joernchen

GitHub RCE by Environment variable injection Bug Bounty writeup

Disclaimer: I'll keep this really short but  I hope you'll get the key points.

GitHub blogged a while ago about some internal tool called gerve:
https://github.com/blog/530-how-we-made-github-fast

Upon git+sshing to github.com gerve basically looks up your permission
on the repo you want to interact with. Then it bounces you further in
another forced SSH session to the back end where the repo actually is.

justinweiss

# Call scopes directly from your URL params:
#
#     @products = Product.filter(params.slice(:status, :location, :starts_with))
module Filterable
  extend ActiveSupport::Concern

  module ClassMethods
    
    # Call the class methods with names based on the keys in <tt>filtering_params</tt>
    # with their associated values. For example, "{ status: 'delayed' }" would call 

dmitriy-kiriyenko

Find or create an object by a unique key and update it without introducing any extra objects.

Let's assume that an external API is being polled for payments. The actual external API is irrelevant to this task, what really matters is that each payment has a line_item_id and belongs to a service.

A line_item_id is unique in the scope of a service.

Assume that you are already given an ActiveRecord object (and underlying table) for representing a payment. It was already designed by another team member, it has been deployed and is being actively used in production.

class Payment < ActiveRecord::Base

simonista

" Don't try to be vi compatible
set nocompatible

" Helps force plugins to load correctly when it is turned back on below
filetype off

" TODO: Load plugins here (pathogen or vundle)

" Turn on syntax highlighting
syntax on

gruber

#!/usr/bin/env perl
#
# http://daringfireball.net/2007/03/javascript_bookmarklet_builder

use strict;
use warnings;
use URI::Escape qw(uri_escape_utf8);
use open  IO  => ":utf8",		# UTF8 by default
		  ":std";				# Apply to STDIN/STDOUT/STDERR

samuelclay

#include <Adafruit_NeoPixel.h>
#include "WS2812_Definitions.h"

#define PIN_A 9
#define PIN_B 3
#define PIN_C 2
#define PIN_D 12
#define PIN_E 10
#define PIN_F 6
#define LED_COUNT 43

branneman

Better local require() paths for Node.js

Problem

When the directory structure of your Node.js application (not library!) has some depth, you end up with a lot of annoying relative paths in your require calls like:

const Article = require('../../../../app/models/article');

Those suck for maintenance and they're ugly.

Possible solutions

ttscoff

#!/usr/bin/env ruby
# encoding: utf-8
# tag primary folders =Tagname
# target them with #Tagname
# tag subfolders with @nickname
# target them with :nickname
# if no tagged folder exists but there's a matching folder name, that's used
# otherwise it will create folders based on :tags
# :tags can be strung together :bt:Drafts:testing for nesting
# Only one #Tag and one :path should exist in a file's tags

askehansen

$.fn.parsley.defaults = {
  // basic data-api overridable properties here..
  inputs: 'input, textarea, select'           // Default supported inputs.
  , excluded: 'input[type=hidden], :disabled' // Do not validate input[type=hidden] & :disabled.
  , trigger: false                            // $.Event() that will trigger validation. eg: keyup, change..
  , animate: true                             // fade in / fade out error messages
  , animateDuration: 300                      // fadein/fadout ms time
  , focus: 'first'                            // 'fist'|'last'|'none' which error field would have focus first on form validation
  , validationMinlength: 3                    // If trigger validation specified, only if value.length > validationMinlength
  , successClass: 'has-success'           // Class name on each valid input

tokenvolt

inputs = %w[
  CollectionSelectInput
  DateTimeInput
  FileInput
  GroupedCollectionSelectInput
  NumericInput
  PasswordInput
  RangeInput
  StringInput
  TextInput