Oli Booty olibooty

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

58 bytes of CSS to look great nearly everywhere

When making this website, i wanted a simple, reasonable way to make it look good on most displays. Not counting any minimization techniques, the following 58 bytes worked well for me:

main {
  max-width: 38rem;
  padding: 2rem;
  margin: auto;
}

Do not use forEach with async-await

TLDR: Use for...of instead of forEach() in asynchronous code.

For legacy browsers, use for(...;...;...) or [].reduce()

To execute the promises in parallel, use Promise.all([].map(...))

The problem

Authentication with an Express API and Postgres

Setting Up

Let's make sure our Express app has the required base modules:

# within root of API
npm install --save express pg knex bcrypt
npm install --save-dev nodemon

	import { useState, useEffect, useRef, useMemo } from 'react'

	export default function Wordle() {
	let [currentAttempt, setCurrentAttempt] = useState('')
	let [bestColors, setBestColors] = useState(() => new Map())
	let [history, setHistory] = usePersistedHistory(h => {
	waitForAnimation(h)
	})

	useEffect(() => {

	import React from 'react'

	import { Editor } from '@tiptap/react'

	import {
	BoldSVG,
	BulletsSVG,
	ImageSVG,
	ItalicSVG,
	LinkSVG,

	/**
	* Sets up a DOM MutationObserver that watches for elements using undefined CSS
	* class names. Performance should be pretty good, but it's probably best to
	* avoid using this in production.
	*
	* Usage:
	*
	* import cssCheck from './checkForUndefinedCSSClasses.js'
	*
	* // Call before DOM renders (e.g. in <HEAD> or prior to React.render())

	/* From http://thatemil.com/blog/2015/01/03/reset-your-fieldset/ by Emil Björklund */

	legend {
	display: table;
	padding: 0;
	}
	fieldset {
	border: 0;
	margin: 0;
	min-width: 0;

	// in src/schema.spec.js
	const { graphql } = require('graphql');
	const schema = require('./schema');

	it('responds to the Tweets query', () => {
	// stubs
	const queryStub = q => {
	if (q == 'SELECT * from tweets') {
	return Promise.resolve({ rows: [
	{ id: 1, body: 'Lorem Ipsum', date: new Date(), author_id: 10 },

	// input
	// [
	// 'pref-001\|choice-001',
	// 'pref-001\|choice-002',
	// 'pref-002\|choice-001',
	// ]


	// output
	// [