obonyojimmy

Security Headers at Legal Robot

We're big fans of open source software at Legal Robot. We also know that getting security right is a tough job, so we want to share some of the useful tools we use to build and run Legal Robot and keep it secure.

We are also proud to run Legal Robot on the Meteor framework for Node.js. With this recent change, Helmet.js becomes the official recommendation for security headers in Meteor, replacing the previous Meteor browser-policy package.

One of the most helpful tools in our Meteor security toolbox at Legal Robot is Content Security Policy (CSP)  — basically, our server tells the browser what code it is allowed to run and how to handle something like code injection from a malicious browser extension.

CSP can be quite tricky, but there are some excellent tools out there to help, like [Google'

obonyojimmy

# walk_gdrive.py - os.walk variation with Google Drive API

import os

from apiclient.discovery import build  # pip install google-api-python-client

FOLDER = 'application/vnd.google-apps.folder'

def get_credentials(scopes, secrets='~/client_secrets.json', storage='~/storage.json'):
    from oauth2client import file, client, tools

obonyojimmy

# REQUIREMENTS
# set the following configuration environment variables at: configuration -> software -> modify -> environment variables

# CERT_EMAIL: the email address used for registering the cert

# CERT_DOMAIN: the domain to create a cert for
# EB environment URL (listed at the top of the environment page) or a custom domain, custom domains must have a DNS CNAME record pointing to the EB environment URL
# !! MUST NOT have "http://" prefix or the trailing "/" at the end !!

# EXAMPLES

obonyojimmy

Processing JSON using jq

jq is useful to slice, filter, map and transform structured json data.

Installing jq

On Mac OS

brew install jq

obonyojimmy

# A1. Launch a notebook instance and get URL to Jupyter running on it
IMAGE=--image-family=tf-latest-cpu
INSTANCE_NAME=dlvm
GCP_LOGIN_NAME=google-cloud-customer@gmail.com  # CHANGE THIS
STARTUP_SCRIPT="git clone https://github.com/GoogleCloudPlatform/data-science-on-gcp"

echo "Launching $INSTANCE_NAME"
gcloud compute instances create ${INSTANCE_NAME} \
      --machine-type=n1-standard-2 \
      --scopes=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/userinfo.email \

obonyojimmy

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>CFBundleDevelopmentRegion</key>
	<string>en</string>
	<key>CFBundleDisplayName</key>
	<string>RNAuth</string>
	<key>CFBundleExecutable</key>
	<string>$(EXECUTABLE_NAME)</string>

obonyojimmy

Resources:
  AWSEBAutoScalingLaunchConfiguration:
    Type: "AWS::AutoScaling::LaunchConfiguration"
    Properties:
      SpotPrice:
        "Fn::GetOptionSetting":
          Namespace: "aws:elasticbeanstalk:application:environment"
          OptionName: "EC2_SPOT_PRICE"
          DefaultValue: {"Ref":"AWS::NoValue"}

obonyojimmy

Common Options

-#, --progress-bar Make curl display a simple progress bar instead of the more informational standard meter.

-b, --cookie <name=data> Supply cookie with request. If no =, then specifies the cookie file to use (see -c).

-c, --cookie-jar <file name> File to save response cookies to.

obonyojimmy

var getAssetPath = function getAssetPath(packageName, assetPath) {
    assetPath = assetPath || '';
    var meteor_root = Npm.require('fs').realpathSync(process.cwd() + '/../');

    var assets_folder = meteor_root + '/server/assets/packages/'+packageName.replace(':','_')+'/'+assetPath;
    return assets_folder;
};

obonyojimmy

About

Example on how to run locally an AWS Lambda via API Gateway using localstack.

Based on...

1. https://stackoverflow.com/questions/44547574/create-api-gateway-in-localstack/48682628
2. https://ig.nore.me/2016/03/setting-up-lambda-and-a-gateway-through-the-cli/

Usage