投稿時間:2022-08-12 23:17:04 RSSフィード2022-08-12 23:00 分まとめ(23件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
python	Pythonタグが付けられた新着投稿 - Qiita	【Python3.9 / FastAPI】アップロードされた画像容量を取得して、バリデーションをかける方法	https://qiita.com/baby-0105/items/4d249795dd0cb82a91fa	ticimportbasemodelvalidat	2022-08-12 22:52:37
Ruby	Rubyタグが付けられた新着投稿 - Qiita	あり得ないエラー集（エラーが解決しないときには試してみよう！）	https://qiita.com/cookie20000917/items/0e1bf102a0a1cd2f808c	遭遇	2022-08-12 22:04:20
AWS	AWSタグが付けられた新着投稿 - Qiita	eclipseで作ったSpringBootアプリをAWSを使って公開する#2	https://qiita.com/sakuraba-coder/items/543690834b474adfd186	eclipse	2022-08-12 22:44:11
Ruby	Railsタグが付けられた新着投稿 - Qiita	あり得ないエラー集（エラーが解決しないときには試してみよう！）	https://qiita.com/cookie20000917/items/0e1bf102a0a1cd2f808c	遭遇	2022-08-12 22:04:20
海外TECH	DEV Community	React.js - Interview Question - duplicate hashtag remover.	https://dev.to/rajeshroyal/reactjs-interview-question-duplicate-hashtag-remover-47c2	React js Interview Question duplicate hashtag remover Had an Interview for React js frontend developer for one of the MNC company The question they asked was to build a Duplicate Hashtag remover Question Statement There has to be an textarea in which user can input as many hashtags as he wants the tags will be separated by a space and starts with symbol Now the task is to find the duplicate hashtags entered by user and and show the listing below the textarea input In the listing there has to be a X delete button by clicking on it it will remove the duplicate from the textarea as well as from the listing of duplicates Sample Input kashmir kashmirvalley srinagar dallake reels trendingreels reelitfeelit viral viralvideos viralvideos viralreels feelkaroreelkaro mountains love couplegoals bucketlist moretocome srinagar dallake reels trendingreels srinagar dallake reels trendingreels srinagar dallake reels trendingreels love bucketlistSample Output kashmir kashmirvalley srinagar dallake reels trendingreels reelitfeelit viral viralvideos viralreels feelkaroreelkaro mountains love couplegoals bucketlist moretocome bucketlistourSolution CodeSandbox link Duplicate Hashtags RemoverTime Duration hr Interviewer was very nice and was helped when I was stuck at updating the state particularly Thank you for reading Let me know if this is helpful and you can also share your questions in the comment box only the live coding or assignment questions	2022-08-12 13:40:26
海外TECH	DEV Community	Appwrite Community Report #17	https://dev.to/appwrite/appwrite-community-report-17-1309	Appwrite Community Report Howdy people We are back with our weekly community report to share with you all what Appwrite has been doing TLDR Presenting before you some newly released videos from the Appwrite team issues solved work in progress and more Appwrite related stuff Stay tuned till the end What s newWe just announced the third project for the OSS Fund Appwrite appwrite Announcing the fourth sponsored project of the Appwrite OSS Fund Lazygit OSS Fund is an initiative by Appwrite to support maintainers like DuffieldJesse Applications are still open get funded or spread the word appwrite io oss fund PM Aug If you are a maintainer or know a maintainer who would love some support tell them about the Appwrite OSS Fund Issues solvedHere s to making Appwrite better everyday Issues we have worked on this week Removed constants from response modelsLink to PRFixed code displays not correctly rendering certain inputLink to PRFixed alert and redirect of successful password resets in AppwriteLink to PRRefactored usage stats to aggregate more stats from already collected lower time period stats instead of using influx dbLink to PR ️What we re currently working onRefactoring permission levelsRefactoring Appwrite s queriesAddition of console log capturing ability in runtimesAddition of fastsms phone provider by community member Garvitomer DiscussionsLet s talk about Appwrite s queriesJoin the discussion here ResourcesTutorial on Staying Up to Date With Appwrite UpgradesBuilding an Open Source Search App With Appwrite and MeilisearchLearning Appwrite in days Days of Appwrite Appwrite Days of Appwrite is a month long event focused at teaching you about all of Appwrite s core concepts and getting you ready to build production ready apps with Appwrite days appwrite io	2022-08-12 13:35:40
海外TECH	DEV Community	Forging GraphQL Bombs, the 2022 version of Zip Bombs	https://dev.to/gauben/forging-graphql-bombs-the-2022-version-of-zip-bombs-5ak1	Forging GraphQL Bombs the version of Zip BombsThis article was originally published on blog escape tech Zip Bombs are a thing of the past but the concept behind them is still relevant nowadays Indeed your GraphQL application might be vulnerable to what we ll call GraphQL Bombs in this article Read on to know if you re vulnerable and how to secure your GraphQL application How do zip bombs work Before diving into the topic let s take a moment to understand the concept behind zip bombs Zip files are lossless compressed archives whose most common compression algorithm is named deflate It works by finding repeating patterns in the data then replacing these patterns with a much shorter token Therefore a repetitive sequence of bytes will be much shorter after compression Creating a zip bomb consists of meticulously crafting a sequence of bytes that compress very well by several orders of magnitude Then when the victim decompresses the zip file the resulting data will be much larger than the original archive Aliased queriesGraphQL is a powerful language with many not well known features One of these features is the ability to alias queries Let s consider a simple blog with an article id Int query If we were to fetch one article we would do it like this query article id title author This will produce something like this article title Hello World author John Doe But GraphQL has a nice feature allowing developers to query the same resolver several times with a different return name query first article id title author second article id title author third article id title author This will produce a similar result but article is now aliased as first second and third first title Hello World author John Doe second title Yay second article author Jane Doe third title That s a lot of articles author Jaune D œuf You may already notice something there and indeed you can already design a first vulnerability to exploit this feature aliasing facilitates brute force mutation a login user john password password id a login user john password qwerty id a login user john password id Let s try the most common passwords File uploadsThe second part of the vulnerability requires having enabled file uploads over GraphQL Many popular GraphQL engines support uploads in GraphQL some even natively The GraphQL multipart specification describes how to implement file uploads in GraphQL While usual GraphQL queries are sent as application json file uploads are sent as multipart form data This means that the HTTP request body has multiple parts and their functions described in the specification can be summarized as follows The operations part contains the GraphQL query This is the part that is usually sent as application json The map part helps the server to find data in the request body Any other part can be used in the operations part as long as it is correctly mapped These parts may contain any type of data the server can handle but are usually images or binary data Here is what a profile picture upload looks like POST graphql HTTP Connection keep aliveContent Length Content Type multipart form data boundary boundaryMGvRzAGpOEHryHost example com boundaryMGvRzAGpOEHryContent Disposition form data name operations query mutation picture File updateUserPicture picture picture variables picture null boundaryMGvRzAGpOEHryContent Disposition form data name map file variables picture boundaryMGvRzAGpOEHryContent Disposition form data name file filename gautier jpg Content Type image jpeg kB of binary data boundaryMGvRzAGpOEHry You can see here that the part having name file is mapped to variables picture allowing the server to find the file in the request body GraphQL file uploads work almost the same as file uploads in REST at least from the HTTP perspective which means that vulnerabilities that exist in REST can be exploited in GraphQL But unfortunately that s not all… GraphQL bombsAs you might have guessed GraphQL bombs combine the two previous features introduced in the article The concept is the following referencing the same file several times using aliased queries Let s consider that we call updateUserPicture picture File one thousand times using aliases with all calls referencing the same MB file mutation a updateUserPicture picture picture a updateUserPicture picture picture a updateUserPicture picture picture a updateUserPicture picture picture This request would be less than MB but would result in GB of data for the server to process Depending on what the server does with the data this request may cause memory or CPU exhaustion leading to decreased performance or even a server crash MitigationThere are several steps necessary to mitigate this vulnerability Properly configure the server limits to file uploads For Apollo with graphqlUploadExpressFor GraphQL YogaLimit the usage of batching and aliasing with GraphQL Armor an open source project developed by Escape GraphQL Security to address the most common GraphQL vulnerabilities If GraphQL Armor does not support your engine yet you may also try graphql no batched queries and graphql no alias	2022-08-12 13:16:24
Apple	AppleInsider - Frontpage News	9 M1 Max MacBook Pros with 64GB RAM are in stock & up to $300 off	https://appleinsider.com/articles/22/08/12/9-m1-max-macbook-pros-with-64gb-ram-are-in-stock-up-to-300-off?utm_medium=rss	M Max MacBook Pros with GB RAM are in stock amp up to offBoth inch and inch MacBook Pro configurations with Apple s M Max chip and GB of memory are discounted exclusively for AppleInsider readers with bonus promo code savings on AppleCare M Max inch and inch MacBook Pro models with GB of memory are eligible for exclusive coupon savings Nine high end configurations are in stock now at Apple Authorized Reseller Adorama ーand up to off when you shop through this activation link and enter promo code APINSIDER during checkout Read more	2022-08-12 13:49:07
海外科学	NYT > Science	Drought Is Declared in Parts of a Hot, Dry Britain	https://www.nytimes.com/2022/08/12/world/europe/uk-heat-wave-drought.html	Drought Is Declared in Parts of a Hot Dry BritainThe announcement by the government will allow water companies to tighten conservation measures Extreme heat warnings have also been issued for parts of southern England and Wales	2022-08-12 14:00:07
海外科学	NYT > Science	C.D.C. Eases Covid Guidelines, Noting Virus Is ‘Here to Stay’	https://www.nytimes.com/2022/08/11/health/virus-cdc-guidelines.html	routine	2022-08-12 13:05:59
ニュース	BBC News - Home	Hosepipe ban: Millions more face restrictions as drought is declared	https://www.bbc.co.uk/news/uk-62508521?at_medium=RSS&at_campaign=KARANGA	conditions	2022-08-12 13:54:57
ニュース	BBC News - Home	Archie Battersbee: Inquest opens into death of Southend 12-year-old	https://www.bbc.co.uk/news/uk-england-essex-62517728?at_medium=RSS&at_campaign=KARANGA	battle	2022-08-12 13:11:13
ニュース	BBC News - Home	Edinburgh Zoo's oldest penguin dies in fox attack	https://www.bbc.co.uk/news/uk-scotland-edinburgh-east-fife-62518174?at_medium=RSS&at_campaign=KARANGA	penguin	2022-08-12 13:15:23
ニュース	BBC News - Home	Tyson Fury says he will stay retired and 'walk away' from boxing	https://www.bbc.co.uk/sport/boxing/62519822?at_medium=RSS&at_campaign=KARANGA	tyson	2022-08-12 13:17:42
ニュース	BBC News - Home	Drought hits Germany's Rhine River: 'We have 30cm of water left'	https://www.bbc.co.uk/news/world-europe-62519683?at_medium=RSS&at_campaign=KARANGA	german	2022-08-12 13:23:33
北海道	北海道新聞	「ヤットサー」阿波おどり開幕　屋外で観客入れ、３年ぶり	https://www.hokkaido-np.co.jp/article/717203/	阿波おどり	2022-08-12 22:26:45
北海道	北海道新聞	女子ゴルフ・ニトリレディス、観戦券をプレゼント	https://www.hokkaido-np.co.jp/article/717251/	女子ツアー	2022-08-12 22:33:12
北海道	北海道新聞	体外受精出生が初の減少　２０年、コロナ影響か	https://www.hokkaido-np.co.jp/article/717174/	体外受精	2022-08-12 22:15:25
北海道	北海道新聞	芽室の朝採りトウキビ　今年も「鮮度直」　空輸で当日中に首都圏に	https://www.hokkaido-np.co.jp/article/717229/	卸売業者	2022-08-12 22:21:22
北海道	北海道新聞	ロ３―２日（１２日）　日本ハム、サヨナラ負け	https://www.hokkaido-np.co.jp/article/717249/	日本ハム	2022-08-12 22:14:47
北海道	北海道新聞	ヤ３―４Ｄ（１２日）　ＤｅＮＡが４連勝	https://www.hokkaido-np.co.jp/article/717250/	連勝	2022-08-12 22:12:00
北海道	北海道新聞	三内丸山、遺構が一部浸水　損壊や流失なし、青森	https://www.hokkaido-np.co.jp/article/717248/	世界文化遺産	2022-08-12 22:12:00
北海道	北海道新聞	ＮＹ円、１３３円半ば	https://www.hokkaido-np.co.jp/article/717247/	外国為替市場	2022-08-12 22:03:00