I add a unit test for the Standard Ruby linter bug fix done in the last episode. When adding the unit test I find out someone has improved the todo generation logic. Thank you. I also find a remove a redundant test.
Read about the bug being fixed here.
Checkout episode 5 where the bug was actually fixed:
Thanks to Test Double for creating Standard Ruby! I use it whenever I can.
Have question you want answered in a future video or constructive feedback? Send an email to ask@saturdaymp.com.
In this episode I implement a fix for the todo file generation bug in the Standard (Ruby linter) and do some manual testing. Also use ChatGPT to explain some code that GitHub Copilot generated.
Read about the bug being fixed here.
See the previous episode, number 4, where I create I duplicate the issue and come up with the fix possible fix.
Thanks to Test Double for creating Standard Ruby! I use it whenever I can.
Have question you want answered in a future video or constructive feedback? Send an email to ask@saturdaymp.com.
I duplicate a todo file generation bug in the Standard (Ruby linter) and come up with a possible fix but don’t actually get to the fix.
Read about the bug here.
See episode #1 where I create a Docker development environment for Standard:
As a bonus at the beginning of the video I upgrade RubyMine to fix the bug we encountered in episode 2:
Thanks to Test Double for creating Standard! I use it whenever I can.
Have question you want answered in a future video or constructive feedback? Send an email to ask@saturdaymp.com.
I, Chris, spend a lot longer then I anticipated filling out the JetBrains Developer Ecosystem Survey 2023. Thought it would be a quick half-hour but turned into 2 hours. Sorry in advance for the long video.
If you use the link below to take the survey I might win a prize:
https://surveys.jetbrains.com/s3/developer-ecosystem-survey-2023-sh?pcode=7200269898884107
Have question you want answered in a future video or constructive feedback? Send an email to ask@saturdaymp.com.
Chris fights to get the debugger working in RubyMine and does not make any progress on Standard. It was frustrating but overall Chris enjoys working with RubyMine so thank you JetBrains for creating it.
If you have any questions you would like answered in a future show or have constructive feedback please DM me or send an email to ask@saturdaymp.com.
Chris creates a Docker environment for Standard which is a Ruby linter. Thank you to Test Double for creating Standard.
If you have any questions you would like answered or constructive feedback please send an email to ask@saturdaymp.com.
You can find my fork of the Standard repo here. Ideally all the files in the video would be in the repo but since we ignored the Docker files at a local level, they are listed below.
# Dockerfile
FROM ruby:3.2.2-alpine3.18
RUN apk update && \
apk upgrade && \
apk add --no-cache git build-base
# docker-compose.yml
services:
app:
build: .
entrypoint: /app/docker-entrypoint.sh
volumes:
- .:/app
- bundle-volume:/usr/local/bundle
ports:
- "1234:1234"
working_dir: /app
volumes:
bundle-volume:
# docker-entrypoint.sh
#!/bin/sh
set -e
bundle check || bundle install && bundle clean --force
exec "$@"
# .git/info/exclude
# File patterns to ignore; see `git help ignore` for more information.
# Lines that start with '#' are comments.
Dockerfile
docker-compose.yml
docker-entrypoint.sh
.idea/
Gemfile.lock
I’ve made it a goal for 2023 to increase my security knowledge. This was based on increase in security related questions from clients. Specifically related to website security as most of my current work is maintaining websites for clients.
One thing I was not expecting was the amount security tools that are available. To help me remember I figured I should write them down and what better place then the dusty old blog.
The tool I learned about today is Gobuster. It is a tool that lets you brute force directories and files on a website. At least that is all I’ve used it for so far but it can also be used to guess DNS subdomains, vhosts, etc.
Gobuster needs a wordlist which is a file of paths to try. If you are using Kali Linux you can find several at /usr/share/wordlists. If you aren’t using Kali, or need additional wordlists try the danielmiessler/SecLists.
An example of running Gobuster on a Hack the Box website. The goal was to find the “hidden” login.php file so I could login to the website using credentials acquired via a open FTP directory.
I think Gobuster will be a useful tool to make sure a client is not exposing files they don’t mean too. For example, an incorrectly configured Apache/Nginx server. Or maybe the client accidently added an file they shouldn’t have to Git and now it shows up on their website.
P.S. – I searched for songs about finding things but that wasn’t very fruitful so changed the search to secrets and found the one below. It has good advice about not caring about if others know your secrets but that only applies if you are human. Websites should keep their secrets secret.
I don’t care if the world knows what my secrets are
Secrets are
I don’t care if the world knows what my secrets are
Secrets are
So, what?
So, what?
So, what?
So, what?
I’m honored to be presenting at BSides Edmonton on November 25, 2022. I’ll be demoing rate limiting using nginx and Fail2Ban. You can find the demo here in-case you want to follow along during the demo or you want a preview/spoiler.
While I’m honored to be presenting, my hope is to learn more than I impart. I’m looking forward to chatting and learning from you, my fellow BSides Edmonton 2022 speakers and attendees. I enjoy discussing securing small to medium sized business, legacy code, software development best practices, games, or anything remotely technology or software related.
Birm shows Chris how to secure a React page so only authorized users can view it. Have a question or a topic you would like us to talk about then give a us a shout.
Birm shows Chris add how to add Google Authentication to a React App using Firebase. Have a question or a topic you would like us to talk about then give a us a shout.