Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/beeketing/properties
git pull --tags
to update the tags. See below why.properties is a Go library for reading and writing properties files.
It supports reading from multiple files or URLs and Spring style recursive
property expansion of expressions like ${key}
to their corresponding value.
Value expressions can refer to other keys like in ${key}
or to environment
variables like in ${USER}
. Filenames can also contain environment variables
like in /home/${USER}/myapp.properties
.
Properties can be decoded into structs, maps, arrays and values through struct tags.
Comments and the order of keys are preserved. Comments can be modified and can be written to the output.
The properties library supports both ISO-8859-1 and UTF-8 encoded data.
Starting from version 1.3.0 the behavior of the MustXXX() functions is
configurable by providing a custom ErrorHandler
function. The default has
changed from panic
to log.Fatal
but this is configurable and custom
error handling functions can be provided. See the package documentation for
details.
Read the full documentation on GoDoc
import (
"flag"
"github.com/magiconair/properties"
)
func main() {
// init from a file
p := properties.MustLoadFile("${HOME}/config.properties", properties.UTF8)
// or multiple files
p = properties.MustLoadFiles([]string{
"${HOME}/config.properties",
"${HOME}/config-${USER}.properties",
}, properties.UTF8, true)
// or from a map
p = properties.LoadMap(map[string]string{"key": "value", "abc": "def"})
// or from a string
p = properties.MustLoadString("key=value\nabc=def")
// or from a URL
p = properties.MustLoadURL("http://host/path")
// or from multiple URLs
p = properties.MustLoadURL([]string{
"http://host/config",
"http://host/config-${USER}",
}, true)
// or from flags
p.MustFlag(flag.CommandLine)
// get values through getters
host := p.MustGetString("host")
port := p.GetInt("port", 8080)
// or through Decode
type Config struct {
Host string `properties:"host"`
Port int `properties:"port,default=9000"`
Accept []string `properties:"accept,default=image/png;image;gif"`
Timeout time.Duration `properties:"timeout,default=5s"`
}
var cfg Config
if err := p.Decode(&cfg); err != nil {
log.Fatal(err)
}
}
$ go get -u github.com/magiconair/properties
2 clause BSD license. See LICENSE file for details.
I realized that all of the git tags I had pushed before v1.7.5 were lightweight tags
and I've only recently learned that this doesn't play well with git describe
😞
I have replaced all lightweight tags with signed tags using this script which should
retain the commit date, name and email address. Please run git pull --tags
to update them.
Worst case you have to reclone the repo.
#!/bin/bash
tag=$1
echo "Updating $tag"
date=$(git show ${tag}^0 --format=%aD | head -1)
email=$(git show ${tag}^0 --format=%aE | head -1)
name=$(git show ${tag}^0 --format=%aN | head -1)
GIT_COMMITTER_DATE="$date" GIT_COMMITTER_NAME="$name" GIT_COMMITTER_EMAIL="$email" git tag -s -f ${tag} ${tag}^0 -m ${tag}
I apologize for the inconvenience.
Frank
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.