)

pickle_cache_file = "pickle.queue"

reset_list_count = 0
	# In boto
	import boto

	conn = boto.connect_s3(aws_access_key_id=aws_access_key_id,aws_secret_access_key=aws_secret_access_key)
	bucket = conn.get_bucket(bucket_name, validate=False)
	key = boto.s3.key.Key(bucket)
	key.key = key_name
	key.set_contents_from_filename(file_path)
	url = "https://{}.s3.amazonaws.com/{}".format(bucket.name, key.name)
	# Path setting slight of hand:
	$: << File.expand_path("../../lib", __FILE__)
	require 'packetfu'
	require 'json'

	capture_thread = Thread.new do
	cap = PacketFu::Capture.new(:iface => 'lo0', :start => true)
	cap.stream.each do \|p\|
	pkt = PacketFu::Packet.parse p
	if pkt.payload.include?("executeFillScript")
	import re

	# Current
	>>> re.search(r"((ssh\|https)://)?(git@)?github.com[:/](?P<repo_name>[A-Za-z0-9\/\-_]+)(.git)?", "bananas://github.com:/")
	'/'

	# Proposed
	>>> re.search(r"^((https\|ssh)://)?(git@)?github.com/(?P<repo_name>[A-Za-z0-9\/\-_]+)(.git)?$", "https://github.com/org/foo").group("repo_name")
	'org/foo'
	>>> re.search(r"^((https\|ssh)://)?(git@)?github.com/(?P<repo_name>[A-Za-z0-9\/\-_]+)(.git)?$", "https://github.com/org/foo.git").group("repo_name")
	import datetime
	import time

	# Simple connections management dict in Python example

	connections = {}


	class Connection:
	def __init__(self):
	'use strict';

	exports.handler = (event, context, callback) => {
	const response = event.Records[0].cf.response;
	const headers = response.headers;

	// See https://wiki.mozilla.org/Security/Guidelines/Web_Security
	headers['Strict-Transport-Security'] = [{'key': 'Strict-Transport-Security', 'value': 'max-age=63072000'}];
	headers['X-Content-Type-Options'] = [{'key': 'X-Content-Type-Options', 'value': 'nosniff'}];
	headers['X-Frame-Options'] = [{'key': 'X-Frame-Options', 'value': 'DENY'}];
	{
	"overall": "orange",
	scanner_reports: {
	"ssh_observatory": "green",
	"http_observatory": "orange",
	"dir_scan": "green",
	"ssh_observatory": "green",
	"ssh_observatory": "green"
	}
	}

	thing = "foo"


	class Baz():
	def override_thing(self):
	global thing
	thing = 1

	def update_thing(self):
	#!/usr/bin/env bash

	# Pass in your BEARER_TOKEN to this script to make it dance
	mkdir -p ./testing

	while true; do
	echo "$(date): Polling /api/v2/users/ad%7CMozilla-LDAP%7Cjclaudius and dumping app_metadata and groups to file"
	curl -H "Authorization: Bearer $BEARER_TOKEN" "https://auth.mozilla.auth0.com/api/v2/users/ad%7CMozilla-LDAP%7Cjclaudius" 2> /dev/null \| jq -r '"\(.app_metadata)\|\(.groups)"' > ./testing/$(date +%s)
	sleep 5
	done
	require 'levenshtein-ffi'

	class String
	def edit_distance(other)
	raise unless other.is_a?(::String)
	diff = Levenshtein.distance(self, other)
	end
	end

	# Arbitrary gem list to test to determine if they are bad or not
	import pickle
	import os.path
	import random


	# Old pickle queue logic (summarized)

	pickle_cache_file = "pickle.queue"

	reset_list_count = 0