Samuel Karani samuelkarani

## bounding-rect-hook.tsx
export function useBoundingClientRect<T extends HTMLElement>() {
  const [rect, setRect] = useState<DOMRect | null>(null);
  const ref = useRef<T>(null);

  const update = useCallback(() => {
    if (ref.current) setRect(ref.current.getBoundingClientRect());
    else setRect(null);
  }, []);

  useEffectOnce(() => {

## react-cache.ts
import objectHash from "object-hash";

const cacheTimeout = 60 * 60 * 1000

let store: Record<string, unknown> = {};

export function cache<A extends unknown[], B = unknown>(
  fn: (...args: A) => Promise<B>,
  key?: string // optional key for guaranteed uniqueness
) {

## audit-file-filtering.js
const formidable = require("formidable");
const path = require("path");

const smallest = 100;
const largest = 10 * 1000 * 1000;
const bannedExtensions = [".js", ".html", ".txt", ".exe", ".rtf", ".vbs", ".zip"];
const bannedMimeTypes = [
  "text/plain",
  "text/html",
  "text/css",

## file-scan-api.js
const nvt = require('node-virustotal'); // read more https://www.npmjs.com/package/node-virustotal
const fs = require('fs');
const crypto = require("crypto");

app.post('/upload', async (req, res) => {
  const randomId = crypto.randomBytes(16).toString("hex");
  const filePath = __dirname + "/uploads/" + randomId;
  const writeStream = fs.createWriteStream(filePath);
  writeStream.on('finish', () => {
      try {

## scan-request-directly.js
const fs = require('fs');
const NodeClam = require('clamscan');

// specify socket or TCP connection. read more at https://www.npmjs.com/package/clamscan#scanStream

const clamscan = new NodeClam().init({
    clamdscan: {
        socket: '/var/run/clamd.scan/clamd.sock',
        host: '127.0.0.1',
        port: 3310,

## convert-upload-to-file.js
const fs = require('fs');
const crypto = require("crypto");

app.post('/upload', async (req, res) => {
  const randomId = crypto.randomBytes(16).toString("hex");
  const filePath = __dirname + "/uploads/" + randomId;
  const writeStream = fs.createWriteStream(filePath);
  writeStream.on('finish', () => {
      const { is_infected, viruses } = await scanFile(filePath);
      if (!is_infected) {

## script.html
<script>
  alert("I am a malicious file");
</script>

## eicar.txt
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

## csrf.html
<html>
  <body>
    <button onclick="aml()">test aml</button>
    <button onclick="eurazeo()">test eurazio</button>
    <script>
      history.pushState("", "", "/");
    </script>
    <script>
      function submitRequest(url) {
        var xhr = new XMLHttpRequest();

## user-authorization.js
const ROLES = {...}

// middleware

function checkRole(role) {
  return (req, res, next) => {
    if (req.user.role !== role) {
      res.status(401)
      return res.send('Not allowed')
    }
	export function useBoundingClientRect<T extends HTMLElement>() {
	const [rect, setRect] = useState<DOMRect \| null>(null);
	const ref = useRef<T>(null);

	const update = useCallback(() => {
	if (ref.current) setRect(ref.current.getBoundingClientRect());
	else setRect(null);
	}, []);

	useEffectOnce(() => {
	import objectHash from "object-hash";

	const cacheTimeout = 60 * 60 * 1000

	let store: Record<string, unknown> = {};

	export function cache<A extends unknown[], B = unknown>(
	fn: (...args: A) => Promise<B>,
	key?: string // optional key for guaranteed uniqueness
	) {
	const formidable = require("formidable");
	const path = require("path");

	const smallest = 100;
	const largest = 10 * 1000 * 1000;
	const bannedExtensions = [".js", ".html", ".txt", ".exe", ".rtf", ".vbs", ".zip"];
	const bannedMimeTypes = [
	"text/plain",
	"text/html",
	"text/css",
	const nvt = require('node-virustotal'); // read more https://www.npmjs.com/package/node-virustotal
	const fs = require('fs');
	const crypto = require("crypto");

	app.post('/upload', async (req, res) => {
	const randomId = crypto.randomBytes(16).toString("hex");
	const filePath = __dirname + "/uploads/" + randomId;
	const writeStream = fs.createWriteStream(filePath);
	writeStream.on('finish', () => {
	try {
	const fs = require('fs');
	const NodeClam = require('clamscan');

	// specify socket or TCP connection. read more at https://www.npmjs.com/package/clamscan#scanStream

	const clamscan = new NodeClam().init({
	clamdscan: {
	socket: '/var/run/clamd.scan/clamd.sock',
	host: '127.0.0.1',
	port: 3310,
	<html>
	<body>
	<button onclick="aml()">test aml</button>
	<button onclick="eurazeo()">test eurazio</button>
	<script>
	history.pushState("", "", "/");
	</script>
	<script>
	function submitRequest(url) {
	var xhr = new XMLHttpRequest();
	const ROLES = {...}

	// middleware

	function checkRole(role) {
	return (req, res, next) => {
	if (req.user.role !== role) {
	res.status(401)
	return res.send('Not allowed')
	}