
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
github.com/go-macaron/toolbox
Middleware toolbox provides health chcek, pprof, profile and statistic services for Macaron.
go get github.com/go-macaron/toolbox
// main.go
import (
"gopkg.in/macaron.v1"
"github.com/go-macaron/toolbox"
)
func main() {
m := macaron.Classic()
m.Use(toolbox.Toolboxer(m))
m.Run()
}
Open your browser and visit http://localhost:4000/debug
to see the effects.
toolbox.Toolboxer
comes with a variety of configuration options:
type dummyChecker struct {
}
func (dc *dummyChecker) Desc() string {
return "Dummy checker"
}
func (dc *dummyChecker) Check() error {
return nil
}
// ...
m.Use(toolbox.Toolboxer(m, toolbox.Options{
URLPrefix: "/debug", // URL prefix for toolbox dashboard
HealthCheckURL: "/healthcheck", // URL for health check request
HealthCheckers: []HealthChecker{
new(dummyChecker),
}, // Health checkers
HealthCheckFuncs: []*toolbox.HealthCheckFuncDesc{
&toolbox.HealthCheckFuncDesc{
Desc: "Database connection",
Func: func() error { return "OK" },
},
}, // Health check functions
DisableDebug: false, // Turns off all debug functionality when true
PprofURLPrefix: "/debug/pprof/", // URL prefix of pprof
ProfileURLPrefix: "/debug/profile/", // URL prefix of profile
ProfilePath: "profile", // Path store profile files
}))
// ...
Toolbox also comes with a route call statistic functionality:
import (
"os"
"time"
//...
"github.com/go-macaron/toolbox"
)
func main() {
//...
m.Get("/", func(t toolbox.Toolbox) {
start := time.Now()
// Other operations.
t.AddStatistics("GET", "/", time.Since(start))
})
m.Get("/dump", func(t toolbox.Toolbox) {
t.GetMap(os.Stdout)
})
}
Output take from test:
+---------------------------------------------------+------------+------------------+------------------+------------------+------------------+------------------+
| Request URL | Method | Times | Total Used(s) | Max Used(μs) | Min Used(μs) | Avg Used(μs) |
+---------------------------------------------------+------------+------------------+------------------+------------------+------------------+------------------+
| /api/user | POST | 2 | 0.000122 | 120.000000 | 2.000000 | 61.000000 |
| /api/user | GET | 1 | 0.000013 | 13.000000 | 13.000000 | 13.000000 |
| /api/user | DELETE | 1 | 0.000001 | 1.400000 | 1.400000 | 1.400000 |
| /api/admin | POST | 1 | 0.000014 | 14.000000 | 14.000000 | 14.000000 |
| /api/user/unknwon | POST | 1 | 0.000012 | 12.000000 | 12.000000 | 12.000000 |
+---------------------------------------------------+------------+------------------+------------------+------------------+------------------+------------------+
This project is under Apache v2 License. See the LICENSE file for the full license text.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.