Skip to content

Instantly share code, notes, and snippets.

@rgranadino
rgranadino / main.tf
Created September 7, 2018 16:27
terraform example of app autoscaling based on customized metric specification
resource "aws_appautoscaling_policy" "scale_out" {
name = "scale-up"
policy_type = "TargetTrackingScaling"
resource_id = "service/${data.terraform_remote_state.ecs_cluster.ecs_cluster_name}/${var.service_name}"
scalable_dimension = "ecs:service:DesiredCount"
service_namespace = "ecs"
target_tracking_scaling_policy_configuration {
target_value = "${var.scaling_target_value}"
scale_in_cooldown = "${var.scale_in_cooldown}"
@rgranadino
rgranadino / ecs-ssh.rb
Last active February 16, 2018 18:12
AWS ECS ssh helper
#!/usr/bin/ruby
require 'json'
$sshUser = 'ec2user'
#NOTE all of our ecs clusters are prefixed with "ecs-"
#which we assume here to save the time & trouble of having to type that out
#all of our tasks are also suffixed with the "environment" name
def sshToEcsInstance(clusterName)
cmd = "aws ecs list-container-instances --cluster ecs-"+ clusterName
instances = JSON.parse(`#{cmd}`)["containerInstanceArns"]
ec2InstanceHostname = getInstanceInfo(clusterName, instances.sample)
### Keybase proof
I hereby claim:
* I am rgranadino on github.
* I am beeplogic (https://keybase.io/beeplogic) on keybase.
* I have a public key ASAbXks9Scgwvunw_13NMBXnVYDNLdWqCEZRRNKFZGzP7go
To claim this, I am signing this object:

I believe it will be difficult to source a definitive answer to this question of why a CSRF token is "needed" in Magento's add to cart GET action. I'll make an attempt to interpret its purpose. I'm by no means a security expert and this is my interpretation of CSRF in this particular context.

Context

From [owasp.org][1]

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.

One example of this attack is embedding a hidden image in an email or an alternate webpage:

<?xml version="1.0" encoding="UTF-8"?>
<config>
<global>
<sales>
<quote>
<item>
<product_attributes>
<reel_enable/>
</product_attributes>
</item>
@rgranadino
rgranadino / gist:a3dfe55f21b347682144
Created December 4, 2014 23:55
really force magento orders complete
<?php
/* @var $collection Mage_Sales_Model_Resource_Order_Collection */
$collection = Mage::getResourceModel('sales/order_collection');
$reflection = new ReflectionMethod( Mage_Sales_Model_Order, '_setState');
$reflection->setAccessible(true);
foreach ($collection as $order) {
/* @var $order Mage_Sales_Model_Order */
$reflection->invoke($order, 'complete', 'bulk_complete', 'force complete', false, false);
$order->save();
}
<?php
$product = Mage::getModel('catalog/product')->loadByAttribute('sku', 'SOME SKU');
$attributes = $product->getTypeInstance(true)->getSetAttributes($product);
/* @var $mediaGalleryAttribute Mage_Catalog_Model_Resource_Eav_Attribute */
$mediaGalleryAttribute = $attributes['media_gallery'];
//FILL IN $path somehow
$mediaGalleryAttribute->getBackend()->addImage($product, $path, null, false, false);
$product->save();
@rgranadino
rgranadino / gist:13b863c725a26d3373d5
Created July 16, 2014 19:26
magento soap order list limited by increment ID
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:Magento" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
<soapenv:Header/>
<soapenv:Body>
<urn:salesOrderList soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<sessionId xsi:type="xsd:string">?</sessionId>
<filters xsi:type="urn:filters">
<complex_filter SOAP-ENC:arrayType="ns1:complexFilter[0]" xsi:type="ns1:complexFilterArray">
<item xsi:type="ns1:complexFilter">
<key xsi:type="xsd:string">increment_id</key>
<value xsi:type="ns1:associativeEntity">
SELECT CONCAT(table_schema, '.', table_name),
CONCAT(ROUND(table_rows / 1000000, 2), 'M') rows,
CONCAT(ROUND(data_length / ( 1024 * 1024 * 1024 ), 2), 'G') DATA,
CONCAT(ROUND(index_length / ( 1024 * 1024 * 1024 ), 2), 'G') idx,
CONCAT(ROUND(( data_length + index_length ) / ( 1024 * 1024 * 1024 ), 2), 'G') total_size,
ROUND(index_length / data_length, 2) idxfrac
FROM information_schema.TABLES
ORDER BY data_length + index_length DESC
LIMIT 30;
<?php
/**
* @package Develpr_Sqs
* @author Kevin Mitchell <kevin@develpr.com>
* @copyright Massachusetts Institute of Technology License (MITL)
* @license http://opensource.org/licenses/MIT
*/
require(Mage::getBaseDir('lib') . '/develpr_sqs/aws.phar');
$autoloadFuncs = spl_autoload_functions();