Regular expressions are often used to check if a user input should be allowed for a specific action or lead to an error as it might be malicious. Let’s say we have the following regular expression that should guard the application from allowing any characters that could be used to execute code as part of a template injection: /^[0-9a-z]+$/ At first sight this looks OK: if we have a string containing only numbers and/or characters a-z we will match them and can continue. If we have other characters and are thus not matching this pattern, we can error out. Injecting something like abc<%=7*7%> or any other template injection pattern won’t work. Or will it? It depends… ...

For a little side project I wanted an easy way to perform regular backups of a MariaDB database and upload the resultant dump gzipped to S3. Here are the steps to make this happen. The setup Docker container running MariaDB Docker engine running on a AWS EC2 instance An S3 bucket as the destination for the dumps Writing the backup script We begin with writing our shell script, backup.sh, which we will later execute in regular intervals from our host: ...

When debugging code that integrates with the Claris FileMaker Data API, it is sometimes helpful to trace a request from your app all the way to the code of the Data API. You might be getting an unexpected error response, want to see what data actually arrives on the server, how a wrapper library, if you use any, might translate the request/response, etc. Doing this kind of troubleshooting is much easier when you are able to directly attach a debugger to the remote process. This blog post describes a few steps you can take to remotely debug Data API requests. ...

When you want to debug an application in an environment which is hard to replicate locally and/or you cannot install additional software on the machine it is running on, remotely connecting a debugger might be a good option to find out what’s going (wr)on(g). Let’s have a look how we can remote debug a NodeJS application. I will use VSCodium as the debugging client, but there are certainly other options that work equally fine (you could even use the built-in minimal debugger with node inspect host:port). ...

TL;DR Want to monitor your websites or get notified when your cron jobs or scheduled tasks are not running when they are supposed to run? Check out https://allgood.systems. For quite some time I was planning to build some piece of software that notifies me when a web app goes down, returns unexpected results, or changes content. In addition – since it’s often hard to keep track of all the background jobs that are running – I needed and wanted something that informs me when my services stop (!) doing what they are supposed to do in regular intervals (which is often detected much later and in turns makes recovery/clean-up much harder). ...