paranoia | acts_as_paranoid for Rails 5, 6 and 7 | Application Framework library

I have a project (its an old project its actually only used as archive as we moved on from this app) with ResourceSpace, that sometimes needs to be accessed to download some images.

We have this issue now where users are unable to download as we're getting the following error:

Good morning people.

I'm trying to understand the error below but as I'm new to rails, I didn't quite understand. Does anyone have a light on what it could be?

I searched the internet but didn't find anything specific.

I searched on the internet but didn't identify anything, if anyone has seen it or has the link, you can send me and I'll see.

If you need any more information to help, let me know and I'll edit the post and add it, I don't know if there's anything else I could have already posted.

thank you for your help !!

I am trying to verify a ECDSA signature created with OpenSSL on an embedded device using BearSSL.

First I created a private key using OpenSSL and extracted the public key:

In Python ctypes, when, if ever, do you need to manually add the null/zero b'\0' terminator when passing bytes to a function that expects null terminated data?

Specifically for the 3 cases (but others welcome)

• If the function parameter has been declared with c_char_p via its argtypes

• If the function has not had its parameter declared via argtypes

• Using memmove, if the interface expects a null terminated string at a memory address,

  ...

I can see lots of copied lore that functions registered with the .init_array section have the command-line arguments argc and argv, like main(), but I am failing to find any actual published documentation online that confirms that this is the case.

Yes, for clarity, the function itself is not "declared in" the .init_array, but a pointer to the function is declared there, "registering" the function, and it is called by some iterator during start-up. Question remains: show me some documentation for the argument list passed in by that iterator.

My intent is to change these arguments from a dynamic library in a subtle but generally safe way, so I want to find the "real deal" in memory - not from /proc/self/.

For more information, follow the link below.

Some Stack-overflow lore: Accessing main arguments outside of main on Linux

Even my favoured Oracle ( docs.oracle.com/cd/E23824_01/html/819-0690/chapter3-8.html ) only mentions that the functions get called, but no promise of what arguments there might be. Same with the elf and gcc documentation, as far as I can see.

In the land of C/C++ UB paranoia, Ideally I need some certainty that this is documented behaviour before I go ahead with it? Does it exist? Can it be implied in some way?

Summary of comments/answers so-far:

At least for GNU libc, a relevant change occurred with this patch: BZ #974. https://sourceware.org/pipermail/libc-alpha/2005-July/019240.html (It is mentioned in glibc's ChangeLog.old/ChangeLog.16 entry 2005-04-13 H.J. Lu.) – Ian Abbott

To me, this demonstrates that the glbc maintainers were aware of the requirement to pass argc/argv/env - that it is not accidental - and extended it to main exe registrations. It also tells us that it was working for dynamic libraries prior to that date.

It is an interesting question whether this binds other libc implementers to follow the pattern.

We use ModSecurity 3.X for NGIX with the OWASP core rule set.

We have a problem with image in base64 and the rule 941170.

The pattern of the rule is

Summary:

I have setup a basic WAF with mod-security and the OWASP coreruleset 3.3.2. When using the WAF I see lots of warnings in modsec_audit.log regarding the CONNECT method, which trigger crs rule 920100:

Message: Warning. Match of "rx ^(?i:(?:[a-z]{3,10}\s+(?:\w{3,7}?://[\w\-\./](?::\d+)?)?/[^?#](?:\?[^#\s])?(?:#[\S])?|connect (?:\d{1,3}\.){3}\d{1,3}\.?(?::\d+)?|options \)\s+[\w\./]+|get /[^?#](?:\?[^#\s])?(?:#[\S])?)$" against "REQUEST_LINE" required. [file "/etc/httpd/modsecurity.d/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "63"] [id "920100"] [msg "Invalid HTTP Request Line"] [data "CONNECT oneofmy.longer.hostname.here.abcde.com:443 HTTP/1.1"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"]

Details regarding setup: I set up the WAF with mod_security 2.9.2 and httpd. I used the crs-setup.conf.example provided by crs and only modified these two settings regarding threshhold and allowing the CONNECT http method. (CONNECT method is used in our setup for proxy purposes).

I'm trying to understand this code example I found in the GTK+ 3.0 reference manual:

I'm trying to run unitas_1.7.8.pl, a bioinformatic software available here. Importantly, I've used this software many times in the past successfully on this ubuntu machine. Now when I run the command