Ludochaordic
Fantaisies programatico-ludiques

Listing all GitHub security alerts of a user's projects using GraphQL and Python

Almost a year ago, GitHub introduced security alerts. They are an awesome feature. They function as notifications you receive whenever a vulnerability affecting one of your project dependencies. But long after receiving a notification, how to list all security alerts affecting your repositories ? I didn't found an out-of-the box solution …

Read More

Python 3 non consistent set & dict iteration gotcha

Consider the following Python expression: print("".join(set("ABCDE"))) What do you think it produces ? Not necessarily "ABCDE". Right, but you would expect the result to be consistent, isn't it ? $ for i in {1..3}; do python2.7 -c 'print("".join(set("ABCDE")))'; done ACBED ACBED ACBED Great ! ... But with …

Read More

Bash remote code execution vulnerability

Just relaying the information about this "ShellShock" vulnerability: RedHat security blog post the full disclosure on seclists.org This seems to affect Apache, sshd, DHCP clients and even potentially git. TL;DR here is how to check your Bash version env x='() { echo Never called; }; echo YOUR BASH IS VULNERABLE …

Read More