投稿時間:2022-10-09 19:18:12 RSSフィード2022-10-09 19:00 分まとめ(22件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
python	Pythonタグが付けられた新着投稿 - Qiita	M1MAX でOpenAIの「Whisper」を試してみた	https://qiita.com/satoshi_mac/items/ca54f63c49768fbc23ed	openai	2022-10-09 18:39:50
python	Pythonタグが付けられた新着投稿 - Qiita	Pythonのclassmethodとstaticmethodの違いについて	https://qiita.com/tak_iwasaki/items/46f02b6a519b1f18bc58	class	2022-10-09 18:36:43
js	JavaScriptタグが付けられた新着投稿 - Qiita	npm install ◯◯をすると出てくるエラーに手こずった話	https://qiita.com/hndfavodaismi/items/6b9e17f9c0759c696081	neunsupportedenginenpmwar	2022-10-09 18:07:07
Ruby	Rubyタグが付けられた新着投稿 - Qiita	enumを使用してラジオボタンを実装する[Rails]	https://qiita.com/gogoserver578/items/2b5d13f62843b2158dc9	osamazon	2022-10-09 18:53:37
Ruby	Railsタグが付けられた新着投稿 - Qiita	Ruby on Rails 7にFont Awesome 6を導入	https://qiita.com/YutoYasunaga/items/42ac714cc196e0510de7	awesomefontawesomesvgcore	2022-10-09 18:54:11
Ruby	Railsタグが付けられた新着投稿 - Qiita	enumを使用してラジオボタンを実装する[Rails]	https://qiita.com/gogoserver578/items/2b5d13f62843b2158dc9	osamazon	2022-10-09 18:53:37
海外TECH	DEV Community	Did you know you could use OpenAPI for security?	https://dev.to/nathan20/did-you-know-you-could-use-openapi-for-security-1hke	Did you know you could use OpenAPI for security What is openapi Openapi is a set of tools and standards for creating managing and securing APIs It includes a specification for describing APIs a runtime for executing APIs and a set of tools for managing APIs The goal of the OpenAPI Initiative is to standardize how APIs are described and to make it easier for developers to create use and manage APIs API supports the parameters that each operation requires the data types that are used by the API and other information I already wrote an article about it you can check it before continue to read How can openapi be used for security OpenAPI can be used to secure access to APIs by requiring authentication and authorization for all API calls OpenAPI can also be used to validate input and output data ensuring that data is valid and properly formatted By using OpenAPI developers can be sure that their APIs are secure and reliable I want to talk about these two type of vulnerabilities Lack of Authentication API often suffer of authentication problem For example in this bug report A user has the possibility to get Admin permission with a simple endpoint that used to reset password So how we can avoid this type of Vulnerability Using an Specification can help to have more structure about your permissions level In this example the security definition which apply to this endpoint API operations is pestore auth which include write and read We can see each operation has a scope of defined permissions Having a permissions like this type can help to have a better understanding of permissions for an specific operation path pet findByStatus get security petstore auth write pets read pets Insecure Direct Object Reference IDOR Another important common vulnerability occurs when unvalidated user input can be used for unauthorized access to resources or operations In this bug report the researcher succeed to delete images from others by simply changing id of the image Here we are facing an coding error the lack of verification from the back end leads to a high vulnerability Back end be like Using OAS here won t necessarily solve the problem but can detect the problem more easily and earlier I will explain in the next section What are the benefits of using openapi for security OpenAPI is a great tool for security because it allows you to easily and quickly understand your API This makes it easy for Pentester to understand what your API does and how they can exploit it Additionally OpenAPI is a great tool for automation not only to generate code but also to automated your security testing Using API security tool like Cherrrybomb in earlier stage of development helps you to detect vulnerabilities before the production If you re looking for a new way to understand and manage your API consider using OpenAPI and if you want to secure it consider using CherryBomb to automate your security test Managing and Testing it s the key now your can keep your API safe Star our Github repo and join the discussion in our Discord channel Test your API for free now at BLST	2022-10-09 09:35:04
海外TECH	DEV Community	HTTP based OOP	https://dev.to/polterguy/http-based-oop-3lj7	HTTP based OOPThere is a reason why I don t like classic OOP The primary one being that it destroys my creativity and ability to express myself As proof of that realise I just invented HTTP based OOP with inheritance and polymorphism with the capability of overriding an existing HTTP endpoint and inject additional logic in my HTTP interceptor allowing me to extend the original HTTP invocation This allows me to inject additional custom business logic in my original HTTP endpoint without modifying it And of course it s almost impossible to implement using classic OOP In the video below I am demonstrating how to implement Stripe payments into whatever HTTP API you have from before using polymorphism and overriding my original HTTP invocation Basically I am demonstrating HTTP based OOP overriding my existing endpoint The beauty of this is that it doesn t matter what your original HTTP endpoint is implemented in as long as it accepts JSON and returns JSON You can use this with PythonPHPGraphQLPostgRESTHasuraSupabaseC Java Whatever really More interestingly this is almost impossible to achieve with classic OOP due to OOP s obsession with strongly typing You can literally only do this in a non OOP context where you completely ignore strongly typing Hyperlambda being one such example Implying that Hyperlambda can basically override anything you might have from before as long as it s based upon HTTP and JSON The technique is easily understood by anyone understanding the concept of YALOA or Yet Another Layer Of Abstraction In the video example above I need to apply some tiny changes to my original backend to allow for associating users with Stripe customer IDs create a one to many relationship between users and payment methods and store payments and subscriptions internally in my app However these changes would be microscopic in nature compared to the code required to implement Stripe manually in my own backend Hence I basically eliminate of the burden required to implement Stripe And if I want to I can probably create a generalised version of the above example where I am no longer dependent upon Stripe but can easily exchange my payment provider with any other payment provider by simply changing my Hyperlambda file The last part allows me to change my payment provider without touching my own backend but instead simply providing an additional overridden HTTP method Notice if you want to ensure your intercepted HTTP endpoint becomes the equivalent of private you might want to attach some secret token to the invocations towards your encapsulated endpoint and only exposing it to your Magic cloudlet If you don t do this people capable of guessing the URL to your original endpoint might in theory be able to fake payments getting product for free The process is quite simple Create a Hyperlambda endpointInvoke your own extended business logic in your Hyperlambda endpointInvoke the overridden HTTP endpoint optionally with additional data resulting from executing your HyperlambdaReturn to the client whatever data your encapsulated endpoint returnsParadoxically HTTP based OOP is not only good OOP but also good SOLID and for the most parts obeys by the Open Closed Principle and there is zero OOP in it To explain it a bit humorously with some geek humour No classes where harmed while inventing HTTP OOPWatch the above video to understand the concept Now as to what to refer to this as I ve got no idea however my initial intuition tells me it is O as in Objects to the second exponent or something Suggestions DAt least that name would make Bjarne Stroustrup and Anders Hejlsberg choke for a while on their morning coffee I want to emphasise that this is almost impossible using classic OOP and requires a super dynamic programming language such as Hyperlambda To reproduce what I am doing register for a cloudlet below and start playing with O Get a month free Aista Magic Cloudlet hereThank you for reading now let the debate begin DBelow is my code echo post hladd x get nodes x arguments returncustomer post hl arguments description Interceptor invoking Stripe to create a Stripe customer for then to attach the customer ID to specified payload before invoking intercepted endpoint Invoking Stripe to create a customer for then to attach the customer ID to the payload we re passing in to the original endpoint before invoking intercepted endpoint now with a Stripe Customer ID allowing you to associate the user internally with a Stripe customer object before If you re using automatic tax calculations you ll need to pass in the IP address of the client At which point you ll have to uncomment the line of code below and pass it into slot invocation request headers get X Real IP Sanity checking invocation validators mandatory x arguments name validators mandatory x arguments email validators email x arguments email Invoking Stripe API unwrap x signal stripe customers create name x arguments name email x arguments email ip address x request headers get Attaching Stripe s customer id to the payload unwrap x add x http post payload stripe customer id x signal Evaluating Stripe lambda object eval x before Endpoint we re intercepting endpoint Checking if we ve got an Authorization HTTP header at which point we forward it to the original HTTP endpoint request headers get Authorizationif not null x request headers get lambda add x http post headers Authorization x request headers get Forwarding arguments given to endpoint to intercepted endpoint add x http post payload get nodes x arguments Invoking the intercepted HTTP endpoint http post x endpoint headers Content Type application json convert true payload Returning the intercepted endpoint s status code response status set x http post Returning response payload from intercepted endpoint to caller add x get nodes x http post content returnpayment method post hl arguments description Interceptor invoking Stripe to create a payment method for the specified customer for then to attach the payment method id and payment method data to the specified payload before invoking intercepted endpoint Invoking Stripe to create a payment method and associate it with the specified customer for then to attach the payment data to the original endpoint before we invoke intercepted endpoint before Sanity checking invocation validators mandatory x arguments card number validators mandatory x arguments card exp month validators mandatory x arguments card exp year validators mandatory x arguments card cvs validators mandatory x arguments customer id Invoking Stripe to create a payment method unwrap x signal stripe payment methods create card number x arguments card number card exp month x arguments card exp month card exp year x arguments card exp year card cvs x arguments card cvs Invoking Stripe to attach the payment method to the customer unwrap x signal stripe payment methods attach customer id x arguments customer id payment method x before signal id Making sure we pass in last digits of card to intercepted endpoint strings length x arguments card number math subtract x int strings substring x arguments card number get value x math subtract int Passing in brand payment method id and last digits of card to intercepted endpoint unwrap x add x http post payload brand x before signal brand card x strings substring payment method id x before signal id Removing card data remove nodes x arguments card number remove nodes x arguments card exp month remove nodes x arguments card exp year remove nodes x arguments card cvs Evaluating before lambda object eval x before Endpoint we re intercepting endpoint Checking if we ve got an Authorization HTTP header at which point we forward it to the original HTTP endpoint request headers get Authorizationif not null x request headers get lambda add x http post headers Authorization x request headers get Forwarding arguments given to endpoint to intercepted endpoint add x http post payload get nodes x arguments Invoking the intercepted HTTP endpoint http post x endpoint headers Content Type application json convert true payload Returning the intercepted endpoint s status code response status set x http post Returning response payload from intercepted endpoint to caller add x get nodes x http post content returnpayment post hl arguments description Interceptor invoking Stripe to create a payment for a customer for then to attach the payment data to specified payload before invoking intercepted endpoint Invoking Stripe to create a payment and associate it with the customer for then to attach the payment data to the payload we re passing in to the original endpoint before validators mandatory x arguments amount validators mandatory x arguments currency validators mandatory x arguments payment method validators mandatory x arguments customer id unwrap x signal stripe payments create amount x arguments amount currency x arguments currency payment method x arguments payment method customer id x arguments customer id Passing in payment data to intercepted endpoint unwrap x add x http post payload payment id x signal id Evaluating before lambda object eval x before Endpoint we re intercepting endpoint Checking if we ve got an Authorization HTTP header at which point we forward it to the original HTTP endpoint request headers get Authorizationif not null x request headers get lambda add x http post headers Authorization x request headers get Forwarding arguments given to endpoint to intercepted endpoint add x http post payload get nodes x arguments Invoking the intercepted HTTP endpoint http post x endpoint headers Content Type application json convert true payload Returning the intercepted endpoint s status code response status set x http post Returning response payload from intercepted endpoint to caller add x get nodes x http post content returnsubscription delete hl arguments description Interceptor invoking Stripe to create a subscription for a customer for then to attach the subscription id to specified payload before invoking intercepted endpoint Invoking Stripe to create a subscription and associate it with the customer for then to attach the subscription data to the payload we re passing in to the original endpoint before Sanity checking invocation validators mandatory x arguments subscription Invoking Stripe unwrap x signal stripe subscriptions cancel subscription x arguments subscription Evaluating before lambda object eval x before Endpoint we re intercepting endpoint Checking if we ve got an Authorization HTTP header at which point we forward it to the original HTTP endpoint request headers get Authorizationif not null x request headers get lambda add x http post headers Authorization x request headers get Forwarding arguments given to endpoint to intercepted endpoint add x http post payload get nodes x arguments Invoking the intercepted HTTP endpoint http post x endpoint headers Content Type application json convert true payload Returning the intercepted endpoint s status code response status set x http post Returning response payload from intercepted endpoint to caller add x get nodes x http post content returnsubscription post hl arguments description Interceptor invoking Stripe to create a subscription for a customer for then to attach the subscription id to specified payload before invoking intercepted endpoint Invoking Stripe to create a subscription and associate it with the customer for then to attach the subscription data to the payload we re passing in to the original endpoint before Sanity checking invocation validators mandatory x arguments price validators mandatory x arguments customer id validators mandatory x arguments payment method Invoking Stripe unwrap x signal stripe subscriptions create price x arguments price payment method x arguments payment method customer id x arguments customer id Passing in subscription data to intercepted endpoint unwrap x add x http post payload subscription id x signal id product x signal product Evaluating before lambda object eval x before Endpoint we re intercepting endpoint Checking if we ve got an Authorization HTTP header at which point we forward it to the original HTTP endpoint request headers get Authorizationif not null x request headers get lambda add x http post headers Authorization x request headers get Forwarding arguments given to endpoint to intercepted endpoint add x http post payload get nodes x arguments Invoking the intercepted HTTP endpoint http post x endpoint headers Content Type application json convert true payload Returning the intercepted endpoint s status code response status set x http post Returning response payload from intercepted endpoint to caller add x get nodes x http post content return	2022-10-09 09:01:08
海外ニュース	Japan Times latest articles	Yuki Yanagita slam leads Hawks into final stage	https://www.japantimes.co.jp/sports/2022/10/09/baseball/japanese-baseball/hawks-lions-cs-yanagita-slam/	stage	2022-10-09 18:26:33
海外ニュース	Japan Times latest articles	Red Bull’s Max Verstappen wins second Formula One title	https://www.japantimes.co.jp/sports/2022/10/09/more-sports/auto-racing/japanese-gp-verstappen-world-title/	Red Bull s Max Verstappen wins second Formula One titleVerstappen crossed the line first at the Japanese Grand Prix and was awarded the title when second place finisher Charles Leclerc was given a five second penalty	2022-10-09 18:24:55
ニュース	BBC News - Home	Nicola Sturgeon 'will never give up' on independence	https://www.bbc.co.uk/news/uk-scotland-scotland-politics-63186284?at_medium=RSS&at_campaign=KARANGA	referendum	2022-10-09 09:48:38
ニュース	BBC News - Home	Protests in Iran: State-run live TV hacked by protesters	https://www.bbc.co.uk/news/world-middle-east-63188795?at_medium=RSS&at_campaign=KARANGA	leader	2022-10-09 09:52:56
ニュース	BBC News - Home	Creeslough: Tributes to Donegal petrol station explosion victims	https://www.bbc.co.uk/news/world-europe-63188425?at_medium=RSS&at_campaign=KARANGA	government	2022-10-09 09:55:13
サブカルネタ	ラーブロ	新店　豚骨ラーメン＆まぜそば 南銀星　豚骨ラーメン(500円)麺硬め	http://ra-blog.net/modules/rssc/single_feed.php?fid=203437	埼玉県さいたま市大宮区仲町	2022-10-09 10:22:36
サブカルネタ	ラーブロ	新店　とんこつラーメン無極 北浦和店　無極ラーメン(780円)太麺硬め普通普通無料半ライス	http://ra-blog.net/modules/rssc/single_feed.php?fid=203438	埼玉県さいたま市浦和区常盤	2022-10-09 10:14:16
北海道	北海道新聞	米財務長官、ドル高は「適切」　各国はインフレに拍車	https://www.hokkaido-np.co.jp/article/743090/	財務長官	2022-10-09 18:30:00
北海道	北海道新聞	女子は旭龍谷、男子は札山の手Ｖ　全道高校駅伝	https://www.hokkaido-np.co.jp/article/743084/	網走スポーツ	2022-10-09 18:29:03
北海道	北海道新聞	美唄市長選　桜井氏が出馬意向	https://www.hokkaido-np.co.jp/article/743088/	美唄市長選	2022-10-09 18:27:00
北海道	北海道新聞	全国旅行支援　道内準備大詰め　１１日から、需要喚起に期待　発表遅く対応混乱も	https://www.hokkaido-np.co.jp/article/743087/	需要	2022-10-09 18:26:26
北海道	北海道新聞	なでしこ、ＮＺに快勝　サッカー女子国際親善	https://www.hokkaido-np.co.jp/article/743085/	国際親善試合	2022-10-09 18:11:00
北海道	北海道新聞	岸田内閣支持率、続落３５％　不支持４８％　細田氏説明「不十分」８７％	https://www.hokkaido-np.co.jp/article/743080/	世論調査	2022-10-09 18:06:12
北海道	北海道新聞	ロシア部分動員令　混乱続く　病人を招集、地方で多く動員…　金やモノで反発回避図る　訓練施設「まるで廃墟」	https://www.hokkaido-np.co.jp/article/743082/	部分	2022-10-09 18:04:08