nefarious | based programming language | Interpreter library
kandi X-RAY | nefarious Summary
kandi X-RAY | nefarious Summary
Nefarious is a text-based programming language. It has mutable syntax: the language grammar can be extend at runtime. The idea is to do away with DSLs and operator overloading and so on, and just have fully general function syntax.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Entry point for the entry point
- Run the worker
- Mark the packet as waiting
- Starts the thread
- Invoked by pkt
- Add a packet to the task work area
- Add a packet
- Append to lst to lst
- Start the compile thread
- Return a Word instance
- Calculate the energy of all pairs
- Main benchmark thread
- Return test cases
- Tokenize text
- Calculate the magnetic moments of a planet
- Return all combinations of a list
- Evaluate the expression
- Check the tree
- Return a Word object
- Convert value to Word object
- Execute the action
- Similar to benchmark
- Invoke a device task
- Push the given sha to the repository
- Complete a piece of board
- Advance a set of points by dt
- Execute a single packet
nefarious Key Features
nefarious Examples and Code Snippets
Lines of Code : 26License : Non-SPDX (Apache License 2.0)
Copydef tile(cls, tile_assignment):
"""Returns a Tiled sharding attribute.
This causes an op to be partially computed on multiple cores in the
XLA device.
Args:
tile_assignment: An np.ndarray describing the topology of the tiling Community Discussions
Trending Discussions on nefarious
QUESTION
Here's was appears to be an odd question at least from what I've been able to turn up in Google. I'm not trying to determine IF there's a UAC prompt (I've got a couple of reliably ways to do that, win32gui,GetForegroundWindow() returns a 0, or win32gui.screenshot returns exception OSError at least in my case)
I'm also not looking to BYPASS the UAC, at least from python, I have an update process that's kicking off automatically that I need to get through the UAC. I don't have control of the update process so I don't think it's a good candidate for disabling the UAC with Python. I could just disable the UAC in Win10, but I'd prefer not to if possible. I do have a couple of methods for bypassing the UAC, in one instance where I'm running this in vitualbox I believe I can use VBoxManage guestcontrol to sent keystrokes to the guest system, for a stand alone system I have a microcontroller connected as a USB HID Keyboard, with a basic deadman switch (using the scroll lock to pass data between the python and the microcontroller acting as the HID keyboard) if it doesn't get the signal it sends left arrow enter to bypass the UAC.
What I'm trying to do, and getting stymied with, is verifying that the UAC popup is actually from the update process that I want to accept the UAC prompt for, and not some other random, possibly nefarious application trying to elevate privileges. I can use the tasklist to verify the UAC is up, but I'm not seeing any way to see WHAT caused the UAC prompt. The update process is kicked off from an application that's always running, so I can't check to see if the process itself it running, because it's running under normal operation, I just want to accept the UAC when it's attempting to elevate privileges to update. I've been using a combination of using win32gui.GetWindowText and win32gui.EnumWindows to look for specific window titles, and for differentiating between windows with the same title, taking a screenshot and using OpenCV to match different object that appear in the windows. Both of those methods fail though when UAC is up, which is why I can use them to detect UAC as I mentioned before.
I suppose I could use a USB camera to take a screenshot of the system, but I'd like to be able to run this headless.
Anybody have an idea on a way to accomplish this, as the tree said to the lumberjack, I'm stumped.
...ANSWER
Answered 2021-May-12 at 18:58If you run a process as administrator, no user account control prompt will appear. You could manually run your process as administrator. You need system privileges to interact with a user account control prompt.
QUESTION
Maybe I'm approaching this entirely in the wrong way, but there seems to be a rather large security hole in Azure Devops Pipelines.
Our devops team has historically managed our builds, all the way back to on-prem TFS and through our journey to CI/CD. This is done so that we can standardize our builds and releases, track environment and toolset upgrades, because devops folks have better domain knowledge in this area, and to generally make life easier for developers. This is all good practice.
Now with Azure Devops and yaml pipelines, we have the ability to template out our builds (a wonderful thing, about time Microsoft caught up to this). But even with templating, "extends" templates, and security restrictions preventing developers from creating their own pipelines, the root file of it all (azure-pipelines.yml) is still stored in the application's source code repository.
So a developer isn't allowed to create a new pipeline, but they can edit the azure-pipelines.yml file all they want, which means erasing the templating/extends code our devops team wrote, and potentially injecting nefarious or otherwise unmanaged changes. Or even deleting the file altogether and ruining the pipeline. This is coconuts.
And before you say, "well, slap some branch policies on there and force code reviews/pull requests," that is entirely goofball for 2 reasons:
- The dev ops team should not have to approve every single change in the branch, because code changes are not their domain. They should only need to approve the azure-pipelines.yml file and be left off the rest.
- This would require a branch policy created manually on all our dozens of repos, not to mention every single branch inside those repos. Devs can also create their own branches, which completely circumvents any policies we may have.
And yea, we may have change history now, but that only helps after the fact. Not before a build environment gets destroyed.
In short, by inserting pipeline definitions into application repositories and not providing any way to smartly protect them, Azure YAML Pipelines allows developers free reign to wreak havoc in the devops' world.
Am I missing something here? How have people gone about keeping their yaml pipelines protected and managed? Surely there are strategies for organizations who have separate devops teams that need to protect their work. How do we protect/secure azure-pipelines.yml?
...ANSWER
Answered 2020-Oct-28 at 09:15You can enforce pull requests on the important branches and require reviewers when the pipeline is being changed. Such branch policy can be enforced for a whole team project using branch policies with wildcards
https://jessehouwing.net/azure-repos-git-configuring-standard-policies-on-repositories/
Though I'm personally against such a strong split between accountabilities. Standardization is one thing, but the protection it gives is thin vernier. In the end it's much better to drive an awareness program.
Optionally protect the target environment to require a pipeline template and making sure the template injects itself in the target pipeline, not the pipeline opting in to a template. In Azure Pipeline Environments you can set a policy to require specific templates to be used.
QUESTION
Pardon any confused terminology in the title, but imagine I want to have a little macro to mark structs I create as usable for some nefarious purpose. I write this little module:
...ANSWER
Answered 2020-Nov-25 at 10:38Always have a look at the output of your macros:
QUESTION
I have a foreground service that I launch via startForegroundService.
All works great.
The only thing I am unable to figure out is how to / if its possible to customize the "...is running in the background' notification.
The notification I am sending over to startForeground looks like this:
ANSWER
Answered 2020-Sep-27 at 18:26As per the Create and Manage Notification Channels guide:
Starting in Android 8.0 (API level 26), all notifications must be assigned to a channel.
Your notification is not appearing because you do not set a notification channel as per the note on that same page:
Caution: If you target Android 8.0 (API level 26) and post a notification without specifying a notification channel, the notification does not appear and the system logs an error.
Note: You can turn on a new setting in Android 8.0 (API level 26) to display an on-screen warning that appears as a toast when an app targeting Android 8.0 (API level 26) attempts to post without a notification channel. To turn on the setting for a development device running Android 8.0 (API level 26), navigate to Settings > Developer options and enable Show notification channel warnings.
QUESTION
Using the DomSanitizer service in Angular 2+ is it possible to sanitize the html but leave in the css.
For example this :
...ANSWER
Answered 2020-Jul-20 at 09:04Problem with your solution is if you want style attributes then you'd had to allow CSS in general which is not XSS proof and therefore DomSanitizer.sanitize(...) is cutting out everything that could lead to a XSS.
If you really need your HTML to show the style attributes then use bypassSecurityTrustHtml(value: string) instead! But be carefull this will also allow
QUESTION
Suppose I want to check that a particular H5 file is the one I think it is, and hasn't had some dataset altered while I wasn't looking. I've already turned on the Fletcher-32 filter. I'm wondering if there's some way to access the checksum stored in the H5 file.
To be clear, I don't want to recalculate the checksum, I'm assuming that the data is consistent with the checksum, and I'm not expecting anything nefarious; I just want a quick way to peek in and make a list of the checksums — then peek in later to make sure my list hasn't somehow gotten out of sync with the data. Ideally, I'd like to do this through the h5py interface, but the C interface would at least give me somewhere to start.
My use case is basically this: I have a database of my H5 files, and I want to be sure that none of the datasets have changed without the database knowing about it. I don’t care if — say — an attribute has been changed or added, which means file sizes, modification times, and MD5 sums are of no use. For example, I might realize that some scaling was off by a factor of 2, go in and change those bits in one dataset without changing the dataset's shape or even the number of bytes in the file — but then fail to update the database for one reason or another. I need to be able to detect such a change. And since Fletcher-32 is already being computed by HDF5 with every change to our data, it would be very convenient.
Basically, I'm just asking for the highest-level API calls that can achieve this.
I've found one place in the HDF5 source code here where it reads the stored checksum — evidently the last 4 bytes of the buffer.
Using this fact, it looks like there is an answer, as of HDF5 1.10.2 and h5py 2.10. But it's still not nearly as fast as I'd like — presumably because it's reading all the bytes in every chunk, possibly exacerbated by the need to be constantly allocating new buffers for all those reads.
Essentially, we want to bypass any filters (compression, etc.), read the last 4 bytes of the raw data chunk, and interpret them as an unsigned 32-bit integer. The read_direct_chunk in h5py was added in v 2.10, and corresponds to the HDF5 function H5D_READ_CHUNK.
Here's some simple example code, assuming test.h5 has a 2-dimensional dataset named data.
ANSWER
Answered 2020-Jul-18 at 16:26Apologies in advance; this is an incomplete answer based on info I can find. From my read of HDF5, h5py and PyTables docs, you can't access the checksum value directly (with Python or any other language).
This is my understanding of HDF5 checksum behavior:
- Data is checksummed when written.
- The checksum is calculated and stored for each dataset chunk.
- The dataset is checked for corruption when you read the dataset (chunk).
- The chunk's saved checksum is compared to the value calculated when you read it.
Given this limitation, I don't see how you can do what you propose.
That said, there is a way to peek at the data and verify integrity before you operate on the data. See code below. It creates a file with 4 datasets: 2 have fletcher32=True, the other 2 do not. It then uses visititems() to recursively visit each node in the file (calling def check_fletcher). The called routine checks if the node is a dataset and fletcher32=True. If true, it attempts to read the dataset. If the read fails, it will issue an error (that you can trap). Unfortunately, I don't know how to corrupt a dataset to test the except: part of the code. Maybe this will give you some ideas.
QUESTION
I have to use a certain third-party library that works in the following way:
...ANSWER
Answered 2020-Jul-07 at 13:11I have a solution for my specific problem but it feels even dirtier than I want. I would still be interested in other answers!
My current solution is as follows:
QUESTION
I have a question that I have solved in what may be a hacky way, and maybe there is a better way to handle it. I have an app in React Native, and keep in mind I am using Expo right now. That you type in a phone number and a message and with a aws lambda function and pinpoint it will send a robo call to that number with that message. This is just a demo right now, it's not meant to work like this in production, and it is not nefarious. The idea of the app rests on this working tho. So it does work, but I was wondering if there was a way to have react native just trigger the phone ringer with a fake number. Or even pass a message to it without using the lambda. If I can't trigger the native ringer, is there a way to build a custom ring interface that could show up even when the screen is locked or the app is closed. So a delay on after the call is initated.
What is suggested as the best way to do this. Are there ways to connect to the microphone and and the speaker with react native, pass a recording and have an interface to do so.
So the three options are
A) stick with the lambda and have it be a real phone call, and have it work no matter if app is open or phone is locked.
B) Have the app trigger a notification to the phone on a timer that pops up a full screen ui that looks like a phone call that you can answer and here a message, whether the app is closed or phone is locked
C) have the app trigger a real phone call ringer on a timer that has a message in it.
Thanks for reading this, and let me know what is possible, and then I will go down the rabbit hole of trying to implement it.
...ANSWER
Answered 2020-May-25 at 06:17I believe the feature you are looking for (in iOS) is CallKit( https://developer.apple.com/documentation/callkit?language=objc), and ConnectionService in Android. This is used in apps like Whatsapp, Messenger, ... .This feature is not ready-made bundled inside expo so you have to use bare workflow with native code integration (one nice library is this https://github.com/react-native-webrtc/react-native-callkeep).
If you still want to stay in expo, then I believe option A is the most viable option.
For option B, what I would imagine is sending a notification to the app, then user open it and the app opens with the call UI (which is also okay)
Option C is basically not possible with a "real" phone call.
QUESTION
I'm trying to learn how I might secure data from being altered after being passed over an open network between a server and a worker
in my head I was thinking that it should follow something like:
...ANSWER
Answered 2018-Aug-02 at 06:04You are creating the certificates but not loading them to the SSL chain. And change your ssl_context creation from ssl.Purpose.SERVER_AUTH to ssl.Purpose.CLIENT_AUTH:
QUESTION
I'd like to simulate a particle explosion, from the center of a screen out to the edges (In CSS, and I promise to not use this for nefarious purposes)
Here's a visual so you know what I'm talking about:
BEFORE:
AFTER:
I've tried using the following HTML/CSS/JS, but it doesn't work (dots stay still in the middle of the screen):
The HTML is just this:
...ANSWER
Answered 2020-Mar-22 at 13:36Here is an idea with CSS variable where it's easy to adjust with few code.
Run on full screen for better result:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install nefarious
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
