Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 1 year ago.
Improve this question
I have a project, written in C++, and built into docker image. I used some opensource libraries (nlohmann json, gtest, cpr etc) in my project.
Now, i was trying to find open source vulnerabilities using Whitesource Bolt. I added the extension to Azure pipeline task.
I wonder, how Whitesource Bolt identifies vulnerabilities in those opensource modules. i read that, they will create a digital signature and compare it with their database.
But, can anyone describe how they are creating digital signature, or how they are identifying open source modules in our code ?
Every open source modules have their special digital signature. Whitesource Bolt calculates these digital signatures to find open source modules.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 1 year ago.
Improve this question
I'm developing a golang project and a shared module simultaneously.
I feel the process is annoying If shared module is modified.
steps:
write something in shared module and give it a new GIT tag.
get latest module version in my project
test, if any bug is found, back to step (1)
Can anyone give a more efficient way?
While you're developing, I'd recommend just using replace directives in your go.mod to make any changes in dependencies instantly visible (regardless of version) to client code.
E.g. if you have package "client" using package "auth":
$SOMEDIR/client/go.mod would replace dependency on client with $SOMEDIR/auth, and now you can just develop the two alongside each other in $SOMEDIR, commit changes to source control, etc.
When you're ready to "ship" it, you'll have to create an actual version for these modules. That is, if you even want auth to be separately usable from client. Consider keeping everything as private as possible (using internal).
Read this official documentation on the subject for more details
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I have to hack (for learning purpose) a windows server through Local File Inclusion. I have a web application that is vulnerable to Local File Inclusion
I'm trying to include SAM file from windows/repair/SAM. But when i include the file strange symbols appear (as you can see in the pictures below).
How can I read the hash password in clear?
The SAM file is a registry hive, so you need to study and parse the registry hive file format. You can find its description here:
https://jadro-windows.cz/download/registry-m.zip
https://jadro-windows.cz/download/registry-pn.zip
source code of the chntpw project
Offline Registry Library (https://msdn.microsoft.com/en-us/library/ee210757(v=vs.85).aspx) – this library allows you to parse registry hive files.
I doubt the password are stored in plain text. You can find their hashes (NTLM), so you need to crack them, e.g. using rainbow tables (
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I am planning to use GO to build a CLI tool executed in native system shell rather than a separate shell.
What packages for GO can be used for this purpose other than codegangsta/cli ?
Additionally,
Is there any package to get REST API call support (such as curl)
in GO?
curl has an interesting implementation in Go with astaxie/bat
Go implemented CLI cURL-like tool for humans. Bat can be used for testing, debugging, and generally interacting with HTTP servers.
That means you needs to implement your REST server in order for any curl-like tool to interact with it.
See for instance "Making a RESTful JSON API in Go".
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I would love to know the technology stacks behind YouTrack and TeamCity. Their UX is pretty good.
YouTrack is built using JetBrains MPS, so one can expect a heavy use of DSLs inside for database access, web layer and other routine tasks. DSLs are compiled into Java/JS. There is an interesting case study document, where developers are summarizing their experience with MPS during YouTrack development.
YouTrack uses custom in-house nosql solution as a persistence backend. I was always woundering if they're planning to release it as open source.
From a web layer perspective I found nothing unexpected: JQuery + ton of custom javascript on top of it. Rest API is powered by Oracle Jersey.
As for deployment, one can either run a JAR file, which has an embedded Jetty container inside, or deploy the application inside a Servlet container.
(information is taken from the public sources: articles, conference talks, webinars, etc)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
Like this done in
http://directory.fsf.org/
http://www.ohloh.net/
so anyone in our company (include bosses) can look:
what projects exist (good to have web search capability)
who is primary mainteners, responsible employees
provide CHANGES, latest version
point to BTS (Trac/Mantis), VCS (SVN/Git/HG), Wiki, Mail list, NNTP, Night build, CI build, etc...
may be provide some summary info based on activity on BTS/VCS (how many opened bugs, how often and who commit)
I don't need extra features as Wiki. and package must work with several existing sofware management/development tools, and does not restricted with Java/C#...
I look on WEB without happen as don't know gold "keywords". Search on StackExchange also don't show any result.
Some requested features available in enterprise application architecture for project hosting (like KForge, FusionForge, GForge) but thay too complex and dictate toolset for teams...
Seems that all existing software directory project built in house and their sources are not released for public.
Look for most complete list of software directories enabled site that I found. Only OpenSymphony provide sources of some components.
So complete lightweight solution does not exist currently.
I going to write own...