Mickael van der Beek
Mickael van der Beek
Hello, I'm trying to setup a Docker image with lithium installed. Here is the Dockerfile that I wrote: ``` FROM debian:stable-20220527-slim RUN apt-get update -yqq \ && apt-get install -yqq...
This one is relatively simple. Since Hagana is probably installed in the same `node_modules` directory as the potentially dangerous modules, it's possible to overwrite it and reload the module. Main...
I found another bypass, this time on the network (HTTP(S)) access control side. It's possible to specify a custom IP address resolver which will resolve the whitelisted domain name to...
Since Hagana is available to the other `node_modules`, it's possible to call Hagana inside the malicious module to self-authorise the wanted actions. e.g: the malicious library code: ``` import fs...
I believe that there is a bug where functions that get extracted from the `exports` and not from the `default export` object don't get wrapped by Hagana. e.g: This works:...
I'm having troubles building a sample application that uses jam. I wanted to create a buildscript for the sample Backbone.js that is generate by the Grunt-BBB (Backbone.js Boilerplate Buddy) utility....
The library crashes when a querystring contains a value without a key or an empty key. e.g: ``` url.parse('http://www.google.com/hello?=test', true) ``` will crash with the error: ``` TypeError: Cannot call...
This is quite a simple issue, none of the examples in the README file work: Example n°1: ``` const { query } = require("chdb"); const ret = query("SELECT version(), 'Hello...
There's a known bug with child process reaping in Docker containers. Here's an article that explains in some details what this issue is about: http://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/ My question is if it...