Vulnerabilities in dependencies used in projects

Vulnerabilities in dependencies used in projects

The case of 4Chan

never updated any dependencies since 2009
one dependency used was publicly-known to have multiple critical vuln

Ghostscript - https://security.snyk.io/vuln?search=ghostscript

Local File Inclusion - process pdf files but never checked if the pdf is actually pdf
Remote code execution - after injecting. can run scripts on the server
The modern wake up call - this event reminded everyone to stay up to date with dependencies updates

Dependencies we’re using:

mPDF - fixed

vuln for versions lower than 7.1.8
deserialization of untrusted data - similar with how 4chan got hacked

aws/aws-sdk-php - fixed

path traversal

vuln for versions lower than 3.288.1
can go back and open directories that are not public

arbitrary code execution

vuln for versions lower than 3.2.1

Best practices:

stay up to date with the tech world

join forums like reddit and stackoverflow

check websites that publish security reports

snyk security - https://security.snyk.io/vuln/

regularly audit dependencies

update if needs to

Comments

Setup existing IONIC project in local

Setup existing IONIC project in local Steps: clone git repo install ionic - npm install -g @ionic/cli masuk folder repo project install npm dependencies - npm install run ionic project - ionic serve buka android studio / xcode - ionic cap open $var - $var = ‘android’ atau ‘ios’. ada dua je option, replace $var dgn dua option tu sync changes vscode & dkt android studio / xcode - ionic cap sync good luck Common issues: dependency conflict check https://www.npmpeer.dev/ utk tengok version yg compatible try naikkan/turunkan version dependency yg keluar dkt error. tembak je sampai hilang error g radle issue try upgrade gradle. kalau tak boleh, try remove folder android & build semula e rror cocoapod make sure install xcode make sure install cocoapod error java home not found utk mac, buka ~/.zshrc & masukkan chang es dkt VSC tak masuk android studio / xcode try ionic cap sync try quit & buka semula cordo va.variables.gradle no...

🗑️ Clear storage Mac OS

🗑️ Clear storage Mac OS 1: Clear system cache: Go to Finder > Go > Go to Folder, then type in "~/Library/Caches" and hit enter. Select all the folders inside the Caches folder and delete them. 2: Clear system logs: Go to Finder > Go > Go to Folder, then type in "/var/log" and hit enter. Select all the files inside the Log folder and delete them. 3: Remove unused language files: Go to Finder > Go > Go to Folder, then type in "/Library/Languages" and hit enter. Delete all the language folders you don't need. 4: Uninstall unused apps: Go to the Applications folder and delete the apps you don't use. 5: Clean up system files: Use a system cleaning tool like CleanMyMac X to scan and remove unnecessary system files. 6: If you have npm installed, clear the caches once in a while with ‘sudo npm cache clean --force’ 7: If you have ionic projects, open the ‘.angular’ folder and delete the ‘cache’ folder inside it.

Other useful things I sometime use but always forgot

🐘 Useful PHP functions One line year array // will get the past 3 year including current year. eg: 2021,2022,2023 for ($i=-2; $i <= 0 ; $i++) $data['year'][date('Y')+$i] = date('Y')+$i; Unset attribute in array of array object $body_list[$count] = array( 'attr' => array( '1' => 'one', '2' => 'two', ), 'data' => (object) array( '3' => 'three', '4' => 'four', ) ); unset($body_list[$count]['data’]->{‘3’}); // will remove attribute ‘three’ Merge/combine array with duplicate keys while preserving the values // use this inside loops where + won...

Firdaus Safari

Search This Blog