Identifying Vulnerabilities in Code Using Horusec
By Indra Pranesh Palanisamy
March 28, 2023
Horusec is an open source tool which, by orchestrating other security tools, identifies security flaws and vulnerabilities in source code. It puts all the possible vulnerabilities it finds into a database for analysis.
Currently, Horusec supports C#, Java, Kotlin, Python, Ruby, Go, JavaScript, TypeScript, PHP, Swift, C, Dart, Elixir, shell, Terraform, Kubernetes, nginx, HTML, and JSON. You can see an up-to-date list of supported languages in Horusec’s docs.
It can also be integrated with CI/CD to execute the scan every time a developer creates a pull request or merge request.
Horusec CLI Installation
Requirements: Docker, Git.
The easiest installation method listed in the docs is curling Horusec’s install script and piping it into bash:
curl -fsSL https://raw.githubusercontent.com/ZupIT/horusec/main/deployments/scripts/install.sh | bash -s latest
Be aware that there is risk to piping unseen commands into the shell like this: It can lead to unintended consequences and it is a bad security practice.
If a user blindly pipes the output of a website response to be run by a shell without fully understanding what each command does, they may inadvertently execute malicious …
security casepointer epitrax
Interchange 3rd Party Tax Support
By Mark Johnson
March 21, 2023
New 3rd-party tax API support has been added to core Interchange1.
In the wake of the Wayfair court decision2, many businesses running Interchange catalogs lack the necessary tools for full compliance. A new translation layer has been created in Vend::Tax to connect the standard sales tax structures and routines that operate within Interchange, and the development of vendor-specific 3rd-party tax providers. The goal of the Vend::Tax framework is to create a space to allow for development of any number of vendor-specific tax services to support tax calculation in Interchange.
Vend::Tax defines 3 new tags to support its function:
[tax-lookup]: Returns calculated tax amount determined by specific 3rd-party provider. Tax may be estimated or live lookup, depending on settings. Data required to calculate tax will be provider dependent.[load-tax-averages]: Requests and stores tax averages for running in estimate mode, for providers that support it. Stores estimates by default in thetax_averagestable. Further, allows for local tracking of jurisdictions with nexus, which can be used by live lookups to determine if a particular lookup can be skipped entirely. Seeload_tax_averagesJob …
ecommerce payments interchange
Getting started with Java development using Visual Studio Code
By Trevor Slocum
March 17, 2023
Photo by Garrett Skinner, 2022
Visual Studio Code is a free source-code editor available for Windows, macOS, and Linux. While it includes a lot of features out of the box, you will likely need to extend its functionality to suit your purpose for using it. There are many extensions available, each providing their own set of features and functions.
In this guide we will install the Extension Pack for Java, which is a bundle of several extensions. Installing this extension pack will add the following features to Visual Studio Code:
- Java language support for parsing and highlighting our code
- Java test runner for testing our code
- Java debugger for debugging our code
- Java project manager for managing resources related to our code
- Maven support for building and packaging our code
Note: This guide assumes you have already installed a Java Development Kit. If you haven’t done that yet, OpenJDK is a great option.
Step 1: Install Visual Studio Code
If you haven’t yet, download Visual Studio Code and install it. If you need more help with this step, review the installation instructions linked on this page. Click the link that applies to your operating system to access the …
programming java vscode
Programming the Intel NDP in 1983
By Jeremy Freeman
March 12, 2023
The Beginning
I graduated from St. John’s College in Annapolis in 1980. It was an intensive four-year education in math, science, language, poetry, and philosophy. Two years later, I took four computer classes at a community college, and got my first IT job in 1983 at the beginning of the personal computer revolution.
There were two of us: Steve, the owner of the company, and I, working literally in his garage. I was just a fledgling, uncertain and doubtful of my own ability. The IBM PC had come out the summer before, a device IBM seemed to regard as little more than a toy. Steve was by profession a physicist.
Steve noticed the PC had an empty socket on the motherboard, next to the Intel 8088 CPU. He guessed it was for Intel’s 8087 Numeric Data Processor (NDP), also known as a math co-processor, that was designed as a companion to Intel’s 8088/86.
The CPU could operate perfectly well on its own, but if the NDP was installed, they would both read the same code stream. The CPU would ignore NDP instructions and let the NDP execute them. The NDP would ignore non-NDP instructions and let the CPU execute them. While the 8088/86 is running code, it can’t do anything else. With the NDP, …
mathematics hardware programming
Interchange rust_link connector
By Jon Jensen
March 6, 2023
The Interchange ecommerce system recently reached 27 years old, measuring from the first public release of its predecessor MiniVend by its creator Mike Heins. It is still hard at work in quite a few ecommerce sites, serving pages, accepting and processing orders, managing warehouse logistics, and more. That is quite an accomplishment in the software world!
The Interchange server/daemon
Interchange is written in Perl and runs on Linux and other Unix-like servers as a daemon (persistent background process) that listens for requests. Why does it need to run as a daemon?
Like many applications, Interchange starts with a relatively slow initialization procedure that takes a couple of seconds to compile code, load modules, read configuration, connect to databases, and validate everything. We want it to do that only once when the daemon is started, and not for each user request, so it can make quick responses.
Web server connector
General-purpose web servers normally sit in front of an application server, optimized to make speedy encrypted TLS sessions for HTTPS, control access to resources, log requests, redirect old URLs, route traffic to various applications, and directly serve …
interchange rust
How to create a Hugo website without a theme
By Seth Jensen
February 14, 2023
Since converting this website to the Hugo static site generator a couple of years ago, I’ve used Hugo for lots of other projects. It’s blazing fast, simple, and makes small website projects much easier.
One of the sites I’ve built with Hugo is a simple site to keep notes for my university classes. Hugo’s documentation tends to assume you’re using a theme, but for such a basic site using a theme would add unnecessary complexity I didn’t want to deal with. So, in this article I’ll show you how to create a site without a theme.
Creating a site
First, install Hugo.
If you want to use SCSS, as I do in the example below, make sure to install the “extended” version of Hugo.
Then, run the following command to create a Hugo site:
$ hugo new site notes
Get into the new notes directory, and let’s edit the config file:
baseURL = "http://example.org/"
languageCode = "en-us"
title = "Notes"
pluralizelisttitles = false
Other than the title, the only thing I changed here is disabling pluralizelisttitles. Hugo expects you to name your sections something singular (e.g., put your blog posts in a post directory), …
html development static-site-generator
Find Text in Any Column of a PostgreSQL Table
By Josh Tolley
February 6, 2023
It’s not uncommon for me to want to find a particular text snippet in a PostgreSQL database. Easy enough, you might say. After all, that’s what databases are for: You feed them a bunch of information, ask them questions in the form of a query, and they give you the answer. So just write a query, right?
Well, maybe.
SQL stands for “Structured Query Language”, and the fact that it’s “structured” means not only that the database abides by some defined structure, but that your queries do, too, which implies that you know at the time you’re writing the query where in the structure you want to look. And that’s where the problem arises. What if I know “Kilroy” is somewhere in a table, but I don’t know what column to look in to find him? How do I write that query?
The first answer I came up with to that question depends on pg_dump: dump the
contents of a table, search the results with grep, and there you have it.
$ pg_dump -t person mydb | grep -i kilroy
633132 F NH \N Cristen212 J Kilroy44 1983-09-28 00:00:00 \N t \N \N \N \N F USA \N \N …postgres data-processing database
Data Migration Tips
By Josh Tolley
February 4, 2023
When you’re in the business of selling software to people, you tend to get a few chances to migrate data from their legacy software to your shiny new system. Most recently for me that has involved public health data exported from legacy disease surveillance systems into PostgreSQL databases for use by the open source EpiTrax system and its companion EMSA.
We have collected a few tips that may help you learn from our successes,
as well as our mistakesparticularly educational experiences.
Customer Management
Your job is to satisfy your customers, and your customers want to know how the migration is progressing. Give them an answer, even if it’s just a generalization. This may be a burndown chart, a calculated percentage, a nifty graphic, or whatever, but something your project managers can show to their managers, to know more or less how far along things are.
Your job is also to know your system; that’s not the customer’s job. They shouldn’t have to get their data into a specific format for you to make use of it. Be as flexible as possible in the data format and structure you’ll accept. In theory, so long as your customer can provide the legacy …
postgres data-processing database migration casepointer postgres