
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
github.com/godelabs/aws-lambda-demux
Library to help Go developers handle multiple types of events (de-multiplexing) in AWS Lambda functions.
The primary function of this library is to create events of a specific type and dispatch those to appropriate handlers.
To do so the demuxer is configured with Factory
and Handler
instances.
Factories are responsible for determining the type of the event (based off the incoming JSON) and creating an instance of that event.
Handlers are responsible for, well, handling that event. Handlers are as used in aws-lambda-go , with the restriction
of having a signature of func(context.Context, *eventType) (*responseType, error)
. eventType
and responseType
can be any struct with the appropriate json tags to map from the event JSON.
A minimal usage showing a lambda that handles REST API request and Websocket lifecycle events:
// main.go
package main
import (
"github.com/aws/aws-lambda-go/lambda"
"github.com/cloudshiftinc/aws-lambda-demux/demux"
)
func main() {
cfg := &demux.Cfg{
Factories: []demux.Factory{
func(ctx *demux.EventContext) any {
if demux.HasAttribute(ctx.Event, "connectionId") {
return &events.APIGatewayWebsocketProxyRequest{}
}
return &events.APIGatewayProxyRequest{}
},
},
Handlers: []any{
func(ctx context.Context, event *events.APIGatewayWebsocketProxyRequest) (
*events.APIGatewayProxyResponse, error) {
// TODO - your code here to handle websocket event
return &events.APIGatewayProxyResponse{}, nil
},
func(ctx context.Context, event *events.APIGatewayProxyRequest) (
*events.APIGatewayProxyResponse,
error) {
// TODO - your code here to handle HTTP/REST event
return &events.APIGatewayProxyResponse{}, nil
},
},
}
lambda.Start(demux.NewHandler(cfg))
}
This library is not limited to event types in aws-lambda-go; any event type (including your own custom ones) that as appropriate JSON mappings can be used.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.