Skip to main content

Identify security leaks in code

 

We will be using Gitleaks software to find security leaks. Here are the steps to identify leaks in your code repo -

  1. Install gitleaks on your local machine. Click here to install. Check if it is installed successfully on your local machine. 
    Website> gitleaks --version
    If its installed, it should show version of gitleaks.

  2. Download sample.config file(see attachment) and copy on your local machine(this is the sample file with configuration/rules, you may change it as per your requirements).

  3. Now git clone the repo on your local machine and goto your code folder.

  4. Once you are in code folder, run gitleaks command.
    Website> gitleaks --path=./ --config-path=../sample.config --verbose where, --path=./ => path of .git folder --config-path=../sample.config => path of sample.config file You can also download the report of leaks for sharing it with your team - Website> gitleaks -v --pretty --path [RepoPath] --config-path=../sample.config --report= [PathtosaveReport] where, --report = [PathtosaveReport] => Give the folder path where report should be saved.

  5. It will take time from 1 minute to 30 minutes depending upon the size of folder and history. 

(output of the gitleaks command)

🏀  Keep learning and sharing to build a strong community. 


Comments

Popular posts from this blog

Cannot alter the login 'sa', because it does not exist or you do not have permission.

Working on projects, it can happen that 'sa' account gets locked. If it is on local machine OR development boxes, onus would be on you to fix it. If scripts and SQL steps are not working, this might help you fixing the issue. Steps to unlock 'sa' account and resetting the password. 1. Open SQL Server Configuration Manager 2. Select SQL Server Services -> 'SQL Server' service. 3. Right click on 'SQL Server' service and click on "Startup Parameters". For 2008, server "Startup Parameters" are inside Advanced tab.   4. Add '-m' in startup parameters as shown above and click on 'Add'. This will put SQL server into 'Single User Mode' and local admin will have 'Super User' rights. For 2008, server you have to add ':-m' in the last of the existing query. 5. Save the settings and Restart the service. 6. Now open the SQL Server Management Studio and connect to database using 'Windows A

Could not load file or assembly 'Microsoft.Web.Infrastructure'

Could not load file or assembly 'Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. What 'Micorosoft.Web.Infrastructure' does? This dll lets HTTP modules register at run time. Solution to above problem: Copy 'Micorosoft.Web.Infrastructure' dll in bin folder of your project and this problem should be resolved. If you have .Net framework installed on machine, this dll should be present on it. You can search for this dll and copy it in your active project folder.   Alternatively,  you can install this dll using nuget package manager PM> Install-Package Microsoft.Web.Infrastructure -Version 1.0.0 Happy coding!!

Dockerize a dotnet core application with SQL connectivity

Before reading this article, I am assuming that you know Docker, Dotnet core and have a dotnet core application which is trying to connect to SQL server. Read how to build aspnet core app, docker and run the docker container. If docker container is running and you are not able to connect to database, this blog should help you fix it.  Prerequisite -  Make sure code is working via running aspnet core locally via visual studio or command line. Port 1433 is opened for connecting to SQL server. Solution If you have Docker file ready, it should somewhat look like below file -  FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build-env WORKDIR /app # Copy csproj and restore as distinct layers COPY /SampleAPI/*.csproj ./ RUN dotnet restore # Copy everything else and build COPY . . WORKDIR /app/SampleAPI RUN dotnet publish -c Production -o publish # Build runtime image FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 WORKDIR /app/SampleAPI COPY --from=build-env /app/SampleAPI . WORK