Skip to content

Instantly share code, notes, and snippets.

View g-k's full-sized avatar

Greg Guthe g-k

38 followers · 86 following
View GitHub Profile
@g-k
g-k / zap-baseline.py.patch
Created March 7, 2017 21:01
@@ -372,13 +372,15 @@ def main(argv):
try:
# Wait for ZAP to start
- zap = ZAPv2(proxies={'http': 'http://' + zap_ip + ':' + str(port), 'https': 'http://' + zap_ip + ':' + str(port)})
+ zap = ZAPv2(proxies={'http': 'http://' + 'localhost' + ':' + str(port), 'https': 'http://' + 'localhost' + ':' + str(port)})
+ logging.info('proxies %s' % {'http': 'http://' + zap_ip + ':' + str(port), 'https': 'http://' + zap_ip + ':' + str(port)})
for x in range(0, timeout):
try:
logging.debug ('ZAP Version ' + zap.core.version)
@g-k
g-k / taint-tracking.md
Last active October 7, 2016 03:03

Taint checking / analysis for Javascript might be coming to Flow: https://www.youtube.com/watch?v=VEaDsKyDxkY&t=24m45s

It'd be great to extend that to the browser and backend for QA and security.

The wikipedia page links to http://docstore.mik.ua/orelly/web/jscript/ch20_04.html which says Netscape Navigator 3 and 4 used taint-tracking to prevent exfiltrating private data too.

Actually per https://queue.acm.org/detail.cfm?id=2663760 just escape output for the appropriate context or contexts (i.e. what we already know), but Flow could be helpful there too for finding unescaped output/sinks.

@g-k
g-k / gist:cccba0b163eb73a6c70a6644dd124281
Last active July 29, 2016 02:15
one liner to get python package downloads across for all versions and releases
$ curl -so - https://pypi.python.org/pypi/Django/json | python3 -c 'import sys; import json; print(sum([release["downloads"] for version in json.load(sys.stdin)["releases"].values() for release in version]))'
22520974
@g-k
g-k / fix-whitespace.sh
Last active August 29, 2015 14:18
cmd to fix trailing whitespace in PHP files
git ls-files | grep '.php$' | xargs -L 1 -I % emacs -batch % --eval '(delete-trailing-whitespace (point-min) (point-max))' -f save-buffer
@g-k
g-k / fb-ad-insights-api-notes.md
Last active August 29, 2015 14:09

Facebook Ad Insights v2.2 API Notes

Ad Report Stats (URL ends with: /reportstats despite its name)

Breakdown columns

Data breakdown columns cannot be used together except for few exceptions. See the table for allowed combinations.

  • Cannot fetch: country and age or country and gender
  • Can fetch: age and gender (but not age,gender because that's not a column name)
@g-k
g-k / gpg-git-smudge-clean.md
Last active June 22, 2022 07:16
test transparent git encryption with smudge clean filters using gpg

Generate a GPG Key and revocation cert per http://www.gnupg.org/gpg/en/manual.html:

gpg --key-gen
gpg --output revoke.asc --gen-revoke <my user ID or email>

Once gpg key in keyring we can encrypt and decrypt files.

@g-k
g-k / README.md
Last active December 18, 2015 21:29
quasicrystal
@g-k
g-k / README.md
Last active December 17, 2015 18:09 — forked from mbostock/.block
Trifoil Knot
@g-k
g-k / demaine-2002-puzzle-notes.md
Created May 6, 2013 03:19
Demaine LCS 2002 Puzzle Notes

From: http://erikdemaine.org/puzzles/LCS2002/

Goal:

  • have eight squares with images all facing the same way "up" (on both sides or on each side?)
  • no cuts, rips tears
  • one piece of paper

How many ways to fold?

@g-k
g-k / gamma-band.js
Created May 6, 2013 03:09
gamma banding
// gamma correction with narrow 8-bit channel leads to banding
// where all the values aren't used
// How many are used?
// node gamma-band.js | uniq - | wc -l
for (var i = 0; i < 256; i++) {
var value = i;