sast | Parse CSS , Sass , SCSS , and Less into a unist syntax tree | Parser library

I would like to generate a json file from data retrieved in an api request and another json file. The problem is that in my generated json file, the braces are surrounded by double quotes and I also have "\n" and "\r" everywhere. Do you have a solution to generate a json file correctly?

A piece of my python code:

I have not, but shall DAST* security test, out of curiosity, an IoT device; Nodemcu esp8266 www server I built. It's showing a HTML page (on a mobile phone for example) that allows to control and interact with a camera module and a A/C relay. With it I can for example show images captured in the camera I even think it has some image recognition built in, and I can switch on and off a relay for electrical current to a light bulb (110/220v A/C power)

Before I start pentest I though I better start thinking of what types of exploits one would be able to find and detect? Which sinister exploits I will be able to find, or rather ought be able to find given a proper pentest exercise? (And if I do not find exploits, my approach to the pentest of the Iot might be wrong)

I ponder it might be a totally pointless exercise since the esp8266 www server (or rather its LUA programming libraries) might not have any security built into it, so basically it is "open doors" and everything with it is unsafe ?

The test report might just conclude what I can foresee be that the the "user input needs to be sanitized"?

Anyone have any idea what such pentest of a generic IoT device generally reports? Maybe it is possible to crash or reset the IoT device? Buffer overruns, XXS, call own code ?

I might use ZAP or Burpsuite or similar DAST security test tool.

• I could of course SAST test it instead, or too, but I think it will be hard to find a static code analyzer for the NodeMCU libraries and NUA scripting language easily ? I found some references here though: https://ieeexplore.ieee.org/abstract/document/8227299 but it seems to be a long read.

So if someone just have a short answer what to expect in a DAST scan/pentest , it would be much appreciated.

Stay safe and secure out there ! Zombieboy

I have been struggling with this for about 3 days now. I will continue to work on it as I wait for anyone to help but I'm having the following problem. I will use examples in this post to mask the domains and IPs somewhat. This is not to make more work for you I just don't want it easily cached in search results on google etc. Thank you in advance for any help

I have installed WHM on a Cloudlinux system hosted on a VM using VMWare. The domain(In this case lets call it domain.co.za) was used as the hostname of the system and if you go to that domain it actually loads. That domain name is pointing to Cloudflare which in turn points back A records to the WHM server as the nameservers i would like to use. This system is currently using PowerDNS as well

Now what I also have encountered is that the ns1.domain.co.za is working fine(This is also the machines hostname) but the ns2.domain.co.za is not

If I try to set nameservers for any other domains it does not allow me to change them and they are giving the following errors

Authoritative Nameserver failure for domain

This I am assuming is because of the following error when I use intoDNS to check what the problem is(this is not for domain.co.za this is for a domain I own called orginc.co.za which only the ns1.domain.co.za is accepted and not ns2.domain.co.za)

The following nameservers are listed at your nameservers as nameservers for your domain, but are not listed at the parent nameservers

When I use a dig command I get the following results for ns2(Please note actual IPs changed)

In my organization, we are in a transition phase. Big projects get split up into micro services. While this is nice to bring complexity down, the downside is that some parts which should be the same everywhere are more work.

For example, I would like every project to have some tools in the CI pipeline:

• Software Composition Analysis (SCA)
• Static Application Security Testing (SAST)
• Unit Tests

What the tools are might differ from project to project (essentially by programming language). It might also be that this changes - for example, one might want to add the type checker later. Once the type checker is there, one might enforce some of the values (while keeping others flexible, to be changed by the microservices).

Is it possible to have a shared template for a CI pipeline in GitLab? I'm not looking something people can copy-and-paste. I'm looking for a solution that allows me to adjust the CI pipeline of multiple projects at once, without causing more work for me when more microservices are added (the changes don't have to be applied instantly)

I have the following:

I’d like to use the artifacts created by the Security/SAST.gitlab-ci.yml template in my final pipeline stage (reporting).

How can I modify the Security/SAST.gitlab-ci.yml template to store the artifacts somewhere in my project dir? I tried to define the following for this template, but this is not working:

I have a Webflux app that restarts automatically after a few minutes of usage, sometimes I can use it for a couple of hours then suddenly it restarts, when it restarts an error pops up saying duplicate EnhancerBySpringCGLIB. I know this question has been asked before and I tried the suggested solutions but none worked. below is my log

From secure code review(SAST) point of view which code I need to scan through automated tool? Raw code or Compile code?

I created two deployments (deployment happening with a kubenetes operator and there are other activities, like service creation, secret creation etc., also there though i feel they are not related to this error) and expected for the pods to come up but pods dint come up. when I checked the events I found there is below error for both the pods(i am listing one)