DEV Community: Florian J. Isopp

tricky default branch activity on github

Florian J. Isopp — Wed, 27 Jul 2022 10:21:00 +0000

tricky parts today:

github activity contributions have been inscrutable. Wondered where my activity has gone, resp. not shown.
Ah, because i committed to a different branch, not master.
checked out github FAQ, shown that only default branch commits getting reflected in Activity Dashboard.

Changed default branch to 2.nd branch, committed criss-cross merged etc. still no activity.
the single one and only activity that is shown is the open pull request.

So this thingie stays a riddle.

https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile

Privilege Escalation with Path Variable Manipulation

Florian J. Isopp — Mon, 22 Feb 2021 11:08:51 +0000

This part is about playing with SUID and SGID bits on 'l' details for files.
https://www.thegeekdiary.com/what-is-suid-sgid-and-sticky-bit/
says: When a command or script with SUID bit set is run, its effective UID becomes that of the owner of the file, rather than of the user who is running it.

SUID Bit User executes the file with permissions of the file owner
SGID Bit User executes the file with the permission of the group owner

To search the a system for these type of files run the following: find / -perm -u=s -type f 2>/dev/null

in short:

*creating shell call for curl in tmp file
*because usr/bin/menu is run as root
*curl is found in menu file
*write /tmp path in PATH
*execute menu file
*pick option1 and run modified curl aka /bin/sh
*check for id root
*access flags

MISC

writing shell scripts:
https://linuxcommand.org/lc3_wss0010.php

additional credits
https://clarencesubia.medium.com/tryhackme-kenobi-walkthrough-6cd316fd9c3c

*this is a part of tryhackme.com so the introduction and manual is their content. execution and guide-through is mine.

Python VSCode testing from 0 to 100

Florian J. Isopp — Wed, 02 Dec 2020 23:43:29 +0000

Presumed, you got some scripts, started from scratch some coding. Now you reached a level of complexity, it's dawning that you need a modicum of structure. Preferably an automated test suite to give you the confidence and confirmation that everything is and stays fine in your code base.

https://code.visualstudio.com/docs/python/testing#_enable-a-test-framework

I will go with built-in unittest of the Python extension, so no additional configuration is necessary.
Here the steps for a concentrated quick start:

Ctrl+Shift+P Python: Configure Tests (saved in .vscode settings.json)
1. unittest
2. root dir, I'm taking repository root
3. "*_test.py" pattern

Create tests in test-file https://code.visualstudio.com/docs/python/testing#_create-tests
1. "python.testing.unittestArgs": [ "-v", "-s", ".", "-p", "*_test.py" ],
Ctrl+Shift+P Python: Configure Tests
take care of proper imports
Run All Tests

Mistakes FAQ

Restart VS Code if test framework doesn't show discoveries or the test icon on the left panel in general.
If you are at odds with import dependencies read: https://stackoverflow.com/questions/448271/what-is-init-py-for

This test approach is really simple and you should stick at least with basics in any early stage of development. I go for DEBUG and print outputs only for simple single file scripting. But if there are encapsulated parts in play, stick with the fundamentals of unit testing to keep dev velocity high and stay productive.

For more information study the docs page https://code.visualstudio.com/docs/python/testing#_a-little-background-on-unit-testing

Next steps for advanced dev automation is setting up a Continous Integration CI config in eg. github.