profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/elreydetoda/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
elreydetoda @ProfessionallyEvil, @SamuraiWTF, @secureideasllc th3 Interw3bz https://elrey.casa/blog former member of @49thSecurityDivision and now work as PentesterOps/Developer at @secureideasllc message me at twitter: https://twitter.com/RonJonArod

elreydetoda/docker-bashfuscator 3

dockerizing this project: https://github.com/Bashfuscator/Bashfuscator

49thSecurityDivision/lab-documentation 1

all the documentation that is specific to the lab network, infrastructure, etc.. (not documentation for lab rolls, but possibly for definitions)

elreydetoda/ansible-collection-virtualization 1

Ansible Collection: Virtualization roles

elreydetoda/ansible-role-sysbox 1

install the sysbox project https://github.com/nestybox/sysbox

elreydetoda/commando-vm 1

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@fireeye.com

elreydetoda/algo 0

Set up a personal VPN in the cloud

elreydetoda/all-linux-tings 0

This is a repo of all my configurations for different applications/programs.

elreydetoda/ansible-collection-pipenv 0

ansible role for installing a pipenv environment

elreydetoda/ansible-role-textbelt 0

ansible role for https://textbelt.com/ to send text messages

elreydetoda/ansible-role-vagrant 0

Ansible role for install the latest version of Vagrant

startedLibrePhotos/librephotos

started time in 6 hours

release jenkinsci/jenkinsfile-runner

1.0-beta-29

released time in 14 hours

release gruntwork-io/terragrunt

v0.30.3

released time in 19 hours

release gruntwork-io/terragrunt

v0.30.1

released time in 19 hours

fork trvon/nvm

Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions

fork in 20 hours

release jenkinsci/jenkinsfile-runner

1.0-beta-28

released time in a day

PR opened elreydetoda/all-linux-tings

Bump fastapi from 0.63.0 to 0.65.2 in /apis/rssaggregator/app

Bumps fastapi from 0.63.0 to 0.65.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tiangolo/fastapi/releases">fastapi's releases</a>.</em></p> <blockquote> <h2>0.65.2</h2> <h3>Security fixes</h3> <ul> <li>🔒 Check Content-Type request header before assuming JSON. Initial PR <a href="https://github-redirect.dependabot.com/tiangolo/fastapi/pull/2118">#2118</a> by <a href="https://github.com/patrickkwang"><code>@​patrickkwang</code></a>.</li> </ul> <p>This change fixes a <a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery">CSRF</a> security vulnerability when using cookies for authentication in path operations with JSON payloads sent by browsers.</p> <p>In versions lower than <code>0.65.2</code>, FastAPI would try to read the request payload as JSON even if the <code>content-type</code> header sent was not set to <code>application/json</code> or a compatible JSON media type (e.g. <code>application/geo+json</code>).</p> <p>So, a request with a content type of <code>text/plain</code> containing JSON data would be accepted and the JSON data would be extracted.</p> <p>But requests with content type <code>text/plain</code> are exempt from <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS">CORS</a> preflights, for being considered <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests">Simple requests</a>. So, the browser would execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application.</p> <p>See <a href="https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7">CVE-2021-32677</a> for more details.</p> <p>Thanks to <a href="https://twitter.com/b0g3r">Dima Boger</a> for the security report! 🙇🔒</p> <h3>Internal</h3> <ul> <li>🔧 Update sponsors badge, course bundle. PR <a href="https://github-redirect.dependabot.com/tiangolo/fastapi/pull/3340">#3340</a> by <a href="https://github.com/tiangolo"><code>@​tiangolo</code></a>.</li> <li>🔧 Add new gold sponsor Jina 🎉. PR <a href="https://github-redirect.dependabot.com/tiangolo/fastapi/pull/3291">#3291</a> by <a href="https://github.com/tiangolo"><code>@​tiangolo</code></a>.</li> <li>🔧 Add new banner sponsor badge for FastAPI courses bundle. PR <a href="https://github-redirect.dependabot.com/tiangolo/fastapi/pull/3288">#3288</a> by <a href="https://github.com/tiangolo"><code>@​tiangolo</code></a>.</li> <li>👷 Upgrade Issue Manager GitHub Action. PR <a href="https://github-redirect.dependabot.com/tiangolo/fastapi/pull/3236">#3236</a> by <a href="https://github.com/tiangolo"><code>@​tiangolo</code></a>.</li> </ul> <h2>0.65.1</h2> <h3>Security fixes</h3> <ul> <li>📌 Upgrade pydantic pin, to handle security vulnerability <a href="https://github.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh">CVE-2021-29510</a>. PR <a href="https://github-redirect.dependabot.com/tiangolo/fastapi/pull/3213">#3213</a> by <a href="https://github.com/tiangolo"><code>@​tiangolo</code></a>.</li> </ul> <h2>0.65.0</h2> <h3>Breaking Changes - Upgrade</h3> <ul> <li>⬆️ Upgrade Starlette to <code>0.14.2</code>, including internal <code>UJSONResponse</code> migrated from Starlette. This includes several bug fixes and features from Starlette. PR <a href="https://github-redirect.dependabot.com/tiangolo/fastapi/pull/2335">#2335</a> by <a href="https://github.com/hanneskuettner"><code>@​hanneskuettner</code></a>.</li> </ul> <h3>Translations</h3> <ul> <li>🌐 Initialize new language Polish for translations. PR <a href="https://github-redirect.dependabot.com/tiangolo/fastapi/pull/3170">#3170</a> by <a href="https://github.com/neternefer"><code>@​neternefer</code></a>.</li> </ul> <h3>Internal</h3> <ul> <li>👷 Add GitHub Action cache to speed up CI installs. PR <a href="https://github-redirect.dependabot.com/tiangolo/fastapi/pull/3204">#3204</a> by <a href="https://github.com/tiangolo"><code>@​tiangolo</code></a>.</li> <li>⬆️ Upgrade setup-python GitHub Action to v2. PR <a href="https://github-redirect.dependabot.com/tiangolo/fastapi/pull/3203">#3203</a> by <a href="https://github.com/tiangolo"><code>@​tiangolo</code></a>.</li> <li>🐛 Fix docs script to generate a new translation language with <code>overrides</code> boilerplate. PR <a href="https://github-redirect.dependabot.com/tiangolo/fastapi/pull/3202">#3202</a> by <a href="https://github.com/tiangolo"><code>@​tiangolo</code></a>.</li> <li>✨ Add new Deta banner badge with new sponsorship tier 🙇. PR <a href="https://github-redirect.dependabot.com/tiangolo/fastapi/pull/3194">#3194</a> by <a href="https://github.com/tiangolo"><code>@​tiangolo</code></a>.</li> <li>👥 Update FastAPI People. PR <a href="https://github-redirect.dependabot.com/tiangolo/fastapi/pull/3189">#3189</a> by <a href="https://github.com/apps/github-actions"><code>@​github-actions[bot]</code></a>.</li> <li>🔊 Update FastAPI People to allow better debugging. PR <a href="https://github-redirect.dependabot.com/tiangolo/fastapi/pull/3188">#3188</a> by <a href="https://github.com/tiangolo"><code>@​tiangolo</code></a>.</li> </ul> <h2>0.64.0</h2> <h3>Features</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tiangolo/fastapi/commit/4d91f978d265a5050baeb3d4b3618c2f5cb7995a"><code>4d91f97</code></a> 🔖 Release version 0.65.2</li> <li><a href="https://github.com/tiangolo/fastapi/commit/aabe2c7d66ef4add9d4f89c13483260e40e95b76"><code>aabe2c7</code></a> 📝 Update release notes</li> <li><a href="https://github.com/tiangolo/fastapi/commit/377234ad8ed7b15667662250166c1bac6327c879"><code>377234a</code></a> 🔒 Create Security Policy</li> <li><a href="https://github.com/tiangolo/fastapi/commit/38b785813f175bef80e3e2f5274077f46d898186"><code>38b7858</code></a> 📝 Update release notes</li> <li><a href="https://github.com/tiangolo/fastapi/commit/fa7e3c996edf2d5482fff8f9d890ac2390dede4d"><code>fa7e3c9</code></a> 🐛 Check Content-Type request header before assuming JSON (<a href="https://github-redirect.dependabot.com/tiangolo/fastapi/issues/2118">#2118</a>)</li> <li><a href="https://github.com/tiangolo/fastapi/commit/90120dd6e83d997fa2f7f54119a2e0cf906b1ded"><code>90120dd</code></a> 📝 Update release notes</li> <li><a href="https://github.com/tiangolo/fastapi/commit/36772548b7fe7556cfcb37679b80485301174856"><code>3677254</code></a> 🔧 Update sponsors badge, course bundle (<a href="https://github-redirect.dependabot.com/tiangolo/fastapi/issues/3340">#3340</a>)</li> <li><a href="https://github.com/tiangolo/fastapi/commit/40bb0c5f362665cee32a14ee1ff9c8b2f110684c"><code>40bb0c5</code></a> 📝 Update release notes</li> <li><a href="https://github.com/tiangolo/fastapi/commit/60918d25a1f28411638a258c4d99b147ddc555d7"><code>60918d2</code></a> 🔧 Add new gold sponsor Jina 🎉 (<a href="https://github-redirect.dependabot.com/tiangolo/fastapi/issues/3291">#3291</a>)</li> <li><a href="https://github.com/tiangolo/fastapi/commit/3afce2c4b87ba821f6282a763384a321076dbd61"><code>3afce2c</code></a> 📝 Update release notes</li> <li>Additional commits viewable in <a href="https://github.com/tiangolo/fastapi/compare/0.63.0...0.65.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+94 -81

0 comment

1 changed file

pr created time in 2 days

created repositoryGhostPack/ForgeCert

"Golden" certificates

created time in 3 days

created repositoryGhostPack/Certify

Active Directory certificate abuse.

created time in 3 days

startedJanKallman/EPPlus

started time in 3 days

fork monoxgas/changed-files

:octocat: Github action to retrieve all (changed, added, modified, deleted) files.

fork in 3 days

startedp4lang/tutorials

started time in 3 days

PublicEvent

startedmcauser/awesome-micropython

started time in 3 days

startedp4lang/p4c

started time in 3 days

startedaw1cks/openconnect

started time in 4 days

create barnchSamuraiWTF/samuraiwtf

branch : tls_wayfarer_aws

created branch time in 4 days

push eventSamuraiWTF/wayfarer

mgillam

commit sha f53077e3d1649948e7063cbcb3755e89ee37cc18

Last tweak on refresh cookie

view details

push time in 4 days

push eventSamuraiWTF/wayfarer

mgillam

commit sha 25b9fb88d6cd97859b03eb15d20dd1c62d4d5f2d

Last tweak on refresh cookie

view details

push time in 4 days

push eventSamuraiWTF/wayfarer

mgillam

commit sha d2f5d827ab801ce2766a876fb5508faeda53b0e2

Last tweak on refresh cookie

view details

Mic

commit sha 3933c8f8b680fcc2ec3c2a9a1f1d0847775faa3e

Merge pull request #15 from SamuraiWTF/ctq_1 Last tweak on refresh cookie

view details

push time in 4 days

PR merged SamuraiWTF/wayfarer

Last tweak on refresh cookie
+2 -1

0 comment

2 changed files

mgillam

pr closed time in 4 days

PR opened SamuraiWTF/wayfarer

Last tweak on refresh cookie
+2 -1

0 comment

2 changed files

pr created time in 4 days

push eventSamuraiWTF/wayfarer

mgillam

commit sha d2f5d827ab801ce2766a876fb5508faeda53b0e2

Last tweak on refresh cookie

view details

push time in 4 days

push eventSamuraiWTF/wayfarer

mgillam

commit sha ca82d951e9dc183546d5620d3ad01539d06e2a55

Handled an edge case where a session timeout threw an error in the filterbar

view details

mgillam

commit sha bb80eb7f665291ad3d9fd66ecccbac33fe642895

Added 'stay logged in' option to login

view details

mgillam

commit sha afacfb65fa48e8c4b7b739db97086142d3a1b70a

Added logic to attach refreshToken cookie

view details

mgillam

commit sha 0d6fe4f67a53f853c0a79867aa5b145bab318227

Tweaked samesite flag and cors policy to support abuse case

view details

mgillam

commit sha 001ea6e27e208c3a735d798484d938039d70260a

Completed refresh token exchange endpoint

view details

mgillam

commit sha 1b2065a825c87f9c1530d6e3a11d090f5c70bd90

Added auto-refresh to the login page.

view details

mgillam

commit sha df3fadff6d5431dc78f0627d1e2f591b37111767

Fixed login redirect architecture, updated ticketlist and dashboard views to use it

view details

mgillam

commit sha dbcfb2a37dba656b38b5e2a21247fc24d722eddd

Setup auth redirects on other views

view details

mgillam

commit sha 582c71202c834130de327c002c067234bb40e946

Updated tickets routes

view details

mgillam

commit sha 46aa8e2a740d0e197511d44e8b575ee867c2c374

Smartened up redirect for ticketlist

view details

mgillam

commit sha ed8958ec1b21ecd67f0de98b4a87a601f033baf0

Navbar normalization

view details

mgillam

commit sha 32be9a1ec959cbe04b0d347a3d2383cd46ccfc04

Added samurai test admin to db seed

view details

mgillam

commit sha 029556272b820e9514d41d3dd599b9968dd9faad

Added admin functions for user list / add

view details

mgillam

commit sha f7c1248c5ec0d3d6d7beeed05f42caee0844f995

Added logout and admin functions

view details

mgillam

commit sha 11b8beffd3ff710764b237df4b942237f2b76c1f

Added admin form with user creation

view details

mgillam

commit sha ba24ca36156a421a87f52320c6fcec6c704e1c51

Iterator key fix on admin user table

view details

mgillam

commit sha 2c2cf2106e20d7d7029d95ef8314d91481d90c44

WIP start on Admin User Memberships

view details

mgillam

commit sha 919c4730815bf06fea4c97197e9da5adf5632c94

Added test users and team

view details

Mic

commit sha 72a1bc4e037fbc3b3ee46ca4c36c6b4d994c4484

Merge pull request #14 from SamuraiWTF/ctq_1 Ctq 1

view details

push time in 4 days

PR merged SamuraiWTF/wayfarer

Ctq 1
  • Added Admin page with Add User functionality, and supporting API calls
  • Added Samurai test users and team to seed data
  • Reworked login form and routing architecture to add classic redirect instead of seamless redirect
  • Added "Keep me logged in" function with cookie-based token refreshing (requires TLS)
  • Couple bug fixes
+496 -63

0 comment

23 changed files

mgillam

pr closed time in 4 days

startedtcsvn/activity-assistant

started time in 4 days

PR opened SamuraiWTF/wayfarer

Ctq 1
  • Added Admin page with Add User functionality, and supporting API calls
  • Added Samurai test users and team to seed data
  • Reworked login form and routing architecture to add classic redirect instead of seamless redirect
  • Added "Keep me logged in" function with cookie-based token refreshing (requires TLS)
  • Couple bug fixes
+496 -63

0 comment

23 changed files

pr created time in 4 days

push eventSamuraiWTF/wayfarer

mgillam

commit sha 919c4730815bf06fea4c97197e9da5adf5632c94

Added test users and team

view details

push time in 4 days