Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The neetob
gem gives a different set of commands for interacting with Github repos, Heroku instances, neetoDeploy instances and other tools to manage the workflow of neeto products.
Install and update the gem using the following command:
gem install neetob && gem update neetob
Use the help
keyword to access a list of all the available commands and options.
neetob help
Commands:
neetob github # Interact with any resource in Github
neetob help [COMMAND] # Describe available commands or one specific command
neetob heroku # Interact with any resource in Heroku
neetob users # Interact with the contributors of neeto apps
neetob make-repos-uptodate # Update all neeto repos
Options:
[--sandbox] # All the commands in sandbox mode will run only on the "neeto-dummy" app
Option | Meaning |
---|---|
--repos | Target repo names |
--apps | Target app names |
--sandbox | Sandbox mode |
--no-sandbox | Non-Sandbox mode |
--help | Provides information on a command |
The commands within neetob
should be used with caution, as improper usage may result in unintended consequences, and some actions may not be reversible. By default, all commands will be executed in non-sandbox mode.
This list of repos is used as the "source of truth".
neetob
allows you to pass list of apps in the following three formats.
// all staging heroku instances
--apps "neeto-*-staging"
// all production heroku instances
--apps "neeto-*-production"
// all staging and production instances
--apps "neeto-*-web"
// for local testing
--apps neeto-dummy
For safety reasons all the examples given below would be using --apps neeto-*-staging
.
Check the list of all the available subcommands for the github
command by utilizing the help
keyword.
neetob github help
# Lists and counts all the open issues that are currently unassigned
neetob github issues list --count --state open --assignee none --repos "neeto-*-staging"
# Lists, counts and filters all unassigned open issues that are labeled as "bug"
neetob github issues list --count --label bug --state open --assignee none \
--repos "neeto-*-staging"
# Creates an issue in Github repos
# You will be prompted to enter issue title, description etc.
neetob github issues create --repos "neeto-*-web"
# Creates an issue in engine repos
neetob github issues create --repos "engines"
# Creates an issue in nano repos
neetob github issues create --repos "nanos"
The labels
command provides an interface for interacting with Github labels.
# Lists the details of all the labels in the Github repo
neetob github labels list --repos "neeto-*-staging"
# Provides the details for a specific label in the Github repo
neetob github labels show --name priority --repos "neeto-*-staging"
# Changes the name of the label
neetob github labels update --old-name "High Priority" --new-name \
"high-priority" --repos "all"
# Updates and inserts all the labels mentioned in the file "data/github-labels.json"
neetob github labels upsert --repos "all"
# Accepts a different JSON file using `path` option
neetob github labels upsert --path ~/Desktop/labels.json --repos "neeto-*-staging"
# Upsert a single label using `name`, `color`, and `description` options
# No `#` is required while adding `color`
neetob github labels upsert --name UI --color 8250df --description \
"UI work needed" --repos "all"
# Deletes the given labels from the Github repos
neetob github labels delete --labels "High Priority" "Priority 1" "bug" \
--repos "neeto-*-staging"
# Deletes all the labels from the Github repos
neetob github labels delete_all --repos "neeto-*-staging"
Check out the default labels file for the required JSON file structure.
Don't use #
before the color code.
{
"name": "0.25D",
"description": "Estimate - 2 hours",
//"color": "#9E800A", // Wrong usage
"color": "9E800A" // Correct usage
}
Searches for keywords across multiple neeto projects within specified files by utilizing the search
command.
neetob github search --keyword neeto --path README.md --repos "neeto-*-staging"
We can also use regular-expressions as the value for both the keyword and the path of the file.
neetob github search --keyword "ne*to" --path ".*\.md$" --repos "neeto-*-staging"
The above command searches for all occurrences of any word matching the given reg-expression in all files with the extension ".md".
We can pass the --replace
option to replace all found instances of the keyword with another word.
Run brakeman on neeto repos & create issues wherever any security vulnerabilities are found.
neetob github brakeman --repos "neeto-*-web"
Updates branch protection rules in neeto repos by using the protect_branch
command.
neetob github protect_branch --branch main --repos "neeto-*-staging"
By default, file "data/branch-protection-rules.json" will be used for updating the branch protection rules.
The protect_branch
command can also be used with a different JSON file using path
option.
For example, assume we have a file named branch-protection-rules.json
on the Desktop
with the following rules:
{
"required_conversation_resolution": true,
"has_required_deployments": true
}
To update the above-mentioned branch protection rules for the main
branch of all the neeto products, use the following command:
neetob github protect_branch --branch main --path ~/Desktop/branch-protection-rules.json \
--repos "neeto-*-staging"
We can also pass the value all
to the option --repos
with the above mentioned command so that the
branch protection rules can be updated for
all neeto repos.
neetob github protect_branch --branch main --path ~/Desktop/branch-protection-rules.json \
--repos "all"
Note: Unfortunately, utilizing the Github API, we are unable to update the Require deployments to succeed before merging
rule, as it is currently not defined as a parameter within the API. For further information on available options to update different branch protection rules, kindly refer to the official Github documentation.
The make-pr
command creates pull requests across Github repos.
# The `compliance-fix` command runs `bundle install` and
# `bundle exec neeto-audit -a` inside all repos and create a PR.
neetob github make-pr compliance-fix
# Fix compliance for nanos
neetob github make-pr compliance-fix --nanos
# Add labels to PRs
neetob github make-pr compliance-fix --labels "bug,priority"
# Use local repos to make PRs
neetob github make-pr compliance-fix --local
# The `script` command runs the given script for each product and create a PR
neetob github make-pr script --path ~/Desktop/fix-folders.sh --branch "neetob-test" \
--title "PR title" --description "PR description"
# Create PRs using script in neeto frontend packages
neetob github make-pr script --path ~/Desktop/fix-folders.sh --branch "neetob-test" \
--title "PR title" --description "PR description" --frontend-packages
The gems release
command releases the lastest gem for all neeto nanos.
# Releases the latest gem for all nanos
neetob github gems release
# Releases the latest gem for given nanos
neetob github gems release --nanos neeto-monitor-ruby neeto-bugtrap-ruby
Authenticate through your browser and update your Github access token by utilizing the login
command.
neetob github login
The redirections check
command can check if redirection from a given source URL to a given destination URL is working properly.
neetob redirections check -s https://academy.bigbinary.com -d https://bigbinaryacademy.com
Utilize the help
command to list all the available subcommands under the Heroku module for interacting with the Heroku resources.
neetob heroku help
The config_vars
command interacts with Heroku config variables.
# The `list` command lists all the Heroku config variables
neetob heroku config_vars list --apps "neeto-*-staging"
# List specific Heroku config variables using `keys` option
neetob heroku config_vars list --apps "neeto-*-staging" --keys key1 key2 key3
# List specific Heroku config variables using a file
# Checkout the `data/config-vars-list.json` file for the required structure
neetob heroku config_vars list --apps "neeto-*-staging" --path \
neetob/data/config-vars-list.json
# The `audit` command checks the config variables against the JSON file named as
# `required-config-vars.json` that is present inside the `data` directory at the root of
# installed `neetob` gem
neetob heroku config_vars audit --apps "neeto-*-staging"
# The `audit` command also works with a different JSON file using `--path` option
neetob heroku config_vars audit --path ~/Desktop/config.json --apps "neeto-*-staging"
# The `upsert` command adds or updates config variables from the
# `data/config-vars-upsert.json` file present at the root of installed `neetob` gem
neetob heroku config_vars upsert --apps "neeto-*-staging"
# The `remove` command deletes config variables
neetob heroku config_vars remove --keys=TEST_KEY_1 TEST_KEY_2 --apps "neeto-*-staging"
We can use a custom JSON file with upsert
command using the --path
option.
For example, assume we have a file named config.json
on the Desktop, like so:
{
"NEETO_WIDGET_API_KEY": "jh4c1SC5cS5BvRbcBk4LD",
"NEETO_KB_API_KEY": "Lxh7vUKkRewfxSg4dg834",
"NEETO_CHAT_API_KEY": "sYnMTSCWLxkNbkHRXL1Xtd"
}
To update the above-mentioned config variables to all staging apps, we can use the upsert
command like so:
neetob heroku config_vars upsert --path ~/Desktop/config.json --apps "neeto-*-staging"
The upsert
command can also update or insert project-specific config variables.
For example, assume we have a file named config.json
on the Desktop
with the following properties:
{
"neeto-chat-web-staging": {
"NEETO_WIDGET_API_KEY": "jh4c1SC5cS5BvRbcBk4LD"
},
"neeto-testify-web-production": {
"NEETO_KB_API_KEY": "Lxh7vUKkRewfxSg4dg834"
},
"neeto-desk-web-staging": {
"NEETO_CHAT_API_KEY": "sYnMTSCWLxkNbkHRXL1Xtd"
}
}
To update the above-mentioned config variables under the defined project, we can use the upsert command like so:
neetob heroku config_vars upsert --path_with_project_keys ~/Desktop/config.json --apps "neeto-*-staging"
The access
command list, add and remove users from multiple Heroku apps.
# List all the users from Heroku apps
neetob heroku access list --apps "neeto-*-staging"
# Add new users to the Heroku apps
neetob heroku access add --users oliver@bigbinary.com eve@bigbinary.com --apps "neeto-*-staging"
# Remove the users from the Heroku apps
neetob heroku access remove --users oliver@bigbinary.com eve@bigbinary.com --apps \
"neeto-*-staging"
The execute
command executes a Heroku CLI command or a Rails console command for multiple neeto apps in one go.
# Execute Heroku CLI command
neetob heroku execute -c "heroku access" --apps "neeto-*-staging"
# Execute Rails console command
neetob heroku execute -c "Sidekiq::Cron::Job.destroy \"server_side_worker\"" --apps \
"neeto-*-staging" --rails
Utilize the help
command to list all the available subcommands under the NeetoDeploy
module for interacting with the neetoDeploy resources.
neetob neetoDeploy help
The config_vars
command interacts with neetoDeploy config variables.
# The `list` command lists all the neetoDeploy config variables
neetob neetodeploy config_vars list --apps "neeto-*-staging"
# The `upsert` command adds or updates config variables from the
# `data/config-vars-upsert.json` file present at the root of installed `neetob` gem
neetob neetodeploy config_vars upsert --apps "neeto-*-staging"
# The `remove` command deletes config variables
neetob neetodeploy config_vars remove --keys=TEST_KEY_1 TEST_KEY_2 --apps "neeto-*-staging"
We can use a custom JSON file with upsert
command using the --path
option.
For example, assume we have a file named config.json
on the Desktop, like so:
{
"NEETO_WIDGET_API_KEY": "jh4c1SC5cS5BvRbcBk4LD",
"NEETO_KB_API_KEY": "Lxh7vUKkRewfxSg4dg834",
"NEETO_CHAT_API_KEY": "sYnMTSCWLxkNbkHRXL1Xtd"
}
To update the above-mentioned config variables to all staging apps, we can use the upsert
command like so:
neetob neetodeploy config_vars upsert --path ~/Desktop/config.json --apps "neeto-*-staging"
The upsert
command can also update or insert project-specific config variables.
For example, assume we have a file named config.json
on the Desktop
with the following properties:
{
"neeto-chat-web-staging": {
"NEETO_WIDGET_API_KEY": "jh4c1SC5cS5BvRbcBk4LD"
},
"neeto-testify-web-production": {
"NEETO_KB_API_KEY": "Lxh7vUKkRewfxSg4dg834"
},
"neeto-desk-web-staging": {
"NEETO_CHAT_API_KEY": "sYnMTSCWLxkNbkHRXL1Xtd"
}
}
To update the above-mentioned config variables under the defined project, we can use the upsert command like so:
neetob neetodeploy config_vars upsert --path_with_project_keys ~/Desktop/config.json --apps "neeto-*-staging"
Use the following commands to check whether autoscaling is enabled or not for an application deployed in NeetoDeploy.
neetodeploy autoscaling_config list -a neeto-replay-web-production
This command will print whether or not autoscaling is enabled for all the process types specified in your Procfile like so.
{"release"=>false, "web"=>true, "worker"=>true}
The cloudflare
command interacts with resources in Cloudflare. For all the following commands you need to pass CLOUDFLARE_API_KEY
as an environment variable.
Use the ssl_mode
command to check if SSL/TLS is set to Full or not in Cloudflare.
CLOUDFLARE_API_KEY="Bearer APIKEY" neetob cloudflare ssl_mode -d "neetocode.com"
This will print the output like so:
SSL Mode is set to full
or like so if the SSL mode is set to Full (strict)
:
SSL Mode is set to strict
Use the min_tls_version
command to check the value of the Minimum TLS version setting in Cloudflare for your domain.
CLOUDFLARE_API_KEY="Bearer APIKEY" neetob cloudflare min_tls_version -d "neetocode.com"
This will print the output like so:
Minimum TLS version is set to 1.2
Use the always_use_https
command to check if always use HTTPS is turned on in Cloudflare for your domain.
CLOUDFLARE_API_KEY="Bearer APIKEY" neetob cloudflare always_use_https -d "neetocode.com"
This will print the output like so:
Always use HTTPS is turned on
Use the verify_spf
command to check if SPF settings are configured properly or not in Cloudflare for your domain.
CLOUDFLARE_API_KEY="Bearer uw_ec9MQAaLybH27dNQiZ4t1dELLx061A6hbfWM-" neetob cloudflare verify_spf -d "neetocode.com"
This will print the output like so:
Only one TXT record for SPF present
SPF TXT 1: v=spf1 include:_spf.mlsend.com include:_spf.google.com -all
Each domain should have only one TXT record for SPF.
Use the bot_fight_mode
command of to check if bot protection is turned on or not in Cloudflare.
CLOUDFLARE_API_KEY="Bearer uw_ec9MQAaLybH27dNQiZ4t1dELLx061A6hbfWM-" neetob cloudflare bot_fight_mode -d "neetocode.com"
This will print the output like so:
Bot fight mode is turned on
Use the dns_proxy
command to check if DNS proxy is enabled for all DNS records of your domain in Cloudflare.
CLOUDFLARE_API_KEY="Bearer uw_ec9MQAaLybH27dNQiZ4t1dELLx061A6hbfWM-" neetob cloudflare dns_proxy -d "neetocode.com"
This will print the output like so:
DNS proxy is turned on for A record neetocode.com
DNS proxy is turned on for A record *.neetocode.com
The neetob sre
command can be used to run a check against all Neeto apps to confirm whether or not the above mentioned essential environment variables are set in the application or not.
You can run it like so and it will print a list of all the apps, whether the environment variables are set, and if they're missing any it will print a list of missing envs.
neetob sre check_essential_env
The users
command interacts with the contributors of neeto applications.
The audit
command checks the contributors across all neeto applications for multiple emails and third-party domain emails.
# Audit all the contributors
neetob users audit
The commits
command lists the commits for a user in a defined duration.
# The below mentioned command will open a list of all the commits across neeto
# product repos made by "udai1931" in the duration of last 6 months
neetob users commits --author udai1931 --duration 6.months
# List commits for a specific product using `--apps` option
neetob users commits --author udai1931 --duration 6.months --apps neeto-kb-web
# List commits for all neeto repos by passing the value `all` to`--apps` option
neetob users commits --author udai1931 --duration 6.months --apps "all"
The make_repos_uptodate
command updates all neeto repos.
neetob make_repos_uptodate
# Update all neeto repos by passing the value `all` to`--repos` option
neetob make_repos_uptodate --repos "all"
Executing the above mentioned command will check and clone all the missing neeto repos in the current working directory and will update all of them to the latest version. After the execution of command the directories will look something like this:
neeto-chat-web
neeto-desk-web
neeto-kb-web
The code
command interacts with the remote neeto repos.
The audit
command checks and lists all tables not using uuid
as it's Primary key.
# Run command on all neeto repos by passing the value `all` to`--apps` option
neetob code audit --apps "neeto-*-web"
The local
command interacts with the local neeto repos.
The ls
command lists the files from all the local neeto repos.
# List all the files in the root directory of neeto repos
neetob local ls --apps "neeto-*-web"
# List files in a specific directory with `--dir` option
neetob local ls --dir public --apps "neeto-*-web"
# List all the files in a nested directory
neetob local ls --dir app/controllers --apps "neeto-*-web"
FAQs
Unknown package
We found that neetob demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.