blog.darkstar.work - a simple url encoder/decoder

 a simple url encoder/decoder
 http://blog.darkstar.work

Labels

Wirtschaft (152) Pressefreiheit (131) Österreich (123) IT (98) code (62) Staatsschulden (37) EZB (27) Pensionssystem (16)

2018-12-25

AWS CodePipeline for android Github project

A short summary, how to create an amazon code pipeline and build project by using an android java github as source repository. (inspired by j-a.f)

I have choosen my github schnapslet project android subtree for trial.

Login into amazon webservices console

https://console.aws.amazon.com/codesuite/codepipeline/pipelines?region=us-east-1#

Click on "Create pipeline"

Choose pipeline settings

Enter a "Pipeline name" and a service role for your new pipeline here. Click "Next".

Choose source provider

Choose Gitub, authorize with your github credentials or choose a public github project, choose repositoty, choose branch, then click "Next".

Add build stage

Choose AWS CodeBuild and click on "Create project".

Create build project

In section "Project" configuration fill out "Project name" (Description - optional).

In section "Environment", I choosed the simplest way with "Managed image" as environment image, "Ubuntu" as operating system, "Android" as runtime, "aws/codebuild/android-java-8:26.1.1" as runtime version, default new service role.

In subsection "Additional configuration", you can enable a VPC on your virtual Ubuntu build server, e.g. if you want to login with ssh; you can select various performance features here, like "15 GB memory, 8 vCPUs" for your build server, you can set manually environment variables here and so on. We didn't need that here for only a simple proof of concepts.


In section "Buildspec" I choosed "Insert build commands", then switched to source editor and edited the following buildspec.yaml:
version: 0.2
phases:
  #install: #commands: # - command
  #pre_build: #commands: # - command
  build:
    commands
     - sudo chmod 755 $CODEBUILD_SRC_DIR/android/Schnapslet/gradlew
     - $CODEBUILD_SRC_DIR/android/Schnapslet/gradlew init -i
     - $CODEBUILD_SRC_DIR/android/Schnapslet/gradlew build -i
     - $CODEBUILD_SRC_DIR/android/Schnapslet/gradlew build --build-file $CODEBUILD_SRC_DIR/android/Schnapslet/app/build.gradle -i
#post_build: #commands: # - command
#artifacts: #files: # - location
#cache: #paths: # - paths

Finally click "Continue to CodePipeline".

Now click "Next", when you are back again on "Add build stage" site.

Add deploy stage

I skipped that option for that proof of concept.

Review

Rewiew "Pipeline settings", "Add source stage", "Add build stage", "Add deploy stage" here and finally click "Create pipeline".

Release change

Finally "Release change".

You can configure your "Build project" seperatly now here: https://console.aws.amazon.com/codesuite/codebuild/projects?region=us-east-1
e.g. if you want to change your buildspec.yaml or view different build logs.

2018-12-18

Html-Sql-Injection Detection

A very simple prototype of html injection detection in MS SQLServer, please notice, that real detection is much more complex...

If Exists(Select Top 1 object_id From tempdb.sys.tables Where name = '##InjWatch')
Delete From ##InjWatch
Else
Create Table ##InjWatch ( ctext nvarchar(Max), tab varchar(768), col varchar(768)
);
GO 

Declare InjectCursor Cursor FAST_FORWARD READ_ONLY For 
  Select 'Cast([' + c.name + '] as nvarchar(max))' as c_cast,
    c.name as c_name, '' + s.name + '.[' +T.name + ']' as sT_name
  From sys.tables T
  Inner Join sys.columns c
    On  c.object_id = T.object_id
    and c.max_length > 16 and c.system_type_id In (Select system_type_id From sys.types Where name In('varchar', 'nvarchar''char''nchar''text''ntext'))
  Inner Join sys.schemas s
    On s.schema_id = T.schema_id

Declare @c_cast varchar(1024), @c_name varchar(768), @sT_name varchar(768)
Open InjectCursor
Fetch Next From InjectCursor Into @c_cast, @c_name, @sT_name

While
 (@@FETCH_STATUS = 0)
Begin
  Declare @execSQL nvarchar(max)
  Set @execSQL = 'insert into ##InjWatch (ctext, tab, col) '+
    'select ' + @c_cast + ' as ctext, ''' + @sT_name + ''' as tab, ''' + @c_name + ''' as col ' +
    ' from ' + @sT_name + ' with (nolock) ' +
    ' where (' + @c_cast + ' like ''%<%'' and ' + @c_cast + ' like ''%>%'') ' +
    ' or ' + @c_cast + ' like ''%script:%'' or ' + @c_cast + ' like ''%://%''' +
    ' or ' + @c_cast + ' like ''%href%'' or ' + @c_cast + ' like ''%return %''' +
    ' or ' + @c_cast + ' like ''%mailto:%'''
  Execute sp_executesql @execSQL;
  Fetch Next From InjectCursor Into @c_cast, @c_name, @sT_name
End
Close InjectCursor
Deallocate InjectCursor

Select Distinct * From ##InjWatch
GO