CVE-2018-18074

challenges for an interview

Challenge 1: Python Docker Test The goal of this challenge is to assess how you resolve vulnerabilities within a docker image The dockerfile builds into a docker image that contains the following vulnerabilities CVE-2018-18074 CVE-2019-8457 CVE-2018-12699 The organization allows applications with high severity vulnerabilities to be released, but nothing more severe than hig

How to create enviroment with conda To create an environment: conda create --name myenv Create the environment from the environmentyml file: conda env create -f environmentyml To create an enviroment for the udacity class room: conda create -n udacity-fundamentos-ia numpy jupyter notebook pandas matplotlib seaborn python=3 Activate & Deactivate enviroment sour

import speech_recognition as sr import pyttsx3 as ttx import pywhatkit import datetime import webbrowser import pyttsx3 from googleapiclientdiscovery import build import googleapiclienterrors import requests from bs4 import BeautifulSoup import os from selenium import webdriver import pyautogui import time #Importer les bibliothéques pour localiser télephone imp

Encrypted Credential Management (Python implementation of Credulous)

Credo The python implementation of Credulous (githubcom/realestate-com-au/credulous) Essentially, it's a credential management program written with amazon credentials in mind It uses your ssh key pairs to keep your credentials encrypted on disk until you need to use them Installation Use pip!: pip install credo_manager Usage Import some keys: credo import Ex

appseccft CTF Anwers Challenge 1: Answers and Notes: 1 There are several things that can be addressed with this application CVE-2018-18074 can be addressed by modifying the requirements file to install requests=2220 rather than the vulnerable version Also there are a lot of package imports in the script itself that aren't being used, and should be removed until they

Game-4X-maker Application that can use chatGPT and Codex in streamlit to run and we must reflect this evening on the title of the application, it will be an application whose role will be to create code or to ask it through the text to create a video game [metadata] name = openai version = attr: openaiversionVERSION description = P

Application that can use chatGPT and Codex in streamlit to run and we must reflect this evening on the title of the application, it will be an application whose role will be to create code or to ask it through the text to create a video game

Game-4X-maker Application that can use chatGPT and Codex in streamlit to run and we must reflect this evening on the title of the application, it will be an application whose role will be to create code or to ask it through the text to create a video game [metadata] name = openai version = attr: openaiversionVERSION description = P

Simple tool for deploying basic lambda functions

Simple AWS Lambda Maker This is a super simple tool for creating/modifying multiple lambda functions It was built for the purpose of deploying our Alexa skills across multiple regions in the same account Installation Just use pip: $ pip install simple-aws-lambda-maker Then create a salmyml with something like: --- function_defaults: filepath: "{config_root}/lambda_

Low-effort reachability analysis for third-party code vulnerabilities.

narrow This project investigates ways to automatically determine (in some cases) whether a known vulnerability in some dependency affects a targeted first-party codebase It does this by combining two things: 1) Patch Extraction and 2) Static Program Analysis Specifically, this repo implements a python-based command-line tool that can be used to do one of the following: Deter

Indian Premier League Predictions - 2018 The Indian Premier League, officially Vivo Indian Premier League (for sponsorship reasons), is a professional Twenty20 cricket league in India contested during April and May of every year by teams representing Indian cities and some states This project is an attempt to predict the winner of T20 cricket matches The objective is to

  Packj flags malicious/risky open-source packages Packj (pronounced package) is a command line (CLI) tool to vet open-source software packages for "risky" attributes that make them vulnerable to supply chain attacks This is the tool behind our large-scale security analysis platform Packjdev that continuously vets packages and provides free reports Co