Skip to content

Instantly share code, notes, and snippets.

@mdkalish
mdkalish / dtruss_output
Created Aug 12, 2015
$ sudo dtruss -n phantomjs
View dtruss_output
PID/THRD SYSCALL(args) = return
17724/0x59dcf: thread_selfid(0x7FA0CABDEEC0, 0x7FA0CAAEA568, 0x7FA0C4FC5BC0) = 368079 0
17724/0x59dcf: csops(0x0, 0x0, 0x7FFF5FBFECC8) = 0 0
17724/0x59dcf: issetugid(0x0, 0x0, 0x7FFF5FBFECC8) = 0 0
17724/0x59dcf: shared_region_check_np(0x7FFF5FBFCC08, 0x0, 0x7FFF5FBFECC8) = 0 0
17724/0x59dcf: stat64("/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices\0", 0x7FFF5FBFDA08, 0x7FFF5FBFECC8) = 0 0
17724/0x59dcf: stat64("/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices\0", 0x7FFF5FBFDA08, 0x7FFF5FBFECC8) = 0 0
17724/0x59dcf: stat64("/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation\0", 0x7FFF5FBFDA08, 0x7FFF5FBFECC8) = 0 0
17724/0x59dcf: stat64("/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation\0", 0x7FFF5FBFDA08, 0x7FFF5FBFECC8) = 0 0
17724/0x59dcf: stat64("/System/Library/Frameworks/Security.framework/Versions/A/Security\0", 0x7FFF5FB
@mdkalish
mdkalish / rails_sql_injection.md
Last active Aug 29, 2015
Find users encrypted passwords with SQL injection to app on Postgres.
View rails_sql_injection.md

The easy part

1. Find the query:

MARKER %') ERROR

Returns error page with (if stack trace is enabled):

PG::SyntaxError: ERROR:  syntax error at or near "ERROR"
LINE 1: ...osts".* FROM "posts"  WHERE (body LIKE '%MARKER %') ERROR%')
                                                               ^
@mdkalish
mdkalish / rails custom name associations
Last active Sep 27, 2018
Generate models with associations using rails generators, enabling custom class_name, foreign keys, and indices.
View rails custom name associations
Here's how it flows:
1. Create models:
```
rails g model User name --no-test-framework --no-assets
rails g model Post content --no-test-framework --no-assets
rails g model Address city --no-test-framework --no-assets
```
@mdkalish
mdkalish / N + 1 Lesson
Created Apr 18, 2015
Query times with and without Active Record includes method for the given number of records in pg db deployed on Heroku.
View N + 1 Lesson
=begin
WITHOUT includes():
For 10 records:
Completed 200 OK in 29ms (Views: 13.9ms | ActiveRecord: 14.5ms)
Completed 200 OK in 98ms (Views: 27.8ms | ActiveRecord: 69.2ms)
Completed 200 OK in 116ms (Views: 44.3ms | ActiveRecord: 71.0ms)
Completed 200 OK in 56ms (Views: 21.1ms | ActiveRecord: 32.5ms)
Completed 200 OK in 292ms (Views: 131.9ms | ActiveRecord: 156.7ms)
For 100 records:
You can’t perform that action at this time.