Skip to content

Instantly share code, notes, and snippets.

View valllabh's full-sized avatar

vallabh valllabh

18 followers · 48 following
View GitHub Profile
@valllabh
valllabh / gist-readme.md
Created February 12, 2026 07:14
TotalAppSec: Auto ignore findings by matching strings in HTTP response payloads (V4 Finding API)

TotalAppSec Auto Ignore Findings by Response Payload

A Python script that uses the TotalAppSec V4 Finding API to automatically ignore false positive findings based on string matching in HTTP response payloads.

Use Case

Some QIDs (e.g., 150263 Insecure Transport) produce false positives when intermediary devices like AWS ALB or CloudFlare respond instead of the actual web server. This script identifies those findings by inspecting the HTTP response payload and ignores them as FALSE_POSITIVE.

How It Works

@valllabh
valllabh / qualys-admin-config.json
Last active February 16, 2023 06:00
{
"cs:v3": {
"base": "https://gateway.p33.eng.in03.qualys.com/",
"spec_files": ["https://gateway.p33.eng.in03.qualys.com/apidocs/yaml/csapi-swagger-v1.3.yaml"],
"profiles": {
"default": {
"headers": {
"accept": "application/json"
}
}
@valllabh
valllabh / cs-api.yaml
Created February 14, 2023 09:59
openapi: 3.0.1
info:
title: Container Security API
description: |
# Authentication
You must authenticate to the Qualys Cloud Platform using Qualys account credentials (user name and password) and get the JSON Web Token (JWT) before you can start using the Container Security APIs.
Use the Qualys Authentication API to get the JWT.
**Example Authentication Curl Request**:
@valllabh
valllabh / CustomAuthenticationFilter.java
Created February 8, 2017 13:10
Spring Multi Provider OAuth Sample (Incomplete)
package com.example;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
@valllabh
valllabh / freespace.php
Last active August 29, 2015 14:11
Free-space on PHP server
<?php
function HumanSize($Bytes) {
$Type = array("", "kilo", "mega", "giga", "tera", "peta", "exa", "zetta", "yotta");
$Index = 0;
while($Bytes >= 1024) {
$Bytes /= 1024;
$Index++;
}
return("".$Bytes." ".$Type[$Index]."bytes");
@valllabh
valllabh / timeago
Created April 9, 2014 11:14
Time Ago
var timeago = {
get : function(from, to){
(!to) && (to = new Date());
from = from.getTime();
to = to.getTime();
if (typeof from !== 'number' || typeof to !== 'number') {
return;
@valllabh
valllabh / autolessc.sh
Last active December 12, 2015 04:28
autolessc is an utility that automatically detects changes in .less files and compile .less file to .css file; Dependencies: sudo apt-get install node-less sudo apt-get install inotify-tools Installation: Use this Gist and put it in `/usr/local/bin/autolessc` to use command system wide. Usage: # Go to your css directory that contains less files …
inotifywait . -r -m -e close_write | while read x op f; do
if [[ "$f" == *".less" ]]; then
css=$x${f//.less/.css};
lessc $x$f > $css && echo "Compiled $x$f >> $css @ `date`";
fi
done
@valllabh
valllabh / gist:3863609
Created October 10, 2012 07:03
Extending or better php print_r()
function pr(){
$args = func_get_args();
foreach($args as $var){
print '<pre>';
print_r($var);
print '</pre>';
}
}
@valllabh
valllabh / gist:3863602
Created October 10, 2012 06:59
Convert Text URLs to Clickable URLs (Adds Anchor Tag)
function text_url_to_clickable_url($content = NULL){
if(!$content){
return FALSE;
}
//The Regular Expression filter
$reg_exUrl = '/((?:(?:f|ht){1}(?:tp|tps):\/\/)[\w\d\S]+)/';
$matches = array();
preg_match_all($reg_exUrl, $content, $matches, PREG_SET_ORDER);