[B! nodejs] hasegawayosukeã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

hasegawayosuke id:hasegawayosuke

nodejsã«é–¢ã™ã‚‹hasegawayosukeã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (9)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

GitHub - HoLyVieR/prototype-pollution-nsec18: Content released at NorthSec 2018 for my talk on prototype pollution
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
hasegawayosuke 2018/10/30
prototype pollution

nodejs

javascript

security
ãƒªãƒ³ã‚¯
CVE-2018-7160 - Pwning (NodeJS) Developers
TL;DR:Â Â NodeJS in debug mode did not check the Origin-Header of websocket connections. This could lead to arbitrary code execution on victims systems if they visited a malicious website while debugging NodeJS. Visual Studio Code 1.19 - 1.19.2 was running in debug mode by default and exposed all users to this vulnerability. Due to my suspiciousness against 3rd party software (probably a side effect
hasegawayosuke 2018/03/29
nodejs

dns rebinding
ãƒªãƒ³ã‚¯
Node.js Performance æ”¹å–„ã‚¬ã‚¤ãƒ‰ - from scratch
Node.js Performance æ”¹å–„ã‚¬ã‚¤ãƒ‰ Memory ã®å ´åˆ ãƒ¡ãƒ¢ãƒªãƒªãƒ¼ã‚¯ã‹ã©ã†ã‹ã‚’ç‰¹å®šã™ã‚‹ ãƒ¡ãƒ¢ãƒªãƒªãƒ¼ã‚¯ã§ã¯ãªã„å ´åˆ CPU ã®å ´åˆ ã©ã“ã®å‡¦ç†ã«æ™‚é–“ãŒã‹ã‹ã£ã¦ã„ã‚‹ã®ã‹ã‚’ç¢ºèªã™ã‚‹ v8 simple profiler flame graph ã‚’å–å¾—ã™ã‚‹ File ã®å ´åˆ å¤§ããªã‚µã‚¤ã‚ºã®ãƒ•ã‚¡ã‚¤ãƒ«ã‚’ã©ã†ã—ã¦ã‚‚æ‰±ã†æ™‚ Network ã®å ´åˆ keepalive ã‚’ on ã«ã™ã‚‹ ãã®ä»–: å…¨ä½“çš„ã«ãƒ‘ãƒ•ã‚©ãƒ¼ãƒžãƒ³ã‚¹ã‚’æ”¹å–„ã™ã‚‹ãŸã‚ã«ã‚„ã‚‹ã“ã¨ JIT ãŒåŠ¹ã„ã¦ã„ã‚‹ã‹ã‚’ç¢ºèªã™ã‚‹ clusterãŒä½¿ãˆãªã„ã‹æ¤œè¨Žã™ã‚‹ C++ addons vs JavaScript libraries ã¾ã¨ã‚ å‚è€ƒè³‡æ–™ Node.js Performance æ”¹å–„ã‚¬ã‚¤ãƒ‰ ã“ã®è¨˜äº‹ã¯ Node.js 2 Advent Calender ã® 5æ—¥ç›®ã®è¨˜äº‹ã§ã™ã€‚ qiita.com Node.js ã®ãƒ‘ãƒ•ã‚©ãƒ¼ãƒžãƒ³ã‚¹ã«
hasegawayosuke 2017/12/05
nodejs
ãƒªãƒ³ã‚¯
[Node.js] ç„¡æ–™ã§ç°¡å˜ã«ã‚¦ã‚§ãƒ–ã‚¢ãƒ—ãƒªã‚’å…¬é–‹ã§ãã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã€ŒGlitchã€ã‚’ä½¿ã£ã¦ã¿ãŸï¼ - Qiita
Glitchã¨ã¯ Glitchã¯Node.jsã®ã‚¢ãƒ—ãƒªã‚’å…¬é–‹ã™ã‚‹ãŸã‚ã®ã‚µãƒ¼ãƒ“ã‚¹ã§ã™ã€‚ Node.jsã§ã‚¦ã‚§ãƒ–ã‚¢ãƒ—ãƒªã‚’å…¬é–‹ã—ã‚ˆã†ã¨ã™ã‚‹ã¨ã€ã‚µãƒ¼ãƒãƒ¼ã®è¨å®šã—ãŸã‚Šãƒ‰ãƒ¡ã‚¤ãƒ³ã‚’å–å¾—ã—ãŸã‚Šâ€¦ã¨ã¦ã‚‚è¤‡é›‘ã§ã™ã€‚ Glitchã¯ã€ã‚ãªãŸã®å‰µé€ æ€§ã‚’è©¦ã™ã“ã¨ã ã‘ã«é›†ä¸ã§ãã¾ã™ã€‚ Glitchã¯ã€ã‚ã®æœ‰åãªãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆç®¡ç†ãƒ„ãƒ¼ãƒ«ã®Trelloã‚’ã¤ãã£ãŸFogCreekSoftwareç¤¾ã«ã‚ˆã£ã¦é–‹ç™ºãŒé€²ã‚ã‚‰ã‚Œã¦ã„ã¾ã™ï¼ ã‚¢ãƒ—ãƒªã‚’å…¬é–‹ã™ã‚‹ãŸã‚ã ã‘ã§ãªãã€ã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã®Editorãªã©ã‚‚ã¤ã„ã¦ã„ã„æ„Ÿã˜ã§ã™ã€‚ ä½¿ã£ã¦ã¿ã‚‹ ã“ã‚Œã¾ã§AWSã‚„ã•ãã‚‰ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆãªã©ã‚’ä½¿ã£ã¦ã„ã¾ã—ãŸãŒã€Glitchã¯ãšã°æŠœã‘ã¦ç°¡å˜ã§ã™ã€‚ ã¾ãšã¯Glitchã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¾ã™ã€‚ æ–°ã—ã„ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã®ä½œæˆ1 å³ä¸Šã®â‘ [Sign in]ãƒœã‚¿ãƒ³ã‹ã‚‰ãƒã‚°ã‚¤ãƒ³ã—ã¾ã™ã€‚ Facebookã‹GitHubãŒé¸ã¹ã¾ã™ãŒã€å¾Œã€…GitHubã‹ã‚‰ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã“ã¨
hasegawayosuke 2017/11/27
nodejs

paas
ãƒªãƒ³ã‚¯
Node.jsã®ãƒ‘ãƒ•ã‚©ãƒ¼ãƒžãƒ³ã‚¹ãƒãƒ¥ãƒ¼ãƒ‹ãƒ³ã‚°ã®tips - æŠ€è¡“æŽ¢ã—
--inspect, --inspect-brk --trace-opt, --trace-deopt --prof --trace-events-enabled --trace-gc node-report Performance Timing API å„ªã—ã„ã‚³ãƒ¼ãƒ‰ã®æ›¸ãæ–¹ã¸ v8::SnapshotCreator ã•ã„ã”ã« Node9ãŒ10/31ã«å‡ºã¾ã—ãŸðŸŽ‰ðŸŽ‰ðŸŽ‰ Node v9.0.0 (Current) | Node.js ä»Šå›žã¯Nodeå˜ä½“ã®è©±ãªã®ã§ã€Expressã€Nginxç‰ã®ãƒãƒ¥ãƒ¼ãƒ‹ãƒ³ã‚°ã«é–¢ã—ã¦ã¯ã‚³ã‚³ã«ã¯æ›¸ãã¾ã›ã‚“ã€‚ ã¾ãŸã€libuvç‰ã®ã‚³ãƒ¼ãƒ‰å†…éƒ¨ã®è©±ã‚‚ã—ã¾ã›ã‚“ã€‚ --inspect, --inspect-brk ã‚‚ã¨ã‚‚ã¨ã‚ã£ãŸã€--debugã‹ã‚‰ç§»è¡Œã•ã‚Œã¾ã—ãŸã€‚(v8.0.0 ~) Chromeã‚’ä½¿ã„ãƒ‡ãƒãƒƒã‚°ã€ãƒ—ãƒãƒ•ã‚¡ã‚¤ãƒªãƒ³ã‚°ç‰ã‚’ä½¿ãˆã‚‹ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚ ãƒ–ãƒ©ã‚¦ã‚¶ã§ä½¿ãˆ
hasegawayosuke 2017/11/06
performance

nodejs
ãƒªãƒ³ã‚¯
Hacking Node Serialize | Websecurify Blog
hasegawayosuke 2017/02/20
nodejs

security
ãƒªãƒ³ã‚¯
node ã® security checkã‚’ã™ã‚‹ãªã‚‰ nsp ãŒä¾¿åˆ© - from scratch
nspã¨ã¯ å…ˆæ—¥ãŸã¾ãŸã¾ä¼šç¤¾ã§ Vulnerability ã®è©±ã«ãªã£ã¦è‰²ã€…ã¨ Node.js ã ã¨ã“ã†ã„ã†ã®ã‚ã‚‹ã‚“ã§ã™ã‚ˆã£ã¦è¨€ã£ãŸã‚‰çŸ¥ã‚‰ãªã‹ã£ãŸæ–¹ã‚‚å¤šã‹ã£ãŸã®ã§ç´¹ä»‹ã€‚ nsp ã¯ node security platform ã®é æ–‡å—ã‚’å–ã£ãŸãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã§ã‚ã‚‹ã€‚ Node Security Platform ã¯ã‚µã‚¤ãƒˆä¸Šã§è„†å¼±æ€§ã‚’å…¬é–‹ã—ã¦ã„ã‚‹ã€‚ Node.js ã®ã‚³ã‚¢ã®è„†å¼±æ€§ã¨ã„ã†ã‚ˆã‚Šã‚‚ npm ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ãªã©ã®ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã®è„†å¼±æ€§ã ã€‚ nsp ã«æŒ™ã’ã‚‰ã‚Œã¦ã‚‹è„†å¼±æ€§ã®ä¸€ä¾‹ ä¾‹ãˆã°ã“ã®è„†å¼±æ€§ãªã‚“ã‹ã¯2017å¹´2æœˆ11æ—¥ã«å…¬é–‹ã•ã‚ŒãŸè„†å¼±æ€§ã§ã‚ã‚‹ã€‚ https://nodesecurity.io/advisories/313 github.com ã©ã†ã„ã†è„†å¼±æ€§ã‹ã¨ã„ã†ã¨ã€ã“ã®ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã¯JavaScript Objectã‚’ã‚·ãƒªã‚¢ãƒ©ã‚¤ã‚ºã™ã‚‹ãŸã‚ã®ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã ãŒã€ãã®serializeã™ã‚‹æ™‚ã«é–¢æ•°ã¾
hasegawayosuke 2017/02/14
nodejs

security
ãƒªãƒ³ã‚¯
ES Modules ã¨ Node.js ã«ã¤ã„ã¦ - from scratch
æ›¸ã“ã†æ›¸ã“ã†ã¨æ€ã„ãªãŒã‚‰ã“ã®ã‚¿ã‚¤ãƒŸãƒ³ã‚°ã¾ã§ã®ãŒã—ã¦ã—ã¾ã„ã¾ã—ãŸã€‚ ä»Šä¸€ç•ª Node.js ã®ä¸ã§ hot ãª discussion ã®ä¸€ã¤ã¨è¨€ãˆã‚‹ã§ã—ã‚‡ã†ã€ã€ŽES Modules ãŒ Node.js ã®ä¸ã§ã©ã†ãªã‚‹ã‹ã€ã§ã™ã€‚ ES Modules ç¾æ³ ES2015 ãŒç™ºåˆŠã•ã‚Œã¦ãã‚ãã‚ä¸€å¹´ã§ã™ã€‚ ES2015 ã«ã‚ã‚‹æ©Ÿèƒ½ã¯ Node.js v6ã§ã‚‚ 93% ç¨‹åº¦ã‚«ãƒãƒ¼ã•ã‚Œã¦ã„ã¾ã™ã€‚ãƒ¢ãƒ€ãƒ³ãƒ–ãƒ©ã‚¦ã‚¶ã§ã‚‚å¤§ä½“ãŒ90%ã‚’è¶…ãˆã¦ã„ã¾ã™ã€‚ã—ã‹ã—ã€ ES Modules ã ã‘ã¯ã¾ã ã©ã®ãƒ–ãƒ©ã‚¦ã‚¶ã‚‚å®Ÿè£…ã—ãã‚Œã¦ã„ã¾ã›ã‚“(kangax compat table ã¯ ES Modules ã¯çœã‹ã‚Œã¦ã¾ã™)ã€‚ ãã‚‚ãã‚‚ ECMAScript 2015 è‡ªèº«ã§å®šç¾©ã•ã‚ŒãŸã®ã¯æ§‹æ–‡ã ã‘ãªã®ã§ã€æ§‹æ–‡ã¯ã¨ã‚‚ã‹ãã€ã©ã†ã‚„ã£ã¦ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚’å–ã£ã¦ãã‚‹ã‹ã¨ã„ã† Loader ã®éƒ¨åˆ†ãŒã¾ã æ±ºã¾ã‚Šãã£ã¦ã„ã¾ã›ã‚“ã€‚ https://w
hasegawayosuke 2016/05/10
es2016

ecmascript

commonjs

nodejs

javascript
ãƒªãƒ³ã‚¯
Node.js v4 ã®è©± #tng18
æ±äº¬Nodeå¦åœ’ 18æ™‚é™ç›®ã§ç™ºè¡¨ã—ãŸ Node.js v4 ã®è©±ã§ã™
hasegawayosuke 2015/10/10
nodejs
ãƒªãƒ³ã‚¯
1