Skip to content

Instantly share code, notes, and snippets.

Avatar

David Fraser davidfraser

View GitHub Profile
@davidfraser
davidfraser / MaliciousServer3.py
Last active Apr 5, 2020
Speed tests for CVE-2020-8492
View MaliciousServer3.py
from http.server import BaseHTTPRequestHandler, HTTPServer
def make_basic_auth(n_commas):
commas = "," * n_commas
return f"basic {commas}A"
comma_tests = [100, 250, 500, 750, 1000, 1250, 1500, 65509]
i = 0
class Handler(BaseHTTPRequestHandler):
@davidfraser
davidfraser / README.md
Created Feb 17, 2020
Speed tests for CVE-2020-8492
View README.md

= CVE-2020-8492 Speed Tests

CVE-2020-8492 describes a DOS opportunity for malicious servers responding to requests from the Python built-in urllib library.

A malicious server can send up to 65,509 additional commas in the WWW-Authenticate header, which triggers an O(2**n) evaluation of a regular expression.

This folder contains a sample malicious server (in Python 3), and sample vulnerable clients (in Python 2 and 3)

@davidfraser
davidfraser / win_encoding_check
Last active Jan 24, 2020
Testing Python 2/3 environment variable handling on Windows, including calling subprocesses
View win_encoding_check
This is some notes and sample code on interacting with Windows environment variable encodings etc. See README.md for more info.
@davidfraser
davidfraser / python_weakset_2.7_add_TypeError_fix.patch
Created Dec 12, 2019
Patches CPython's _weakrefset.py to prevent a spurious TypeError when adding an item to a WeakSet
View python_weakset_2.7_add_TypeError_fix.patch
This patches WeakSet.add to prevent it having a spurious error if a weak ref goes away between calling this function and adding it
This is done analogously to the patch in https://github.com/python/cpython/commit/f8de3fea1280d55377d40c6e04b64114f9da2fa6:
"#10360: catch TypeError in WeakSet.__contains__, just like WeakKeyDictionary does."
See https://bugs.python.org/issue10360 for infomration on that
@@ -83,7 +83,11 @@
def add(self, item):
if self._pending_removals:
self._commit_removals()
- self.data.add(ref(item, self._remove))
@davidfraser
davidfraser / Daily-Standup-JIRA
Last active Sep 19, 2018
Some TamperMonkey scripts and bash scripting to make our daily standup report from JIRA
View Daily-Standup-JIRA
Daily Standup Report for JIRA
=============================
This project contains two tampermonkey scripts (for installation in Chrome),
and a bash script that makes it easier for us to quickly make the report we use at our daily standup meeting
@davidfraser
davidfraser / Google Drive Sync Wine Scripting.md
Last active Apr 28, 2021
Google Drive Sync Wine Scripting
View Google Drive Sync Wine Scripting.md

Google Drive Sync Wine Scripting

This is a set of scripts that help running Google Drive Backup and Sync under Wine, with multiple Google accounts.

Each account is given its own Wine prefix (a separate wine configuration).

To install, run install-gdrive-sync google_account

List the accounts set up in ~/.config/gdrive-accounts

@davidfraser
davidfraser / make_yaml_decoder_module.py
Last active Aug 1, 2017
Script for making cut-down version of pyyaml that is a single-file yaml loader
View make_yaml_decoder_module.py
#!/usr/bin/env python
"""Command-line utility to combine the necessary modules to make a single-file yaml_decoder.py"""
import shutil
import os
from os.path import abspath, dirname, exists, join
include_modules = 'loader reader parser scanner composer constructor resolver nodes events tokens error'.split()
# this should be placed in the pyyaml source tree
@davidfraser
davidfraser / reduce_mbsync_journal.py
Last active May 29, 2017
A simple script to remove superfluous entries from a mbsync internal .journal file
View reduce_mbsync_journal.py
#!/usr/bin/env python
"""This is a script for internal use when doing large mail migrations with mbsync
See http://isync.sourceforge.net/mbsync.html for more information on the product
If IMAP disconnects occur on a large mailbox, the internal .journal file that tracks progress
can grow very large in size, though much of the information is not needed
This script can be used to reduce the file in size
NB: This should be used with caution, and never while mbsync is running
It does not replace the file, but can be used to produce a new journal file,
@davidfraser
davidfraser / hang_coloredlogs.py
Last active May 18, 2017
Demonstration of hang when coloredlogs in one thread and import in other thread does logging
View hang_coloredlogs.py
#!/usr/bin/env python
import logging
import time
import threading
import coloredlogs
# configured notices that will be displayed with styling by coloredlogs
NOTICE = 25
logging.addLevelName(25, 'notice')
@davidfraser
davidfraser / list-vbox-snapshots.sh
Last active May 15, 2018
List VirtualBox snapshots and disk usage in a tree
View list-vbox-snapshots.sh
#!/bin/bash
vmname="$1"
[ "$vmname" == "" ] && { echo syntax $0 vmname >&2 ; exit 1 ; }
vmdir="$HOME/virtualbox/machines/$vmname"
sndir="$vmdir/Snapshots/"
vboxtmp="`tempfile -p vbox-$vmname --suffix='-list.txt'`"
vboxsed="`tempfile -p vbox-$vmname --suffix='-list.sed'`"
vboxmanage snapshot "$vmname" list > "$vboxtmp"
for uuid in `grep "UUID:" "$vboxtmp" | sed 's%^.*(UUID: \([0-9a-f-]*\)).*$%\1%'`
do