
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
operations_middleware
Advanced tools
= Operations Middleware
This library provides a piece of Rack middleware for monitoring application status. To include it in a rails application, you need to provide the following minimum configuration:
config.gem 'operations_middleware' require 'operations_middleware' config.middleware.use OperationsMiddleware do |ops| ops.file_root = RAILS_ROOT end
== Version Page
This will provide a page at /ops/version which shows, in development mode, the current git branch and last commit SHA. In all other modes, it shows the same information, but taken from the contents of VERSION and REVISION files in the file_root directory. If you are deploying with Capistrano, the REVISION file will be created for you. If you want the VERSION file, you'll need to add that to your project or your Capistrano scripts.
== Heartbeat Page
It also provides a simple page at /ops/heartbeat which returns a 200 'OK' as long as the application is running.
The application name is taken from the enclosing folder of the file_root option. If that folder is a Capistrano timestamped release, it goes up 2 additional levels for the name, stripping .com from the end of the directory if necessary. If this logic does not get the correct application name, it can be set manually in the configuration block:
ops.app_name = 'Custom Application Name'
=== Adding Custom Heartbeats
Additionally, you can specify custom heartbeat monitoring pages as follows:
ops.heartbeat[:mysql] = lambda do conn = ActiveRecord::Base.connection migrations = conn.select_all("SELECT COUNT(1) FROM schema_migrations;") conn.disconnect! end
The mysql example shown above would be accessed at ops/heartbeat/mysql. The heartbeat can be set to any object which responds to call. The heartbeat page will return a 200 'OK' as long as the provided lambda does not raise an error. If an error is raised, a 500 will be returned instead.
== Note on Patches/Pull Requests
== Copyright
Copyright (c) 2010 PRIMEDIA Inc. See LICENSE for details.
FAQs
Unknown package
We found that operations_middleware demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.