Caleb Cushing's blog

Log (CRLF) Injection with SLF4J

At my job we have a CIO installed policy of remediating issues found by a static analysis tool and what it finds are most targeted at finding security issues. Currently this tool is Veracode, and I don’t recommend it, it misses more problems than it finds, and what it finds, including this issue, are often false positives. Our most common issue, is CRLF (Carriage Return Line Feed) or other log injection, which we have mitigated in a custom log appender (which Veracode doesn’t recognize). Read more →

Dist::Zilla vs xenoterracide

Yes, I am invincible! I solved my problem with Dist::Zilla. If you agree with me that you should be able to install from your git repository, without requiring your users to have Dist::Zilla installed here’s one way of doing it. First install Dist::Zilla::Plugin::CopyTo. Now Edit your dist.ini. Most people probably use one of the Dist::Zilla bundles. Assuming you use Basic here’s what you do.; remove GatherDir from basic so we can specify it seperately Read more →

cat that displays tabs at 4 spaces

So in the tabs vs spaces war I’m squarely on the side of use tabs. tabs have meaning. tabs allow people to set there editor’s to whatever space display width their eyes are comfortable with as opposed to what yours are (e.g. you like 2 spaces I like 4). However, I’ve heard the argument what about when you cat the file, etc. Well it is actually a bit annoying… so let’s fix it. Read more →

Adding a new group to an open shell without logging in and out

Most Unix users believe it’s impossible to add a group that was recently added to your user account without logging in and logging out. If you’re running X and need to give your gui new permissions (like dolphin/konqueoror) this may be true, for the most part. I don’t know how to change it for those processes. However, if you need to change it for a shell prompt it’s easy. You merely execute the command newgrp in an open shell prompt and that prompt will now be loaded with the new group. Read more →

iptables browsing samba shares

NOTE: this assumes that you’ve read my previous post on basic iptables setup on the desktop So I just spent the longest time trying to determine what ports I needed to browse and use samba shares. The sad answer is it’s just one. iptables -A INPUT -p udp –sport 137 -j ACCEPT the catch with all the information I found with google was that most of it was for samba servers. Read more →