fisker / blog Goto Github PK
View Code? Open in Web Editor NEWfisker's blog
Home Page: https://www.fiskercheung.com/
License: MIT License
blog's Introduction
blog's People
Contributors
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![greenkeeper[bot] avatar](https://avatars.githubusercontent.com/in/505?v=4 "greenkeeper[bot]")
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "renovate[bot]")
Stargazers
Watchers
Forkers
00mjkblog's Issues
再次了解 Form 元素
今天读了一些关于 html form 元素的文档, 记录几点
form[method]
因为在 http 规范中 POST GET PUT 等方法都是大写的,我一直以为 method 也应该用大写,实际上按照规范应该是小写
https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#attr-fs-method
虽然他们大小写不敏感,但还是按照规法比较好,实际上不管你写大写还是小写 form.method 都会是小写的。同样 button[formmethod] 也应该小写
我想到去看下这个是因为我最近用到了 method="dialog"
form.enctype
form.enctype 在 html5 中新增了一个 text/plain, 搜了一圈也没找到具体增加这个的原因,可能真的如找到的几篇文章所言也就 form[action^="mailto:"] 的时候有点用吧
indeterminate
input[type="checkbox"] indeterminate 不会影响 checkbox 的提交, 只和 checked 有关。
如果要提交 indeterminate 状态,可以创建一个 input[type="hidden"] 来保存
form[name]
规范 https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
我以前不知道的几点
- form[name] 的类型
用 name 或 id 访问 form control 元素的时候, 和 input 的 type 无关。
只和元素的个数有个 只要是多个元素 就会返回 RadioNodeList(即使他们的type不是radio),如果只有一个元素,就会返回 HTMLElement(即使input的type是radio) 。
- 当你用 form[name].value 获取 选中的 radio 的值的时候可能不对
因为上一条的原因,如果表单里面只有一个同名的 radio 那么这里可能会踩到坑 那就是这个radio可能并没有被选中。因为只有一个元素的时候返回的是 HTMLInputElement 一般都会有value
- form[name] 可能是一个
img
当你访问的name没有 form control 元素,但是有一个img[id="name"]时,你会得到一个<img>元素,其他具有同样id的元素则不会
- 即使
input的id或name改变,你仍然可以用原来的id或name访问到这个input, 直到这个元素被移除
vscode extention blacklist
CSS Peek -- cause vscode freeze
test
Action Required: Fix Renovate Configuration
There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.
Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.
CVE-2018-19838 Medium Severity Vulnerability detected by WhiteSource
CVE-2018-19838 - Medium Severity Vulnerability
Vulnerable Library - node-sassv4.11.0
🌈 Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Library Source Files (125)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /blog/node_modules/node-sass/src/libsass/src/expand.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
- /blog/node_modules/node-sass/src/libsass/src/output.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /blog/node_modules/node-sass/src/libsass/src/util.hpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.hpp
- /blog/node_modules/node-sass/src/libsass/src/lexer.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_node.cpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/base.h
- /blog/node_modules/node-sass/src/libsass/src/position.hpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /blog/node_modules/node-sass/src/libsass/src/operation.hpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /blog/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.cpp
- /blog/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /blog/node_modules/node-sass/src/libsass/src/functions.hpp
- /blog/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /blog/node_modules/node-sass/src/libsass/src/eval.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.cpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.cpp
- /blog/node_modules/node-sass/src/libsass/src/listize.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /blog/node_modules/node-sass/src/libsass/src/output.cpp
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /blog/node_modules/node-sass/src/libsass/src/functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.hpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /blog/node_modules/node-sass/src/libsass/src/paths.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.hpp
- /blog/node_modules/node-sass/src/sass_types/color.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /blog/node_modules/node-sass/src/libsass/src/values.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.hpp
- /blog/node_modules/node-sass/src/sass_types/list.h
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /blog/node_modules/node-sass/src/libsass/src/json.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.cpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/checked.h
- /blog/node_modules/node-sass/src/libsass/src/listize.hpp
- /blog/node_modules/node-sass/src/sass_types/string.cpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.hpp
- /blog/node_modules/node-sass/src/sass_types/boolean.h
- /blog/node_modules/node-sass/src/libsass/include/sass2scss.h
- /blog/node_modules/node-sass/src/libsass/src/eval.cpp
- /blog/node_modules/node-sass/src/libsass/src/expand.cpp
- /blog/node_modules/node-sass/src/sass_types/factory.cpp
- /blog/node_modules/node-sass/src/libsass/src/operators.cpp
- /blog/node_modules/node-sass/src/sass_types/boolean.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.cpp
- /blog/node_modules/node-sass/src/sass_types/value.h
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /blog/node_modules/node-sass/src/callback_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/file.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /blog/node_modules/node-sass/src/libsass/src/operators.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.cpp
- /blog/node_modules/node-sass/src/sass_types/list.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/functions.h
- /blog/node_modules/node-sass/src/libsass/src/util.cpp
- /blog/node_modules/node-sass/src/custom_function_bridge.cpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/bind.cpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/backtrace.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.cpp
- /blog/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/debugger.hpp
- /blog/node_modules/node-sass/src/libsass/src/cencode.c
- /blog/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /blog/node_modules/node-sass/src/sass_types/number.cpp
- /blog/node_modules/node-sass/src/sass_types/color.h
- /blog/node_modules/node-sass/src/libsass/src/c99func.c
- /blog/node_modules/node-sass/src/libsass/src/position.cpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/values.h
- /blog/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /blog/node_modules/node-sass/src/sass_types/null.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/context.h
- /blog/node_modules/node-sass/src/libsass/src/to_c.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.cpp
- /blog/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /blog/node_modules/node-sass/src/libsass/src/lexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /blog/node_modules/node-sass/src/libsass/src/to_c.hpp
- /blog/node_modules/node-sass/src/sass_types/map.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.cpp
- /blog/node_modules/node-sass/src/libsass/src/b64/encode.h
- /blog/node_modules/node-sass/src/libsass/src/file.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.hpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.hpp
- /blog/node_modules/node-sass/src/binding.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /blog/node_modules/node-sass/src/libsass/src/debug.hpp
Vulnerability Details
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
Publish Date: 2018-12-04
URL: CVE-2018-19838
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19838
Fix Resolution: 3.5.5
Step up your Open Source Security Game with WhiteSource here
Simple Image Encode
function reverseImage(image) {
const canvas = document.createElement('canvas')
const {width, height} = image
Object.assign(canvas, {width, height})
const context= canvas.getContext('2d')
context.drawImage(image, 0, 0)
const {data} = context.getImageData(0, 0, width, height)
const imageData = new ImageData(
new Uint8ClampedArray(
Array.from(data).map(x => 255 - x).reverse()
),
height,
width
)
Object.assign(canvas,{width: height, height: width})
context.putImageData(imageData, 0, 0)
return canvas
}
function simpleImageEncode(imageUrl) {
return new Promsie(resolve => {
const image = new Image()
image.src = imageUrl
image.onload = () => {
resolve(reverseImage(image))
}
})
}Update: not safe, alpha value postion can't change, will lost color, should only switch postion of rgb value
CVE-2018-11694 High Severity Vulnerability detected by WhiteSource
CVE-2018-11694 - High Severity Vulnerability
Vulnerable Library - node-sassv4.11.0
🌈 Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Library Source Files (125)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /blog/node_modules/node-sass/src/libsass/src/expand.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
- /blog/node_modules/node-sass/src/libsass/src/output.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /blog/node_modules/node-sass/src/libsass/src/util.hpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.hpp
- /blog/node_modules/node-sass/src/libsass/src/lexer.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_node.cpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/base.h
- /blog/node_modules/node-sass/src/libsass/src/position.hpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /blog/node_modules/node-sass/src/libsass/src/operation.hpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /blog/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.cpp
- /blog/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /blog/node_modules/node-sass/src/libsass/src/functions.hpp
- /blog/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /blog/node_modules/node-sass/src/libsass/src/eval.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.cpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.cpp
- /blog/node_modules/node-sass/src/libsass/src/listize.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /blog/node_modules/node-sass/src/libsass/src/output.cpp
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /blog/node_modules/node-sass/src/libsass/src/functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.hpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /blog/node_modules/node-sass/src/libsass/src/paths.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.hpp
- /blog/node_modules/node-sass/src/sass_types/color.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /blog/node_modules/node-sass/src/libsass/src/values.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.hpp
- /blog/node_modules/node-sass/src/sass_types/list.h
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /blog/node_modules/node-sass/src/libsass/src/json.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.cpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/checked.h
- /blog/node_modules/node-sass/src/libsass/src/listize.hpp
- /blog/node_modules/node-sass/src/sass_types/string.cpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.hpp
- /blog/node_modules/node-sass/src/sass_types/boolean.h
- /blog/node_modules/node-sass/src/libsass/include/sass2scss.h
- /blog/node_modules/node-sass/src/libsass/src/eval.cpp
- /blog/node_modules/node-sass/src/libsass/src/expand.cpp
- /blog/node_modules/node-sass/src/sass_types/factory.cpp
- /blog/node_modules/node-sass/src/libsass/src/operators.cpp
- /blog/node_modules/node-sass/src/sass_types/boolean.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.cpp
- /blog/node_modules/node-sass/src/sass_types/value.h
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /blog/node_modules/node-sass/src/callback_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/file.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /blog/node_modules/node-sass/src/libsass/src/operators.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.cpp
- /blog/node_modules/node-sass/src/sass_types/list.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/functions.h
- /blog/node_modules/node-sass/src/libsass/src/util.cpp
- /blog/node_modules/node-sass/src/custom_function_bridge.cpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/bind.cpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/backtrace.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.cpp
- /blog/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/debugger.hpp
- /blog/node_modules/node-sass/src/libsass/src/cencode.c
- /blog/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /blog/node_modules/node-sass/src/sass_types/number.cpp
- /blog/node_modules/node-sass/src/sass_types/color.h
- /blog/node_modules/node-sass/src/libsass/src/c99func.c
- /blog/node_modules/node-sass/src/libsass/src/position.cpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/values.h
- /blog/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /blog/node_modules/node-sass/src/sass_types/null.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/context.h
- /blog/node_modules/node-sass/src/libsass/src/to_c.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.cpp
- /blog/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /blog/node_modules/node-sass/src/libsass/src/lexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /blog/node_modules/node-sass/src/libsass/src/to_c.hpp
- /blog/node_modules/node-sass/src/sass_types/map.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.cpp
- /blog/node_modules/node-sass/src/libsass/src/b64/encode.h
- /blog/node_modules/node-sass/src/libsass/src/file.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.hpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.hpp
- /blog/node_modules/node-sass/src/binding.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /blog/node_modules/node-sass/src/libsass/src/debug.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11694
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11499 High Severity Vulnerability detected by WhiteSource
CVE-2018-11499 - High Severity Vulnerability
Vulnerable Library - node-sassv4.11.0
🌈 Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Library Source Files (125)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /blog/node_modules/node-sass/src/libsass/src/expand.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
- /blog/node_modules/node-sass/src/libsass/src/output.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /blog/node_modules/node-sass/src/libsass/src/util.hpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.hpp
- /blog/node_modules/node-sass/src/libsass/src/lexer.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_node.cpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/base.h
- /blog/node_modules/node-sass/src/libsass/src/position.hpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /blog/node_modules/node-sass/src/libsass/src/operation.hpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /blog/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.cpp
- /blog/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /blog/node_modules/node-sass/src/libsass/src/functions.hpp
- /blog/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /blog/node_modules/node-sass/src/libsass/src/eval.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.cpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.cpp
- /blog/node_modules/node-sass/src/libsass/src/listize.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /blog/node_modules/node-sass/src/libsass/src/output.cpp
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /blog/node_modules/node-sass/src/libsass/src/functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.hpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /blog/node_modules/node-sass/src/libsass/src/paths.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.hpp
- /blog/node_modules/node-sass/src/sass_types/color.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /blog/node_modules/node-sass/src/libsass/src/values.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.hpp
- /blog/node_modules/node-sass/src/sass_types/list.h
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /blog/node_modules/node-sass/src/libsass/src/json.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.cpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/checked.h
- /blog/node_modules/node-sass/src/libsass/src/listize.hpp
- /blog/node_modules/node-sass/src/sass_types/string.cpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.hpp
- /blog/node_modules/node-sass/src/sass_types/boolean.h
- /blog/node_modules/node-sass/src/libsass/include/sass2scss.h
- /blog/node_modules/node-sass/src/libsass/src/eval.cpp
- /blog/node_modules/node-sass/src/libsass/src/expand.cpp
- /blog/node_modules/node-sass/src/sass_types/factory.cpp
- /blog/node_modules/node-sass/src/libsass/src/operators.cpp
- /blog/node_modules/node-sass/src/sass_types/boolean.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.cpp
- /blog/node_modules/node-sass/src/sass_types/value.h
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /blog/node_modules/node-sass/src/callback_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/file.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /blog/node_modules/node-sass/src/libsass/src/operators.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.cpp
- /blog/node_modules/node-sass/src/sass_types/list.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/functions.h
- /blog/node_modules/node-sass/src/libsass/src/util.cpp
- /blog/node_modules/node-sass/src/custom_function_bridge.cpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/bind.cpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/backtrace.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.cpp
- /blog/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/debugger.hpp
- /blog/node_modules/node-sass/src/libsass/src/cencode.c
- /blog/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /blog/node_modules/node-sass/src/sass_types/number.cpp
- /blog/node_modules/node-sass/src/sass_types/color.h
- /blog/node_modules/node-sass/src/libsass/src/c99func.c
- /blog/node_modules/node-sass/src/libsass/src/position.cpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/values.h
- /blog/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /blog/node_modules/node-sass/src/sass_types/null.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/context.h
- /blog/node_modules/node-sass/src/libsass/src/to_c.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.cpp
- /blog/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /blog/node_modules/node-sass/src/libsass/src/lexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /blog/node_modules/node-sass/src/libsass/src/to_c.hpp
- /blog/node_modules/node-sass/src/sass_types/map.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.cpp
- /blog/node_modules/node-sass/src/libsass/src/b64/encode.h
- /blog/node_modules/node-sass/src/libsass/src/file.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.hpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.hpp
- /blog/node_modules/node-sass/src/binding.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /blog/node_modules/node-sass/src/libsass/src/debug.hpp
Vulnerability Details
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Publish Date: 2018-05-26
URL: CVE-2018-11499
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
linux 安装记录
修改SSH端口
vi /etc/ssh/sshd_config重装系统
- https://www.94ish.me/1969.html
- https://moeclub.org/2018/04/03/603/
- https://tech.cxthhhhh.com/linux/2018/11/29/original-one-click-network-reinstall-system-magic-modify-version-for-linux-windows-cn.html
- https://github.com/hiCasper/Shell
# 更新
yum update -y
# 依赖
yum install -y xz openssl gawk file wget
# 下载脚本
wget -N --no-check-certificate "https://raw.githubusercontent.com/chiakge/installNET/master/Install.sh"
chmod +x Install.sh
./Install.sh更新源
https://www.oldking.net/697.html
wget --no-check-certificate https://git.io/superupdate.sh
chmod +x superupdate.sh
./superupdate.sh
开启bbr
wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && ./bbr.sh
uname -r
sysctl net.ipv4.tcp_available_congestion_control # 返回值有 bbr
sysctl net.ipv4.tcp_congestion_control # 返回值有 bbr
sysctl net.core.default_qdisc #返回值为 fq
lsmod | grep bbr # 返回值有 tcp_bbr
wget -N --no-check-certificate "https://raw.githubusercontent.com/chiakge/Linux-NetSpeed/master/tcp.sh"
chmod +x tcp.sh
./tcp.sh修改dns
vi /etc/sysconfig/network-scripts/ifcfg-eth0
# DNS1=1.1.1.1
# DNS2=8.8.8.8
关闭防火墙
systemctl disable firewalld
systemctl stop firewalld
ipv6
https://www.bandwagonhost.net/2144.html
https://www.thegeekdiary.com/how-to-enable-ipv6-on-centos-rhel-7/
性能测试
unixbench.sh
wget --no-check-certificate https://github.com/teddysun/across/raw/master/unixbench.sh
chmod +x unixbench.sh
./unixbench.sh
bench.sh
wget --no-check-certificate -qO bench.sh https://bench.sh/
chmod +x bench.sh
./bench.sh
superbench.sh
https://www.oldking.net/599.html
wget --no-check-certificate https://raw.githubusercontent.com/oooldking/script/master/superbench.sh
chmod +x superbench.sh
./superbench.sh
SuperSpeed.sh (网速)
https://www.oldking.net/305.html
wget https://raw.githubusercontent.com/oooldking/script/master/superspeed.sh
chmod +x superspeed.sh
./superspeed.sh
Zench
https://github.com/FunctionClub/ZBench
wget -N --no-check-certificate https://raw.githubusercontent.com/FunctionClub/ZBench/master/ZBench-CN.sh
chmod +x ZBench-CN.sh
./ZBench-CN.sh
Trojan
准备
yum install wget unzip -yBBR
wget -N --no-check-certificate https://raw.githubusercontent.com/chiakge/Linux-NetSpeed/master/tcp.sh
chmod +x tcp.sh
./tcp.sh安装
wget -N --no-check-certificate https://raw.githubusercontent.com/atrandys/trojan/master/trojan_mult.sh
chmod +x trojan_mult.sh
./trojan_mult.shhttps://www.atrandys.com/2019/1963.html
- 配置文件
/usr/src/trojan/server.conf - 重启
systemctl restart trojan - Web
/usr/share/nginx/html/
酸酸乳
ssr.sh
https://github.com/ToyoDAdoubi/doubi#ssrsh
https://doub.io/ss-jc42/
wget -N --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubi/doubi/master/ssr.sh
chmod +x ssr.sh
./ssr.sh
ssrmu.sh
https://github.com/ToyoDAdoubi/doubi#ssrmush
https://doub.io/ss-jc60/
wget -N --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubi/doubi/master/ssrmu.sh
chmod +x ssrmu.sh
./ssrmu.sh
brook
https://github.com/ToyoDAdoubi/doubi#brooksh
wget -N --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubi/doubi/master/brook.sh
chmod +x brook.sh
./brook.sh
v2ray
https://github.com/Jrohy/multi-v2ray
wget -qO multi-v2ray.sh https://multi.netlify.com/v2ray.sh
chmod +x multi-v2ray.sh
./multi-v2ray.sh
https://github.com/FunctionClub/V2ray.Fun
wget --no-check-certificate -qO v2ray.fun.sh https://raw.githubusercontent.com/FunctionClub/V2ray.Fun/master/install.sh
chmod +x v2ray.fun.sh
./v2ray.fun.sh
WireGuard
https://www.atrandys.com/2018/886.html
https://github.com/hongwenjun/vps_setup
wget https://git.io/wireguard.sh
chmod +x wireguard.sh
./wireguard.shNaïveProxy
https://gitlab.com/misakablog/naiveproxy-script
wget https://gitlab.com/misakablog/naiveproxy-script/-/raw/main/naiveproxy.sh
chmod +x naiveproxy.sh
./naiveproxy.shhightlight test
const config = require('../blog-config.js')
const localforage = require('localforage')
const template = require('lodash.template')
const marked = require('marked')
const Promise = window.Promise || require('es6-promise').Promise
const assign = Object.assign || require('object.assign')
const highlight = require('highlight.js')
marked.setOptions({
highlight: function(code) {
return highlight.highlightAuto(code).value;
}
})如何使用 github issues 来写博客
-
fork 这个 repo
https://github.com/fisker/blog -
git checkout 到本地
-
安装依赖
yarn
-
修改 blog-config.js
需要修改的地方
- name
- owner
- repo
- accessTokens
-
本地预览
npm run dev
-
发布
npm run publish
commit, push 到 github
在仓库的 settings 里面 找到 GitHub Pages 把 Source 修改为 master/docs 以后就可以访问了
https 和 自定义域名的问题可以用 https://www.netlify.com/ 解决
CVE-2018-19826 Medium Severity Vulnerability detected by WhiteSource
CVE-2018-19826 - Medium Severity Vulnerability
Vulnerable Library - node-sassv4.11.0
🌈 Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Library Source Files (125)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /blog/node_modules/node-sass/src/libsass/src/expand.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
- /blog/node_modules/node-sass/src/libsass/src/output.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /blog/node_modules/node-sass/src/libsass/src/util.hpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.hpp
- /blog/node_modules/node-sass/src/libsass/src/lexer.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_node.cpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/base.h
- /blog/node_modules/node-sass/src/libsass/src/position.hpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /blog/node_modules/node-sass/src/libsass/src/operation.hpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /blog/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.cpp
- /blog/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /blog/node_modules/node-sass/src/libsass/src/functions.hpp
- /blog/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /blog/node_modules/node-sass/src/libsass/src/eval.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.cpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.cpp
- /blog/node_modules/node-sass/src/libsass/src/listize.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /blog/node_modules/node-sass/src/libsass/src/output.cpp
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /blog/node_modules/node-sass/src/libsass/src/functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.hpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /blog/node_modules/node-sass/src/libsass/src/paths.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.hpp
- /blog/node_modules/node-sass/src/sass_types/color.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /blog/node_modules/node-sass/src/libsass/src/values.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.hpp
- /blog/node_modules/node-sass/src/sass_types/list.h
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /blog/node_modules/node-sass/src/libsass/src/json.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.cpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/checked.h
- /blog/node_modules/node-sass/src/libsass/src/listize.hpp
- /blog/node_modules/node-sass/src/sass_types/string.cpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.hpp
- /blog/node_modules/node-sass/src/sass_types/boolean.h
- /blog/node_modules/node-sass/src/libsass/include/sass2scss.h
- /blog/node_modules/node-sass/src/libsass/src/eval.cpp
- /blog/node_modules/node-sass/src/libsass/src/expand.cpp
- /blog/node_modules/node-sass/src/sass_types/factory.cpp
- /blog/node_modules/node-sass/src/libsass/src/operators.cpp
- /blog/node_modules/node-sass/src/sass_types/boolean.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.cpp
- /blog/node_modules/node-sass/src/sass_types/value.h
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /blog/node_modules/node-sass/src/callback_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/file.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /blog/node_modules/node-sass/src/libsass/src/operators.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.cpp
- /blog/node_modules/node-sass/src/sass_types/list.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/functions.h
- /blog/node_modules/node-sass/src/libsass/src/util.cpp
- /blog/node_modules/node-sass/src/custom_function_bridge.cpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/bind.cpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/backtrace.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.cpp
- /blog/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/debugger.hpp
- /blog/node_modules/node-sass/src/libsass/src/cencode.c
- /blog/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /blog/node_modules/node-sass/src/sass_types/number.cpp
- /blog/node_modules/node-sass/src/sass_types/color.h
- /blog/node_modules/node-sass/src/libsass/src/c99func.c
- /blog/node_modules/node-sass/src/libsass/src/position.cpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/values.h
- /blog/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /blog/node_modules/node-sass/src/sass_types/null.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/context.h
- /blog/node_modules/node-sass/src/libsass/src/to_c.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.cpp
- /blog/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /blog/node_modules/node-sass/src/libsass/src/lexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /blog/node_modules/node-sass/src/libsass/src/to_c.hpp
- /blog/node_modules/node-sass/src/sass_types/map.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.cpp
- /blog/node_modules/node-sass/src/libsass/src/b64/encode.h
- /blog/node_modules/node-sass/src/libsass/src/file.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.hpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.hpp
- /blog/node_modules/node-sass/src/binding.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /blog/node_modules/node-sass/src/libsass/src/debug.hpp
Vulnerability Details
In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters.
Publish Date: 2018-12-03
URL: CVE-2018-19826
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11698 High Severity Vulnerability detected by WhiteSource
CVE-2018-11698 - High Severity Vulnerability
Vulnerable Library - node-sassv4.11.0
🌈 Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Library Source Files (125)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /blog/node_modules/node-sass/src/libsass/src/expand.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
- /blog/node_modules/node-sass/src/libsass/src/output.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /blog/node_modules/node-sass/src/libsass/src/util.hpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.hpp
- /blog/node_modules/node-sass/src/libsass/src/lexer.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_node.cpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/base.h
- /blog/node_modules/node-sass/src/libsass/src/position.hpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /blog/node_modules/node-sass/src/libsass/src/operation.hpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /blog/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.cpp
- /blog/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /blog/node_modules/node-sass/src/libsass/src/functions.hpp
- /blog/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /blog/node_modules/node-sass/src/libsass/src/eval.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.cpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.cpp
- /blog/node_modules/node-sass/src/libsass/src/listize.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /blog/node_modules/node-sass/src/libsass/src/output.cpp
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /blog/node_modules/node-sass/src/libsass/src/functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.hpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /blog/node_modules/node-sass/src/libsass/src/paths.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.hpp
- /blog/node_modules/node-sass/src/sass_types/color.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /blog/node_modules/node-sass/src/libsass/src/values.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.hpp
- /blog/node_modules/node-sass/src/sass_types/list.h
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /blog/node_modules/node-sass/src/libsass/src/json.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.cpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/checked.h
- /blog/node_modules/node-sass/src/libsass/src/listize.hpp
- /blog/node_modules/node-sass/src/sass_types/string.cpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.hpp
- /blog/node_modules/node-sass/src/sass_types/boolean.h
- /blog/node_modules/node-sass/src/libsass/include/sass2scss.h
- /blog/node_modules/node-sass/src/libsass/src/eval.cpp
- /blog/node_modules/node-sass/src/libsass/src/expand.cpp
- /blog/node_modules/node-sass/src/sass_types/factory.cpp
- /blog/node_modules/node-sass/src/libsass/src/operators.cpp
- /blog/node_modules/node-sass/src/sass_types/boolean.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.cpp
- /blog/node_modules/node-sass/src/sass_types/value.h
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /blog/node_modules/node-sass/src/callback_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/file.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /blog/node_modules/node-sass/src/libsass/src/operators.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.cpp
- /blog/node_modules/node-sass/src/sass_types/list.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/functions.h
- /blog/node_modules/node-sass/src/libsass/src/util.cpp
- /blog/node_modules/node-sass/src/custom_function_bridge.cpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/bind.cpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/backtrace.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.cpp
- /blog/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/debugger.hpp
- /blog/node_modules/node-sass/src/libsass/src/cencode.c
- /blog/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /blog/node_modules/node-sass/src/sass_types/number.cpp
- /blog/node_modules/node-sass/src/sass_types/color.h
- /blog/node_modules/node-sass/src/libsass/src/c99func.c
- /blog/node_modules/node-sass/src/libsass/src/position.cpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/values.h
- /blog/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /blog/node_modules/node-sass/src/sass_types/null.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/context.h
- /blog/node_modules/node-sass/src/libsass/src/to_c.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.cpp
- /blog/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /blog/node_modules/node-sass/src/libsass/src/lexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /blog/node_modules/node-sass/src/libsass/src/to_c.hpp
- /blog/node_modules/node-sass/src/sass_types/map.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.cpp
- /blog/node_modules/node-sass/src/libsass/src/b64/encode.h
- /blog/node_modules/node-sass/src/libsass/src/file.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.hpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.hpp
- /blog/node_modules/node-sass/src/binding.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /blog/node_modules/node-sass/src/libsass/src/debug.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11698
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
获取 github access token
使用issues写博客的时候 如果用匿名的api会存在访问次数限制的问题。
可以一个公共的 access token 让用户来使用。
申请的办法 点击这个地址
勾上 repo/public_repo 就可以了
需要注意的是 access token不能出现在仓库的代码中,只要上传的代码中包含了这个 token, token 就会立即失效
变通的办法
let token = ['f6a841b6', 'a39cd242cba5970', 'b59488d68a23f05d4'].join('')
let token = 'f6a841b6' +'a39cd242cba5970b59488d68a23f05d4'
let token = atob('ZjZhODQxYjZhMzljZDI0MmNiYTU5NzBiNTk0ODhkNjhhMjNmMDVkNA')总之不要直接出现就可以了
CVE-2018-11693 High Severity Vulnerability detected by WhiteSource
CVE-2018-11693 - High Severity Vulnerability
Vulnerable Library - node-sassv4.11.0
🌈 Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Library Source Files (125)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /blog/node_modules/node-sass/src/libsass/src/expand.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
- /blog/node_modules/node-sass/src/libsass/src/output.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /blog/node_modules/node-sass/src/libsass/src/util.hpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.hpp
- /blog/node_modules/node-sass/src/libsass/src/lexer.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_node.cpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/base.h
- /blog/node_modules/node-sass/src/libsass/src/position.hpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /blog/node_modules/node-sass/src/libsass/src/operation.hpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /blog/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.cpp
- /blog/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /blog/node_modules/node-sass/src/libsass/src/functions.hpp
- /blog/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /blog/node_modules/node-sass/src/libsass/src/eval.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.cpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.cpp
- /blog/node_modules/node-sass/src/libsass/src/listize.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /blog/node_modules/node-sass/src/libsass/src/output.cpp
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /blog/node_modules/node-sass/src/libsass/src/functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.hpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /blog/node_modules/node-sass/src/libsass/src/paths.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.hpp
- /blog/node_modules/node-sass/src/sass_types/color.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /blog/node_modules/node-sass/src/libsass/src/values.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.hpp
- /blog/node_modules/node-sass/src/sass_types/list.h
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /blog/node_modules/node-sass/src/libsass/src/json.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.cpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/checked.h
- /blog/node_modules/node-sass/src/libsass/src/listize.hpp
- /blog/node_modules/node-sass/src/sass_types/string.cpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.hpp
- /blog/node_modules/node-sass/src/sass_types/boolean.h
- /blog/node_modules/node-sass/src/libsass/include/sass2scss.h
- /blog/node_modules/node-sass/src/libsass/src/eval.cpp
- /blog/node_modules/node-sass/src/libsass/src/expand.cpp
- /blog/node_modules/node-sass/src/sass_types/factory.cpp
- /blog/node_modules/node-sass/src/libsass/src/operators.cpp
- /blog/node_modules/node-sass/src/sass_types/boolean.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.cpp
- /blog/node_modules/node-sass/src/sass_types/value.h
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /blog/node_modules/node-sass/src/callback_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/file.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /blog/node_modules/node-sass/src/libsass/src/operators.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.cpp
- /blog/node_modules/node-sass/src/sass_types/list.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/functions.h
- /blog/node_modules/node-sass/src/libsass/src/util.cpp
- /blog/node_modules/node-sass/src/custom_function_bridge.cpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/bind.cpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/backtrace.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.cpp
- /blog/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/debugger.hpp
- /blog/node_modules/node-sass/src/libsass/src/cencode.c
- /blog/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /blog/node_modules/node-sass/src/sass_types/number.cpp
- /blog/node_modules/node-sass/src/sass_types/color.h
- /blog/node_modules/node-sass/src/libsass/src/c99func.c
- /blog/node_modules/node-sass/src/libsass/src/position.cpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/values.h
- /blog/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /blog/node_modules/node-sass/src/sass_types/null.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/context.h
- /blog/node_modules/node-sass/src/libsass/src/to_c.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.cpp
- /blog/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /blog/node_modules/node-sass/src/libsass/src/lexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /blog/node_modules/node-sass/src/libsass/src/to_c.hpp
- /blog/node_modules/node-sass/src/sass_types/map.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.cpp
- /blog/node_modules/node-sass/src/libsass/src/b64/encode.h
- /blog/node_modules/node-sass/src/libsass/src/file.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.hpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.hpp
- /blog/node_modules/node-sass/src/binding.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /blog/node_modules/node-sass/src/libsass/src/debug.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11693
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
nowrap 容器 下的 inline-block 子元素
inline-block 子元素 在 nowrap 容器下的宽度 可能和预期的不太一样
demo: https://jsfiddle.net/fisker/r96jnwda/
stackoverflow 上也有类似的提问
解决方案很多,可以自己尝试。
利用这点,倒是可以做一个布局的尝试
适用于一部分内容宽度固定 另一部分占据剩余空间的布局
好处是非常简单就可以垂直居中。
lnmp 重新编译 nginx , 支持 `brotli`
下载 ngx_brotli 模块
cd ~
git clone --recursive [email protected]:google/ngx_brotli.git修改 nginx 编译参数
cd ~/lnmp1.6
vi lnmp.conf在 Nginx_Modules_Options 增加
--add-module=/root/ngx_brotli
编译 nginx
./upgrade.sh nginx输入
版本号后,等待安装完成即可
启用 Brotli, 修改 nginx 的配置文件 增加
# brotli
brotli on;
brotli_comp_level 6;
brotli_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;
更多指令查看 https://github.com/google/ngx_brotli#configuration-directives
WS-2018-0210 Low Severity Vulnerability detected by WhiteSource
WS-2018-0210 - Low Severity Vulnerability
Vulnerable Library - lodash-4.17.5.tgz
Lodash modular utilities.
path: /tmp/git/blog/node_modules/lodash-cli/node_modules/lodash/package.json
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.5.tgz
Dependency Hierarchy:
- lodash-cli-4.17.5.tgz (Root Library)
- ❌ lodash-4.17.5.tgz (Vulnerable Library)
Vulnerability Details
In the node_module "lodash" before version 4.17.11 the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects.
Publish Date: 2018-11-25
URL: WS-2018-0210
CVSS 2 Score Details (3.5)
Base Score Metrics not available
Suggested Fix
Type: Change files
Origin: lodash/lodash@90e6199
Release Date: 2018-08-31
Fix Resolution: Replace or update the following files: lodash.js, test.js
Step up your Open Source Security Game with WhiteSource here
CVE-2018-19827 High Severity Vulnerability detected by WhiteSource
CVE-2018-19827 - High Severity Vulnerability
Vulnerable Library - node-sassv4.11.0
🌈 Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Library Source Files (125)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /blog/node_modules/node-sass/src/libsass/src/expand.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
- /blog/node_modules/node-sass/src/libsass/src/output.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /blog/node_modules/node-sass/src/libsass/src/util.hpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.hpp
- /blog/node_modules/node-sass/src/libsass/src/lexer.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_node.cpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/base.h
- /blog/node_modules/node-sass/src/libsass/src/position.hpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /blog/node_modules/node-sass/src/libsass/src/operation.hpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /blog/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.cpp
- /blog/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /blog/node_modules/node-sass/src/libsass/src/functions.hpp
- /blog/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /blog/node_modules/node-sass/src/libsass/src/eval.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.cpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.cpp
- /blog/node_modules/node-sass/src/libsass/src/listize.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /blog/node_modules/node-sass/src/libsass/src/output.cpp
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /blog/node_modules/node-sass/src/libsass/src/functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.hpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /blog/node_modules/node-sass/src/libsass/src/paths.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.hpp
- /blog/node_modules/node-sass/src/sass_types/color.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /blog/node_modules/node-sass/src/libsass/src/values.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.hpp
- /blog/node_modules/node-sass/src/sass_types/list.h
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /blog/node_modules/node-sass/src/libsass/src/json.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.cpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/checked.h
- /blog/node_modules/node-sass/src/libsass/src/listize.hpp
- /blog/node_modules/node-sass/src/sass_types/string.cpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.hpp
- /blog/node_modules/node-sass/src/sass_types/boolean.h
- /blog/node_modules/node-sass/src/libsass/include/sass2scss.h
- /blog/node_modules/node-sass/src/libsass/src/eval.cpp
- /blog/node_modules/node-sass/src/libsass/src/expand.cpp
- /blog/node_modules/node-sass/src/sass_types/factory.cpp
- /blog/node_modules/node-sass/src/libsass/src/operators.cpp
- /blog/node_modules/node-sass/src/sass_types/boolean.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.cpp
- /blog/node_modules/node-sass/src/sass_types/value.h
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /blog/node_modules/node-sass/src/callback_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/file.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /blog/node_modules/node-sass/src/libsass/src/operators.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.cpp
- /blog/node_modules/node-sass/src/sass_types/list.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/functions.h
- /blog/node_modules/node-sass/src/libsass/src/util.cpp
- /blog/node_modules/node-sass/src/custom_function_bridge.cpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/bind.cpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/backtrace.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.cpp
- /blog/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/debugger.hpp
- /blog/node_modules/node-sass/src/libsass/src/cencode.c
- /blog/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /blog/node_modules/node-sass/src/sass_types/number.cpp
- /blog/node_modules/node-sass/src/sass_types/color.h
- /blog/node_modules/node-sass/src/libsass/src/c99func.c
- /blog/node_modules/node-sass/src/libsass/src/position.cpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/values.h
- /blog/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /blog/node_modules/node-sass/src/sass_types/null.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/context.h
- /blog/node_modules/node-sass/src/libsass/src/to_c.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.cpp
- /blog/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /blog/node_modules/node-sass/src/libsass/src/lexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /blog/node_modules/node-sass/src/libsass/src/to_c.hpp
- /blog/node_modules/node-sass/src/sass_types/map.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.cpp
- /blog/node_modules/node-sass/src/libsass/src/b64/encode.h
- /blog/node_modules/node-sass/src/libsass/src/file.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.hpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.hpp
- /blog/node_modules/node-sass/src/binding.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /blog/node_modules/node-sass/src/libsass/src/debug.hpp
Vulnerability Details
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-12-03
URL: CVE-2018-19827
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2018-3720 High Severity Vulnerability detected by WhiteSource
CVE-2018-3720 - High Severity Vulnerability
Vulnerable Library - assign-deep-0.3.1.tgz
Deeply assign the enumerable properties of source objects to a destination object.
path: /tmp/git/blog/node_modules/assign-deep/package.json
Library home page: http://registry.npmjs.org/assign-deep/-/assign-deep-0.3.1.tgz
Dependency Hierarchy:
- gulp-dest-0.2.3.tgz (Root Library)
- placeholders-0.2.0.tgz
- ❌ assign-deep-0.3.1.tgz (Vulnerable Library)
- placeholders-0.2.0.tgz
Vulnerability Details
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2018-06-07
URL: CVE-2018-3720
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3720
Release Date: 2018-06-07
Fix Resolution: 0.4.7
Step up your Open Source Security Game with WhiteSource here
用 Response 代替 FileReader
Response: https://developer.mozilla.org/en-US/docs/Web/API/Response
FileReader: https://developer.mozilla.org/en-US/docs/Web/API/FileReader
Response是Promise的,而FileReader是基于事件的
同样读取一个文件
使用 FileReader
;(file => {
const fr = new FileReader()
fr.onload = () => {
console.log(
'FileReader.readAsText()',
fr.result
)
}
fr.readAsText(file)
})(new File(['hello from fisker.txt'], 'fisker.txt'))使用 Response 则优雅很多
;(async file => {
console.log(
'Response.text()',
await new Response(file).text()
)
})(new File(['hello from fisker.txt'], 'fisker.txt'))不过两者的api有很大不同,有些api没有对应的方法
FileReader.readAsArrayBuffer() -> Body.arrayBuffer()
FileReader.readAsBinaryString() -> 无
FileReader.readAsDataURL() -> 无
FileReader.readAsText() -> Body.text()
不过也不是很难实现
readAsBinaryString
document.createElement('canvas').toBlob(async file => {
// FileReader
const bin1 = await new Promise(resolve => {
const fr = new FileReader()
fr.onload = () => {
resolve(fr.result)
}
fr.readAsBinaryString(file)
})
console.log('FileReader.readAsBinaryString()', bin1)
// Response
const buffer = await new Response(file).arrayBuffer()
const bin2 = String.fromCharCode.apply(null, new Uint8Array(buffer))
console.log('Response.arrayBuffer()', bin1)
// 校验
console.log(`bin1 equals bin2: ${bin1 === bin2}`)
})readAsDataURL
;(async file => {
// FileReader
const url1 = await new Promise(resolve => {
const fr = new FileReader()
fr.onload = () => {
resolve(fr.result)
}
fr.readAsDataURL(file)
})
console.log('FileReader.readAsDataURL()', url1)
// Response
const buffer = await new Response(file).arrayBuffer()
const url2 = 'data:' + file.type + ';base64,' +
btoa(String.fromCharCode.apply(null, new Uint8Array(buffer)))
console.log('Response.arrayBuffer()', url2)
// 校验
console.log(`url1 equals url2: ${url1 === url2}`)
})(new File(['hello from fisker.txt'], 'fisker.txt', {type: 'text/plain'}))CVE-2017-18077 High Severity Vulnerability detected by WhiteSource
CVE-2017-18077 - High Severity Vulnerability
Vulnerable Library - brace-expansion-1.1.6.tgz
Brace expansion as known from sh/bash
path: /tmp/git/blog/node_modules/lodash-cli/node_modules/glob/node_modules/minimatch/node_modules/brace-expansion/package.json
Library home page: https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.6.tgz
Dependency Hierarchy:
- lodash-cli-4.17.5.tgz (Root Library)
- glob-7.1.1.tgz
- minimatch-3.0.3.tgz
- ❌ brace-expansion-1.1.6.tgz (Vulnerable Library)
- minimatch-3.0.3.tgz
- glob-7.1.1.tgz
Vulnerability Details
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
Publish Date: 2018-01-27
URL: CVE-2017-18077
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/338
Release Date: 2017-04-25
Fix Resolution: Upgrade to version 1.1.7 or later.
Step up your Open Source Security Game with WhiteSource here
resolve化promise
在上一篇 promise化的confirm 应该总是 resolved 提到 confirm 的设计
那么对于已有的 resolve/reject 的设计,该怎么让函数永远返回 resolved 的 promise
花了点时间写了个库 p-resolvify
比如 Element-ui 的 confirm 我们就可以
Vue.prototype.$confirm = resolvify(Vue.prototype.$confirm)或者
ELEMENT.MessageBox.confirm = resolvify(ELEMENT.MessageBox.confirm)就可以
let result = await this.$confirm('确定?')而不需要
let result
try {
result = await this.$confirm('确定?')
} catch(err) {
result = 'cancel'
}another test
test
promise化的confirm 应该总是 resolved
一些ui库把 confirm 设计成 类似
function badConfirm(msg) {
return window.confirm(msg)
? Promise.resolve(true)
: Promise.reject(true)
}那么使用的时候就可以
badConfirm('你确认吗?')
.then(() => console.log('确认'))
.catch(() => console.log('取消'))看起来很美好,直到你使用 await 的时候
(async () => {
let ok = false
try {
ok = await badConfirm('你确认吗?')
} catch (err) {}
console.log(ok ? '确定' : '取消')
})()因为你不用 try/catch 你的程序就报错了
写一两次可能还好,当你需要反复确认的时候,只有一个感觉想死
所以我推荐返回的primise总是resolved
async function goodConfirm(msg) {
return await window.confirm(msg)
}
// OR
function goodConfirm(msg) {
return new Promise(resolve => resolve(window.confirm(msg)))
}
// OR
function goodConfirm(msg) {
return Promise.resolve(window.confirm(msg))
}then 语法
goodConfirm('你确认吗?')
.then(ok => console.log(ok ? '确认' : '取消'))await 语法
(async () => {
let ok = await goodConfirm('你确认吗?')
console.log(ok ? '确定' : '取消')
})()在不使用 display:table 的情况下 让table-row适应宽度
应该不是很实用 但想了很久才搞定
关键代码:
::before {
/*
make sure content reach max-width of cell.
letter-spacing / font-size can be useful.
*/
content: "fisker is a genius.";
word-break: break-all;
display: block;
height: 0;
overflow: hidden;
}CVE-2018-16487 High Severity Vulnerability detected by WhiteSource
CVE-2018-16487 - High Severity Vulnerability
Vulnerable Library - lodash-4.17.5.tgz
Lodash modular utilities.
path: /tmp/git/blog/node_modules/lodash-cli/node_modules/lodash/package.json
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.5.tgz
Dependency Hierarchy:
- lodash-cli-4.17.5.tgz (Root Library)
- ❌ lodash-4.17.5.tgz (Vulnerable Library)
Vulnerability Details
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16487
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487
Release Date: 2019-02-01
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
CVE-2018-19797 Medium Severity Vulnerability detected by WhiteSource
CVE-2018-19797 - Medium Severity Vulnerability
Vulnerable Library - node-sassv4.11.0
🌈 Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Library Source Files (125)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /blog/node_modules/node-sass/src/libsass/src/expand.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
- /blog/node_modules/node-sass/src/libsass/src/output.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /blog/node_modules/node-sass/src/libsass/src/util.hpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.hpp
- /blog/node_modules/node-sass/src/libsass/src/lexer.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_node.cpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/base.h
- /blog/node_modules/node-sass/src/libsass/src/position.hpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /blog/node_modules/node-sass/src/libsass/src/operation.hpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /blog/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.cpp
- /blog/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /blog/node_modules/node-sass/src/libsass/src/functions.hpp
- /blog/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /blog/node_modules/node-sass/src/libsass/src/eval.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.cpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.cpp
- /blog/node_modules/node-sass/src/libsass/src/listize.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /blog/node_modules/node-sass/src/libsass/src/output.cpp
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /blog/node_modules/node-sass/src/libsass/src/functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.hpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /blog/node_modules/node-sass/src/libsass/src/paths.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.hpp
- /blog/node_modules/node-sass/src/sass_types/color.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /blog/node_modules/node-sass/src/libsass/src/values.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.hpp
- /blog/node_modules/node-sass/src/sass_types/list.h
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /blog/node_modules/node-sass/src/libsass/src/json.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.cpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/checked.h
- /blog/node_modules/node-sass/src/libsass/src/listize.hpp
- /blog/node_modules/node-sass/src/sass_types/string.cpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.hpp
- /blog/node_modules/node-sass/src/sass_types/boolean.h
- /blog/node_modules/node-sass/src/libsass/include/sass2scss.h
- /blog/node_modules/node-sass/src/libsass/src/eval.cpp
- /blog/node_modules/node-sass/src/libsass/src/expand.cpp
- /blog/node_modules/node-sass/src/sass_types/factory.cpp
- /blog/node_modules/node-sass/src/libsass/src/operators.cpp
- /blog/node_modules/node-sass/src/sass_types/boolean.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.cpp
- /blog/node_modules/node-sass/src/sass_types/value.h
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /blog/node_modules/node-sass/src/callback_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/file.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /blog/node_modules/node-sass/src/libsass/src/operators.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.cpp
- /blog/node_modules/node-sass/src/sass_types/list.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/functions.h
- /blog/node_modules/node-sass/src/libsass/src/util.cpp
- /blog/node_modules/node-sass/src/custom_function_bridge.cpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/bind.cpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/backtrace.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.cpp
- /blog/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/debugger.hpp
- /blog/node_modules/node-sass/src/libsass/src/cencode.c
- /blog/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /blog/node_modules/node-sass/src/sass_types/number.cpp
- /blog/node_modules/node-sass/src/sass_types/color.h
- /blog/node_modules/node-sass/src/libsass/src/c99func.c
- /blog/node_modules/node-sass/src/libsass/src/position.cpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/values.h
- /blog/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /blog/node_modules/node-sass/src/sass_types/null.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/context.h
- /blog/node_modules/node-sass/src/libsass/src/to_c.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.cpp
- /blog/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /blog/node_modules/node-sass/src/libsass/src/lexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /blog/node_modules/node-sass/src/libsass/src/to_c.hpp
- /blog/node_modules/node-sass/src/sass_types/map.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.cpp
- /blog/node_modules/node-sass/src/libsass/src/b64/encode.h
- /blog/node_modules/node-sass/src/libsass/src/file.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.hpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.hpp
- /blog/node_modules/node-sass/src/binding.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /blog/node_modules/node-sass/src/libsass/src/debug.hpp
Vulnerability Details
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-03
URL: CVE-2018-19797
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11697 High Severity Vulnerability detected by WhiteSource
CVE-2018-11697 - High Severity Vulnerability
Vulnerable Library - node-sassv4.11.0
🌈 Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Library Source Files (125)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /blog/node_modules/node-sass/src/libsass/src/expand.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
- /blog/node_modules/node-sass/src/libsass/src/output.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /blog/node_modules/node-sass/src/libsass/src/util.hpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.hpp
- /blog/node_modules/node-sass/src/libsass/src/lexer.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_node.cpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/base.h
- /blog/node_modules/node-sass/src/libsass/src/position.hpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /blog/node_modules/node-sass/src/libsass/src/operation.hpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /blog/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.cpp
- /blog/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /blog/node_modules/node-sass/src/libsass/src/functions.hpp
- /blog/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /blog/node_modules/node-sass/src/libsass/src/eval.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.cpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.cpp
- /blog/node_modules/node-sass/src/libsass/src/listize.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /blog/node_modules/node-sass/src/libsass/src/output.cpp
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /blog/node_modules/node-sass/src/libsass/src/functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.hpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /blog/node_modules/node-sass/src/libsass/src/paths.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.hpp
- /blog/node_modules/node-sass/src/sass_types/color.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /blog/node_modules/node-sass/src/libsass/src/values.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.hpp
- /blog/node_modules/node-sass/src/sass_types/list.h
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /blog/node_modules/node-sass/src/libsass/src/json.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.cpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/checked.h
- /blog/node_modules/node-sass/src/libsass/src/listize.hpp
- /blog/node_modules/node-sass/src/sass_types/string.cpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.hpp
- /blog/node_modules/node-sass/src/sass_types/boolean.h
- /blog/node_modules/node-sass/src/libsass/include/sass2scss.h
- /blog/node_modules/node-sass/src/libsass/src/eval.cpp
- /blog/node_modules/node-sass/src/libsass/src/expand.cpp
- /blog/node_modules/node-sass/src/sass_types/factory.cpp
- /blog/node_modules/node-sass/src/libsass/src/operators.cpp
- /blog/node_modules/node-sass/src/sass_types/boolean.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.cpp
- /blog/node_modules/node-sass/src/sass_types/value.h
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /blog/node_modules/node-sass/src/callback_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/file.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /blog/node_modules/node-sass/src/libsass/src/operators.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.cpp
- /blog/node_modules/node-sass/src/sass_types/list.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/functions.h
- /blog/node_modules/node-sass/src/libsass/src/util.cpp
- /blog/node_modules/node-sass/src/custom_function_bridge.cpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/bind.cpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/backtrace.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.cpp
- /blog/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/debugger.hpp
- /blog/node_modules/node-sass/src/libsass/src/cencode.c
- /blog/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /blog/node_modules/node-sass/src/sass_types/number.cpp
- /blog/node_modules/node-sass/src/sass_types/color.h
- /blog/node_modules/node-sass/src/libsass/src/c99func.c
- /blog/node_modules/node-sass/src/libsass/src/position.cpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/values.h
- /blog/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /blog/node_modules/node-sass/src/sass_types/null.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/context.h
- /blog/node_modules/node-sass/src/libsass/src/to_c.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.cpp
- /blog/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /blog/node_modules/node-sass/src/libsass/src/lexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /blog/node_modules/node-sass/src/libsass/src/to_c.hpp
- /blog/node_modules/node-sass/src/sass_types/map.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.cpp
- /blog/node_modules/node-sass/src/libsass/src/b64/encode.h
- /blog/node_modules/node-sass/src/libsass/src/file.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.hpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.hpp
- /blog/node_modules/node-sass/src/binding.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /blog/node_modules/node-sass/src/libsass/src/debug.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11697
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
lodash.template 生成的代码在严格模式下报错的解决办法
使用 lodash-cli
lodash template 生成的js 文件 因为使用了 with 语句,会在严格模式下报错
可以使用 Function 来执行代码 就可以避免这个问题了
const templates = Function('return' + code /* 生成的代码 */)()
// 压缩版的js 可能需要 手动删除开头的;参考 app.js
build 参数
lodash exports="none" \
iife="(function(){%output%;return templates})()" \
template=*.jst \
-o complied.jsAction required: Greenkeeper could not be activated 🚨
🚨 You need to enable Continuous Integration on all branches of this repository. 🚨
To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.
Since we didn’t receive a CI status on the greenkeeper/initial branch, it’s possible that you don’t have CI set up yet. We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.
If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/.
Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please delete the greenkeeper/initial branch in this repository, and then remove and re-add this repository to the Greenkeeper App’s white list on Github. You'll find this list on your repo or organization’s settings page, under Installed GitHub Apps.
WS-2019-0019 Medium Severity Vulnerability detected by WhiteSource
WS-2019-0019 - Medium Severity Vulnerability
Vulnerable Library - braces-1.8.5.tgz
Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.
path: /tmp/git/blog/node_modules/micromatch/node_modules/braces/package.json
Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz
Dependency Hierarchy:
- browser-sync-2.26.3.tgz (Root Library)
- micromatch-2.3.11.tgz
- ❌ braces-1.8.5.tgz (Vulnerable Library)
- micromatch-2.3.11.tgz
Vulnerability Details
Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Publish Date: 2019-02-21
URL: WS-2019-0019
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/786
Release Date: 2019-02-21
Fix Resolution: 2.3.1
Step up your Open Source Security Game with WhiteSource here
Action required: Greenkeeper could not be activated 🚨
🚨 You need to enable Continuous Integration on Greenkeeper branches of this repository. 🚨
To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.
Since we didn’t receive a CI status on the greenkeeper/initial branch, it’s possible that you don’t have CI set up yet. We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.
If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/.
Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please click the 'fix repo' button on account.greenkeeper.io.
CVE-2017-1000048 High Severity Vulnerability detected by WhiteSource
CVE-2017-1000048 - High Severity Vulnerability
Vulnerable Library - qs-6.2.3.tgz
A querystring parser that supports nesting and arrays, with a depth limit
path: /tmp/git/blog/node_modules/qs/package.json
Library home page: https://registry.npmjs.org/qs/-/qs-6.2.3.tgz
Dependency Hierarchy:
- browser-sync-2.26.3.tgz (Root Library)
- ❌ qs-6.2.3.tgz (Vulnerable Library)
Vulnerability Details
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.
Publish Date: 2017-07-17
URL: CVE-2017-1000048
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Change files
Origin: ljharb/qs@c709f6e
Release Date: 2017-03-06
Fix Resolution: Replace or update the following files: parse.js, parse.js, utils.js
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11695 High Severity Vulnerability detected by WhiteSource
CVE-2018-11695 - High Severity Vulnerability
Vulnerable Library - node-sassv4.11.0
🌈 Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Library Source Files (125)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /blog/node_modules/node-sass/src/libsass/src/expand.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
- /blog/node_modules/node-sass/src/libsass/src/output.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /blog/node_modules/node-sass/src/libsass/src/util.hpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.hpp
- /blog/node_modules/node-sass/src/libsass/src/lexer.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_node.cpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/base.h
- /blog/node_modules/node-sass/src/libsass/src/position.hpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /blog/node_modules/node-sass/src/libsass/src/operation.hpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /blog/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.cpp
- /blog/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /blog/node_modules/node-sass/src/libsass/src/functions.hpp
- /blog/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /blog/node_modules/node-sass/src/libsass/src/eval.hpp
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.cpp
- /blog/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/emitter.cpp
- /blog/node_modules/node-sass/src/libsass/src/listize.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /blog/node_modules/node-sass/src/libsass/src/output.cpp
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /blog/node_modules/node-sass/src/libsass/src/functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.hpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /blog/node_modules/node-sass/src/libsass/src/paths.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.hpp
- /blog/node_modules/node-sass/src/sass_types/color.cpp
- /blog/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /blog/node_modules/node-sass/src/libsass/src/values.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.hpp
- /blog/node_modules/node-sass/src/sass_types/list.h
- /blog/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /blog/node_modules/node-sass/src/libsass/src/json.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.cpp
- /blog/node_modules/node-sass/src/libsass/src/units.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.cpp
- /blog/node_modules/node-sass/src/libsass/src/utf8/checked.h
- /blog/node_modules/node-sass/src/libsass/src/listize.hpp
- /blog/node_modules/node-sass/src/sass_types/string.cpp
- /blog/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/context.hpp
- /blog/node_modules/node-sass/src/sass_types/boolean.h
- /blog/node_modules/node-sass/src/libsass/include/sass2scss.h
- /blog/node_modules/node-sass/src/libsass/src/eval.cpp
- /blog/node_modules/node-sass/src/libsass/src/expand.cpp
- /blog/node_modules/node-sass/src/sass_types/factory.cpp
- /blog/node_modules/node-sass/src/libsass/src/operators.cpp
- /blog/node_modules/node-sass/src/sass_types/boolean.cpp
- /blog/node_modules/node-sass/src/libsass/src/source_map.cpp
- /blog/node_modules/node-sass/src/sass_types/value.h
- /blog/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /blog/node_modules/node-sass/src/callback_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/file.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass.cpp
- /blog/node_modules/node-sass/src/libsass/src/node.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /blog/node_modules/node-sass/src/libsass/src/operators.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass.hpp
- /blog/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /blog/node_modules/node-sass/src/libsass/src/parser.hpp
- /blog/node_modules/node-sass/src/libsass/src/constants.cpp
- /blog/node_modules/node-sass/src/sass_types/list.cpp
- /blog/node_modules/node-sass/src/libsass/src/cssize.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/functions.h
- /blog/node_modules/node-sass/src/libsass/src/util.cpp
- /blog/node_modules/node-sass/src/custom_function_bridge.cpp
- /blog/node_modules/node-sass/src/custom_importer_bridge.h
- /blog/node_modules/node-sass/src/libsass/src/bind.cpp
- /blog/node_modules/node-sass/src/libsass/src/inspect.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /blog/node_modules/node-sass/src/libsass/src/backtrace.cpp
- /blog/node_modules/node-sass/src/libsass/src/extend.cpp
- /blog/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /blog/node_modules/node-sass/src/libsass/src/debugger.hpp
- /blog/node_modules/node-sass/src/libsass/src/cencode.c
- /blog/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /blog/node_modules/node-sass/src/sass_types/number.cpp
- /blog/node_modules/node-sass/src/sass_types/color.h
- /blog/node_modules/node-sass/src/libsass/src/c99func.c
- /blog/node_modules/node-sass/src/libsass/src/position.cpp
- /blog/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /blog/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/values.h
- /blog/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /blog/node_modules/node-sass/src/sass_types/null.cpp
- /blog/node_modules/node-sass/src/libsass/src/ast.cpp
- /blog/node_modules/node-sass/src/libsass/include/sass/context.h
- /blog/node_modules/node-sass/src/libsass/src/to_c.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.hpp
- /blog/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /blog/node_modules/node-sass/src/sass_context_wrapper.cpp
- /blog/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /blog/node_modules/node-sass/src/libsass/src/lexer.hpp
- /blog/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /blog/node_modules/node-sass/src/libsass/src/to_c.hpp
- /blog/node_modules/node-sass/src/sass_types/map.cpp
- /blog/node_modules/node-sass/src/libsass/src/to_value.cpp
- /blog/node_modules/node-sass/src/libsass/src/b64/encode.h
- /blog/node_modules/node-sass/src/libsass/src/file.hpp
- /blog/node_modules/node-sass/src/libsass/src/environment.hpp
- /blog/node_modules/node-sass/src/libsass/src/plugins.hpp
- /blog/node_modules/node-sass/src/binding.cpp
- /blog/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /blog/node_modules/node-sass/src/libsass/src/debug.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11695
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
小米路由器3 padavan 记录
周末折腾了下路由器,绕了很多弯路。这里记录下
其实主要原因是周末没带电脑回去,翻出台老爷机实在太卡
-
首先是操作系统,任意台linux即可, Ubuntu on Windows 10 不知道可不可以,甚至cygwin,如果有环境了,就不用按网上那些教程下载虚拟机了。我一开始不知道 ****的下了台俄语的 debian, 被坑的太惨了。然后我还不知道 export LANG 就会使得脚本变成其他语言,看了好久好久的俄语界面。。。
-
脚本 直接 curl/wget 这两个脚本中的一个即可 http://pm.freize.net/script/ ,网上的教程大多叫你下 start-99.sh, 实际上我用的就是 start-100.sh, 粗略比较 主要是 git 库不一样。另外脚本里面其实有很多无用的代码 可以删掉一些再运行。基本上 start-100.sh 的 33-80行都没什么用
-
然后是 ssh 的获取,直接小米网站申请的 root 密码即可,教程上非要你刷低版本的固件,如果你已经有了 root 密码,就完全是浪费时间。
-
toolchain 的编译,这里因为我当时是编译了,不太确定。可能也不太需要
-
固件的编译,DON'T 编译了也是浪费时间。因为你最后还是要刷 hiboyhiboy 的版本。直接到 http://opt.cn2qq.com/ 下载 现成的 trx文件 到 start.sh 所在的目录 trx_archive 文件夹 不知道这个文件夹的名字为什么没有人提,代码在 update/start.sh 的 约2176行 要不是我用的老爷机太卡 我就读源代码找到了,浪费了很多时间。我是看了下编译脚本 以为是在 (git-repo)/trunk/images/ 然后就下载到这个文件夹了。而且脚本也显示识别了,但就是刷不进去。
-
然后就是刷的过程 直接开刷即可,不用编译 firmware 里面 从archive选择一个固件即可。
-
补充个,我的重启失败了,然后按住 reset 再重启好像是对了。 另外刷机的脚本可能告诉你路由器新 ip 是不对的。 hiboyhiboy 的版本 ip 默认是 192.168.123.1。 节点名字也不是脚本上的 ASUS 而是 PDCN
纯粹是备忘和吐槽,不是教程
2019.3.26 update
看了下内容,发现太久,我好些已经忘记了,回忆下步骤,要看懂下面的话需要一点点 linux 知识,不懂就自己搜,如果你有足够的知识,建议遇到问题的时候多看源代码,比找教程快
wget http://pm.freize.net/script/start-100.sh然后 ctrl+c 退出
在 http://opt.cn2qq.com/padavan/ 找到合适的 trx
cd trx_archive # 不知道默认有没有,没有就自己 mkdir trx_archive
wget http://opt.cn2qq.com/padavan/【你需要的trx】.trx
cd ..
./start.sh然后选 "4") find-firmware (这个就我在源代码找的,这么久我肯定不记得菜单了),就可以选择你下载的 trx 文件继续
WS-2017-0206 Medium Severity Vulnerability detected by WhiteSource
WS-2017-0206 - Medium Severity Vulnerability
Vulnerable Library - brace-expansion-1.1.6.tgz
Brace expansion as known from sh/bash
path: /tmp/git/blog/node_modules/lodash-cli/node_modules/glob/node_modules/minimatch/node_modules/brace-expansion/package.json
Library home page: https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.6.tgz
Dependency Hierarchy:
- lodash-cli-4.17.5.tgz (Root Library)
- glob-7.1.1.tgz
- minimatch-3.0.3.tgz
- ❌ brace-expansion-1.1.6.tgz (Vulnerable Library)
- minimatch-3.0.3.tgz
- glob-7.1.1.tgz
Vulnerability Details
Brace-expansion is a module to support bash-like brace expansion in JavaScript.
For example,{1,2,3,4} would expand to 1 2 3 4. brace expansion versions before 1.1.7 are vulnerable to Regular Expression Denial of Service attacks.
Publish Date: 2017-04-25
URL: WS-2017-0206
CVSS 2 Score Details (6.2)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/338
Release Date: 2017-01-31
Fix Resolution: 1.1.7
Step up your Open Source Security Game with WhiteSource here
CSS 颜色 正则
前几天想写个匹配颜色的正则,开始写的时候才发现,这个正则太长了
先了解下 css 中颜色的定义
参考 https://developer.mozilla.org/en-US/docs/Web/CSS/color_value
css 的颜色值
关键词
CSS 1
black, silver, gray, white, maroon, red, purple, fuchsia, green, lime, olive, yellow, navy, blue, teal, aqua
CSS 2.1
orange
CSS 3
aliceblue, antiquewhite, aquamarine, azure, beige, bisque, blanchedalmond, blueviolet, brown, burlywood, cadetblue, chartreuse, chocolate, coral, cornflowerblue, cornsilk, crimson, cyan, darkblue, darkcyan, darkgoldenrod, darkgray, darkgreen, darkgrey, darkkhaki, darkmagenta, darkolivegreen, darkorange, darkorchid, darkred, darksalmon, darkseagreen, darkslateblue, darkslategray, darkslategrey, darkturquoise, darkviolet, deeppink, deepskyblue, dimgray, dimgrey, dodgerblue, firebrick, floralwhite, forestgreen, gainsboro, ghostwhite, gold, goldenrod, greenyellow, grey, honeydew, hotpink, indianred, indigo, ivory, khaki, lavender, lavenderblush, lawngreen, lemonchiffon, lightblue, lightcoral, lightcyan, lightgoldenrodyellow, lightgray, lightgreen, lightgrey, lightpink, lightsalmon, lightseagreen, lightskyblue, lightslategray, lightslategrey, lightsteelblue, lightyellow, limegreen, linen, magenta, mediumaquamarine, mediumblue, mediumorchid, mediumpurple, mediumseagreen, mediumslateblue, mediumspringgreen, mediumturquoise, mediumvioletred, midnightblue, mintcream, mistyrose, moccasin, navajowhite, oldlace, olivedrab, orangered, orchid, palegoldenrod, palegreen, paleturquoise, palevioletred, papayawhip, peachpuff, peru, pink, plum, powderblue, rosybrown, royalblue, saddlebrown, salmon, sandybrown, seagreen, seashell, sienna, skyblue, slateblue, slategray, slategrey, snow, springgreen, steelblue, tan, thistle, tomato, turquoise, violet, wheat, whitesmoke, yellowgreen
CSS 4
rebeccapurple
另外还有两个关键词
transparent 和 currentColor
RGB 颜色
十六进制的颜色值
以#开头长度有 3, 4, 6, 8 共4种长度
rgb/rgba 函数
一般我们常用 rgb(255, 255, 255) 或者 rgba(0, 0, 0, 0)
但实际上 百分比也是可以的, 甚至还可以浮点数, 参数列表的逗号甚至也可以省略,
hls/hlsa 函数
一般我们常用 hsl(0, 100%, 50%) 或者 hsl(0, 100%, 50%, 1),这里函数也和rgb一样,非常多的格式
尝试写出这个正则,先整理下思路
// 关键词 很简单,直接列出来就行了
var keywords = 'black|silver|...'
// 16进制 这个也很简单 4种长度都列出来就行了
var hex = '#(?:[0-9a-f]{3}|[0-9a-f]{4}|[0-9a-f]{6}|[0-9a-f]{8})'
// rgb, 这里我只考虑常用的,其他的太复杂,也不常用,而且兼容性也没有很好
var rgb = 'rgb\\(\\s*\\d+\\s*,\\s*\\d+\\s*,\\s*\\d+\\s*\)'
// rgb开头一对括号里面3个允许有空格的整数
// 后面还有 rgba, hsl, hsla 都是类似的 所以我定义了一个函数来生成这个
function getFunctionalStringRe(func, args) {
return func + '\\(' + args.map(function(arg) {
return '\\s*' + arg + '\\s*'
}).join(',') + '\\)'
}
var rgb = getFunctionalStringRe('rgb', ['\\d+', '\\d+', '\\d+'])
var rgba = getFunctionalStringRe('rgba', ['\\d+', '\\d+', '\\d+', '[.\\d]+'])
var hsl = getFunctionalStringRe('hsl', ['\\d+', '[.\\d]+%', '[.\\d]+%'])
var hsla = getFunctionalStringRe('hsla', ['\\d+', '[.\\d]+%', '[.\\d]+%', '[.\\d]+'])
// 最后把这些合并起来就行了
var str = '^' +
'(?:' + [keywords, hex, rgb, rgba, hsl, hsla].join('|') + ')'
+ '$'
var re = new RegExp(str, 'i')完整代码
const colorRe = (function() {
function getFunctionalStringRe(func, args) {
return func + '\\(' + args.map(function(arg) {
return '\\s*' + arg + '\\s*'
}).join(',') + '\\)'
}
const keywords = 'black|silver|gray|white|maroon|red|purple|fuchsia|green|lime|olive|yellow|navy|blue|teal|aqua|orange|aliceblue|antiquewhite|aquamarine|azure|beige|bisque|blanchedalmond|blueviolet|brown|burlywood|cadetblue|chartreuse|chocolate|coral|cornflowerblue|cornsilk|crimson|cyan|darkblue|darkcyan|darkgoldenrod|darkgray|darkgreen|darkgrey|darkkhaki|darkmagenta|darkolivegreen|darkorange|darkorchid|darkred|darksalmon|darkseagreen|darkslateblue|darkslategray|darkslategrey|darkturquoise|darkviolet|deeppink|deepskyblue|dimgray|dimgrey|dodgerblue|firebrick|floralwhite|forestgreen|gainsboro|ghostwhite|gold|goldenrod|greenyellow|grey|honeydew|hotpink|indianred|indigo|ivory|khaki|lavender|lavenderblush|lawngreen|lemonchiffon|lightblue|lightcoral|lightcyan|lightgoldenrodyellow|lightgray|lightgreen|lightgrey|lightpink|lightsalmon|lightseagreen|lightskyblue|lightslategray|lightslategrey|lightsteelblue|lightyellow|limegreen|linen|magenta|mediumaquamarine|mediumblue|mediumorchid|mediumpurple|mediumseagreen|mediumslateblue|mediumspringgreen|mediumturquoise|mediumvioletred|midnightblue|mintcream|mistyrose|moccasin|navajowhite|oldlace|olivedrab|orangered|orchid|palegoldenrod|palegreen|paleturquoise|palevioletred|papayawhip|peachpuff|peru|pink|plum|powderblue|rosybrown|royalblue|saddlebrown|salmon|sandybrown|seagreen|seashell|sienna|skyblue|slateblue|slategray|slategrey|snow|springgreen|steelblue|tan|thistle|tomato|turquoise|violet|wheat|whitesmoke|yellowgreen|rebeccapurple|transparent|currentColor'
const hex = '#(?:[0-9a-f]{3}|[0-9a-f]{4}|[0-9a-f]{6}|[0-9a-f]{8})'
const rgb = getFunctionalStringRe('rgb', ['\\d+', '\\d+', '\\d+'])
const rgba = getFunctionalStringRe('rgba', ['\\d+', '\\d+', '\\d+', '[.\\d]+'])
const hsl = getFunctionalStringRe('hsl', ['\\d+', '[\\d]+%', '[.\\d]+%'])
const hsla = getFunctionalStringRe('hsla', ['\\d+', '[.\\d]+%', '[.\\d]+%', '[.\\d]+'])
return new RegExp('^' +
'(?:' + [keywords, hex, rgb, rgba, hsl, hsla].join('|') + ')'
+ '$', 'i')
})()
console.log(colorRe)除去关键词,仍然有200多个字符,算是比较复杂的一个正则了。
http://fiddle.jshell.net/fisker/bpqa4trc/14/show/light
如代码的注释所言,还有很多合法的颜色值没有被通过,可以再尝试改进
ios 蒙层无法触发点击事件的解决办法
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.