Skip to content

Instantly share code, notes, and snippets.


David Fraser davidfraser

View GitHub Profile
davidfraser /
Last active Apr 5, 2020
Speed tests for CVE-2020-8492
from http.server import BaseHTTPRequestHandler, HTTPServer
def make_basic_auth(n_commas):
commas = "," * n_commas
return f"basic {commas}A"
comma_tests = [100, 250, 500, 750, 1000, 1250, 1500, 65509]
i = 0
class Handler(BaseHTTPRequestHandler):
davidfraser /
Created Feb 17, 2020
Speed tests for CVE-2020-8492

= CVE-2020-8492 Speed Tests

CVE-2020-8492 describes a DOS opportunity for malicious servers responding to requests from the Python built-in urllib library.

A malicious server can send up to 65,509 additional commas in the WWW-Authenticate header, which triggers an O(2**n) evaluation of a regular expression.

This folder contains a sample malicious server (in Python 3), and sample vulnerable clients (in Python 2 and 3)

davidfraser / win_encoding_check
Last active Jan 24, 2020
Testing Python 2/3 environment variable handling on Windows, including calling subprocesses
View win_encoding_check
This is some notes and sample code on interacting with Windows environment variable encodings etc. See for more info.
davidfraser / python_weakset_2.7_add_TypeError_fix.patch
Created Dec 12, 2019
Patches CPython's to prevent a spurious TypeError when adding an item to a WeakSet
View python_weakset_2.7_add_TypeError_fix.patch
This patches WeakSet.add to prevent it having a spurious error if a weak ref goes away between calling this function and adding it
This is done analogously to the patch in
"#10360: catch TypeError in WeakSet.__contains__, just like WeakKeyDictionary does."
See for infomration on that
@@ -83,7 +83,11 @@
def add(self, item):
if self._pending_removals:
-, self._remove))
davidfraser / Daily-Standup-JIRA
Last active Sep 19, 2018
Some TamperMonkey scripts and bash scripting to make our daily standup report from JIRA
View Daily-Standup-JIRA
Daily Standup Report for JIRA
This project contains two tampermonkey scripts (for installation in Chrome),
and a bash script that makes it easier for us to quickly make the report we use at our daily standup meeting
davidfraser / Google Drive Sync Wine
Last active Apr 28, 2021
Google Drive Sync Wine Scripting
View Google Drive Sync Wine

Google Drive Sync Wine Scripting

This is a set of scripts that help running Google Drive Backup and Sync under Wine, with multiple Google accounts.

Each account is given its own Wine prefix (a separate wine configuration).

To install, run install-gdrive-sync google_account

List the accounts set up in ~/.config/gdrive-accounts

davidfraser /
Last active Aug 1, 2017
Script for making cut-down version of pyyaml that is a single-file yaml loader
#!/usr/bin/env python
"""Command-line utility to combine the necessary modules to make a single-file"""
import shutil
import os
from os.path import abspath, dirname, exists, join
include_modules = 'loader reader parser scanner composer constructor resolver nodes events tokens error'.split()
# this should be placed in the pyyaml source tree
davidfraser /
Last active May 29, 2017
A simple script to remove superfluous entries from a mbsync internal .journal file
#!/usr/bin/env python
"""This is a script for internal use when doing large mail migrations with mbsync
See for more information on the product
If IMAP disconnects occur on a large mailbox, the internal .journal file that tracks progress
can grow very large in size, though much of the information is not needed
This script can be used to reduce the file in size
NB: This should be used with caution, and never while mbsync is running
It does not replace the file, but can be used to produce a new journal file,
davidfraser /
Last active May 18, 2017
Demonstration of hang when coloredlogs in one thread and import in other thread does logging
#!/usr/bin/env python
import logging
import time
import threading
import coloredlogs
# configured notices that will be displayed with styling by coloredlogs
logging.addLevelName(25, 'notice')
davidfraser /
Last active May 15, 2018
List VirtualBox snapshots and disk usage in a tree
[ "$vmname" == "" ] && { echo syntax $0 vmname >&2 ; exit 1 ; }
vboxtmp="`tempfile -p vbox-$vmname --suffix='-list.txt'`"
vboxsed="`tempfile -p vbox-$vmname --suffix='-list.sed'`"
vboxmanage snapshot "$vmname" list > "$vboxtmp"
for uuid in `grep "UUID:" "$vboxtmp" | sed 's%^.*(UUID: \([0-9a-f-]*\)).*$%\1%'`