Greptile’s Post

guys build on greptile API -- an example is this w linear -- this is huge also, i'm pretty sure they have a zapier integration (i might test this out -- but would be super cool to email code to friends (i email my code to friends sometimes) and have those captured and parsed/understood for the email + copy them)

My absolute *favorite* internal tool that we have built on the Greptile API is our Linear bot. When there is a new Linear issue, it adds a comment with -> ✨ Files/directories in the repo that are relevant to the issue. ✨ References to code in your repo that is similar to what I am about to write. ✨Instructions on how to do the issue, with notes on security, compliance, and code health considerations. When I see a new issue, within *30 seconds* I am primed what I parts of the codebase I need to look at, if there is already code in the codebase that is similar to what I am about to write, and if there is anything non-obvious that i should keep in mind while doing this task. Use our API or Zapier to build your own Greptile linear bot today!

Really interesting read on the dangers of hallucinations and coping code. Genuinely not sure I would realise or even check the listed dependencies when copying code! Missing dependencies at least throw an error but having a common hallucination used as an attack vector is terrifying simple and cool! https://lnkd.in/eh6YWnbg

A Mythic traffic analysis *** Translation required from the original Chinese text** "Mythic is a multi-player, cross-platform red team action framework built using python3, docker, docker-compose and web browser UI technologies. It supports multiple communication protocols, including HTTP, TLS, etc., and the communication between Beacon and Mythic server usually uses encryption to ensure security. The core principle of Mythic is to simulate and imitate the behavior of attackers in penetration testing and red team operations. It provides a C2 (command and control)-like infrastructure that allows attackers to remotely control target systems, execute commands, upload and download files, etc. By installing different Payload frameworks, Beacons for different systems and protocols can be generated. This tool uses AES encryption technology to protect the confidentiality of data."

Improve this code

Low CVE-2023-49297: PyDrive2 - Unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. This is a deserilization attack that will affect any user who initializes GoogleAuth from this package while a malicious yaml file is present in the same directory. This vulnerability does not require the file to be directly loaded through the code, only present. This issue has been addressed in commit `c57355dc` which is included in release version `1.16.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSSv3.1 Base Score: 3.3 https://lnkd.in/e5x4V_mQ

You know what's worse than a deadline monster? The unseen bug infestation in your code. Because bugs don't just slow you down, they sabotage your progress at every step. So, how can you identify and tackle them efficiently? Let's dive into the various types of bugs that could be lurking in your code: 🚩 Syntax Bugs These occur due to violations in the language's grammar rules. Missed punctuation marks or incorrect use of keywords often cause them. 🚩 Runtime Bugs These happen when your code compiles but crashes during execution. Expect error messages or abnormal behavior. 🚩 Logical Bugs These are the trickiest. Your code runs without errors, but the output isn't what you expect. Time to debug your logic! 🚩 Semantic Bugs They occur when the meaning of your code diverges from what was intended. Your syntax might be right, but the logic is flawed. 🚩 Resource Bugs These take form when your application uses resources inefficiently. Memory leaks and overuse of CPU can cripple performance. Understanding these bug types is the first step in becoming a better coder. Next time, come prepared with these bug-busting strategies! What types of bugs have you encountered lately? Share your experiences!

Many times, we have encountered instances where our target webpage utilized an outdated version of a framework – in my case, Bootstrap 3.3.7. This particular version is susceptible to Cross-Site Scripting (XSS) and has corresponding Common Vulnerabilities and Exposures (CVE). While I had come across this information multiple times before, I never delved deep into identifying the specific vulnerability affecting the web application. Understanding the intricacies of exploitation seemed challenging, and I struggled to comprehend the methods involved. In my recent exploration, I decided to investigate further and stumbled upon the following page: https://lnkd.in/dsyixb-Z. The information provided indicated that certain properties, such as data-template, data-content, and data-title, among others, were vulnerable. Despite this revelation, I still grappled with the practical aspect of locating these properties and injecting a payload. During my quest, someone suggested, "You can manipulate it however you want. The vulnerability, while unlikely in most applications, arises when any data specified by an attacker on the right-hand side of '=' is not filtered by the software." This insight prompted a realization: when encountering a CVE that affects your target domain, delve deeper. Learn about the specific vulnerability, understand the functionality of the implicated components, and scrutinize JavaScript files associated with the framework. It became evident that blindly reporting a CVE without comprehending the context might not yield effective results. In my case, I couldn't exploit an XSS vulnerability simply because my input wasn't reflecting between the specified parameters. Special Thanks to Snyk #bootstrap #webapplication #webapplicationsecurity #xss #tips #cve #bug #security #computersecurity #security #web #hunt #framework

It is quite frustrating when your code passes the sample tests but fails on some hidden test. You try to think of, what the test case could be which can be very tough. These tests are usually big and have corner cases. Debugging is the best option to find the errors in code but it is tough. It's even tougher when the time bounds are there. Things that can help you debug your code - 1. Focus on stress testing. You might have to generate random test cases yourself in order to check where your code is failing by writing both brute force and optimal solution. 2. Read questions carefully. It does happen a lot of times that you are missing some point in the question due to which some cases are failing. Reading it again carefully might help you debug. 3. Always check the extreme end point of the constraints. These are the full fledged test cases of high help you get the idea of the time your code runs in. 4. Try to prove your current code with a contradiction. Try to find the test case where it fails. 5. Try to write simpler codes. They are easier to debug and less prone to errors. Learn proofs and optimal solutions through video solutions in our problem sheets asksenior.in/learn. They can help you learn simpler approaches and ways to reduce error prone code.