pwned | An easy , Ruby way to use the Pwned Passwords API | REST library

I´m trying to build a local version of the Haveibeenpwned password database. So I downloaded the File from the website (NTLM Hashes, ordered by hash), unzipped it and wrote a simple python programm as proof of concept:

I'm developing a small application using Ruby on Rails and using Devise for authentication. I've two login systems setup and one is user and the other one is employee

When logging in using correct email and password, devise sends the correct redirect to path back but it gets stuck there. Nothing continues unless I refresh the page. But once I refresh it, it will happily go to the redirect path and even if after logging out in the same browser tab and then logging back in works. But if I close the tab and then load the application in a new tab, it doesn't work.

Following is the rails server output when logging in,

I am building a file-based index for the sorted haveibeenpwned passwords text file and it got me wondering what's the fastest way to do this?

I figured a good way to build a quickly grep-able index would be split the sorted file into 256 files named with the first two hex digits (i.e. FF.txt, FE.txt, etc). I found ripgrep rg to be about 5 times faster than grep on my computer. So I tried something like this:

I'm learning buffer overflow. I wrote a small C program:

I understand how XSS works on a basic conceptual level. However, I don't understand yet how a basic redux vulnerability I read about happens (link). This link is about "3 Security Pitfalls Every React Developer Should Know", and the first one is "Server-Side Rendering Attacker-Controlled Initial State".

There it says:

Sometimes when we render initial state, we dangerously generate a document variable from a JSON string. Vulnerable code looks like this:

This is risky because JSON.stringify() will blindly turn any data you give it into a string (so long as it is valid JSON) which will be rendered in the page. If { data } has fields that un-trusted users can edit like usernames or bios, they can inject something like this: { username: "pwned", bio: "" }

I understand that XSS happens when the server fails to sanitize malicious inputs (for example script tags with malicious JS) coming from the frontend, and serves these scripts to victims which then execute the scripts within same origin as their request.

But in this case, how would this data value be under control of anything on the client side? It is initial state, isn't this just determined on the backend when server-side rendering?

Also, does this pitfall exist for non-server-rendered React apps?

I have a very large file of hashes and a hash I gave. I want to compare this given hash with the file to see if it is in the file. I chose BinarySearch for this. My current problem is to find the correct index for the rightmost element.

I've recently added HaveIBeenPwned to my form request class to check for cracked passwords. Given that this makes an external API call, is there a way for me to skip either this validation rule or the FormRequest class altogether during testing?

Here's the request I make in my test.

I want to import a few thousand files into my postgres database which runs on a macbook. I need an other way to import all these files in an efficient manner. It currently failes as the argument list is to long.

Command I've issued:

I'm trying to write a txt to postgres bulk importer. The code currently crashes as the string which should get inserted to postgres isn't a valid UTF8: pq: invalid byte sequence for encoding UTF8: 0x00

In my code I'm checking if the strings are a valid UTF8 or not.

What am I missing?

Code: