
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
github.com/opentelekomcloud/gophertelekomcloud
GopherTelekomCloud is a OpenTelekomCloud clouds Go SDK. GopherTelekomCloud is based on Gophercloud which is an OpenStack Go SDK and has a great design. GopherTelekomCloud has added and removed some features to support OpenTelekomCloud.
Installation with modern Go and go mod
is really simple:
Just run go mod download
to install all dependencies.
Because you'll be hitting an API, you will need to retrieve your OpenTelekomCloud credentials and store them using
standard Openstack approaches:
either clouds.yaml
file (recommended) or environment variables.
You will need to retrieve the following:
Once you have access to your credentials, you can begin plugging them into Golangsdk. The next step is authentication, and this is handled by a base "Provider" struct. To get one, you can either pass in your credentials explicitly, or tell Golangsdk to use environment variables:
opts := golangsdk.AuthOptions{
IdentityEndpoint: "https://openstack.example.com:5000/v2.0",
Username: "{username}",
Password: "{password}",
}
client, err := openstack.AuthenticatedClient(opts)
env := openstack.NewEnv("OS_") // use OS_ prefixed env variables
client, err := env.AuthenticatedClient()
The ProviderClient
is the top-level client that all of your OpenTelekomCloud services derive from. The provider
contains all of the authentication details that allow your Go code to access the API - such as the base URL and token
ID.
Once we have a base Provider, we inject it as a dependency into each OpenTelekomCloud service. In order to work with the rds API, we need a rds service client; which can be created like so:
client, err := openstack.NewRdsServiceV1(provider, golangsdk.EndpointOpts{
Region: utils.GetRegion(ao),
})
We then use this client
for any rds API operation we want. In our case, we want to provision a rds instance - so we
invoke the Create
method and pass in the name and the flavor ID (database specification) we're interested in:
import "github.com/opentelekomcloud/gophertelekomcloud/openstack/rds/v1/instances"
instance, err := instances.Create(client, instances.CreateOpts{
Name: "My new rds instance!",
FlavorRef: "flavor_id",
}).Extract()
The above code sample creates a new rds instance with the parameters, and embodies the new resource in the instance
variable (ainstances.Instance
struct).
Have a look at the FAQ for some tips on customizing the way Golangsdk works.
None. Vendor it and write tests covering the parts you use.
See the contributing guide.
If you're struggling with something or have spotted a potential bug, feel free to submit an issue to our bug tracker.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.