SЁCU is a public API to store self-destructing data payloads with url shortener and handle anonymous chat-rooms.

Related tags

Security security application package privacy messenger url-shortener encrypt decrypt destructing-data-payloads secu cybercog stanford-javascript-crypto
Overview

SЁCU

Discord Build Status Latest Stable Version License

Introduction

SЁCU is a public API to store self-destructing data payloads. This repository includes only backend part using Laravel framework.

Frontend could be found in SЁCU web application repository.

Contents

Features

Configuration

Create environment configuration file from example

$ cp .env.example .env

Specify your environment parameters in .env file

$ vi .env

Installation

Install PHP dependencies

$ composer install

Generate application secret key

$ php artisan key:generate

Perform database migrations

$ php artisan migrate

If you need to run node.js chat server install JavaScript dependencies

$ npm install

Add CRON entry to your OS

* * * * * php /path/to/secu/artisan schedule:run >> /dev/null 2>&1

This will run schedule commands every minute. Schedule will delete outdated records.

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please refer to CONTRIBUTING.md for information on how to contribute to SЁCU and its related projects.

Testing

Run the tests with:

$ vendor/bin/phpunit

Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

Contributors

@antonkomarev
Anton Komarev

SЁCU contributors list

License

The SЁCU application is an open-sourced software licensed under the BSD 3-Clause License.

About CyberCog

CyberCog is a Social Unity of enthusiasts. Research best solutions in product & software development is our passion.

CyberCog

Comments
  • Bump guzzlehttp/guzzle from 6.5.5 to 6.5.6

    Bump guzzlehttp/guzzle from 6.5.5 to 6.5.6

    Bumps guzzlehttp/guzzle from 6.5.5 to 6.5.6.

    Release notes

    Sourced from guzzlehttp/guzzle's releases.

    Release 6.5.6

    See change log for changes.

    Changelog

    Sourced from guzzlehttp/guzzle's changelog.

    6.5.6 - 2022-05-25

    • Fix cross-domain cookie leakage
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies php 
    opened by dependabot[bot] 2
  • Bump guzzlehttp/guzzle from 6.5.5 to 6.5.7

    Bump guzzlehttp/guzzle from 6.5.5 to 6.5.7

    Bumps guzzlehttp/guzzle from 6.5.5 to 6.5.7.

    Release notes

    Sourced from guzzlehttp/guzzle's releases.

    Release 6.5.7

    See change log for changes.

    Release 6.5.6

    See change log for changes.

    Changelog

    Sourced from guzzlehttp/guzzle's changelog.

    6.5.7 - 2022-06-09

    • Fix failure to strip Authorization header on HTTP downgrade
    • Fix failure to strip the Cookie header on change in host or HTTP downgrade

    6.5.6 - 2022-05-25

    • Fix cross-domain cookie leakage
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies php 
    opened by dependabot[bot] 1
  • Bump laravel/framework from 5.7.29 to 6.18.43

    Bump laravel/framework from 5.7.29 to 6.18.43

    Bumps laravel/framework from 5.7.29 to 6.18.43.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies php 
    opened by dependabot[bot] 1
  • Bump guzzlehttp/psr7 from 1.5.2 to 1.8.5

    Bump guzzlehttp/psr7 from 1.5.2 to 1.8.5

    Bumps guzzlehttp/psr7 from 1.5.2 to 1.8.5.

    Release notes

    Sourced from guzzlehttp/psr7's releases.

    1.8.5

    See change log for changes.

    1.8.4

    See change log for changes.

    1.8.3

    See change log for changes.

    1.8.2

    See change log for changes.

    1.8.1

    See change log for changes.

    1.8.0

    See change log for changes.

    1.7.0

    See change log for changes.

    Revert PSR-7 type assertions

    1.6.0 introduced a few type assertions to enforce types defined by PSR-7. Unfortunately that break the library for users not strictly following the PSR-7 standard. Since the users impacted by this change seems to be rather large, this hotfix reverts that change with the note that we will reapply it in 2.0.0, so fixing this is recommended regardless of which version you use.

    Details are in #282 and #283

    1.6.0

    Version 1.6.0 is released which will likely be the last minor release in 1.x. We're focussing 2.0 now with support for psr/http-factory, PHP 7.2 requirement and type declarations.

    Added

    • Allowed version ^3.0 of ralouphie/getallheaders dependency (#244)
    • Added MIME type for WEBP image format (#246)
    • Added more validation of values according to PSR-7 and RFC standards, e.g. status code range (#250, #272)

    Changed

    • Tests don't pass with HHVM 4.0, so HHVM support got dropped. Other libraries like composer have done the same. (#262)
    • Accept port number 0 to be valid (#270)

    Fixed

    • Fixed subsequent reads from php://input in ServerRequest (#247)
    • Fixed readable/writable detection for certain stream modes (#248)
    • Fixed encoding of special characters in the userInfo component of an URI (#253)
    Changelog

    Sourced from guzzlehttp/psr7's changelog.

    1.8.5 - 2022-03-20

    Fixed

    • Correct header value validation

    1.8.4 - 2022-03-20

    Fixed

    • Validate header values properly

    1.8.3 - 2021-10-05

    Fixed

    • Return null in caching stream size if remote size is null

    1.8.2 - 2021-04-26

    Fixed

    • Handle possibly unset url in stream_get_meta_data

    1.8.1 - 2021-03-21

    Fixed

    • Issue parsing IPv6 URLs
    • Issue modifying ServerRequest lost all its attributes

    1.8.0 - 2021-03-21

    Added

    • Locale independent URL parsing
    • Most classes got a @final annotation to prepare for 2.0

    Fixed

    • Issue when creating stream from php://input and curl-ext is not installed
    • Broken Utils::tryFopen() on PHP 8

    1.7.0 - 2020-09-30

    Added

    • Replaced functions by static methods

    Fixed

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies php 
    opened by dependabot[bot] 1
  • Bump erusev/parsedown from 1.7.1 to 1.7.4

    Bump erusev/parsedown from 1.7.1 to 1.7.4

    Bumps erusev/parsedown from 1.7.1 to 1.7.4.

    Release notes

    Sourced from erusev/parsedown's releases.

    1.7.4

    Introduce rawHtml concept from beta 1.8 that extensions may optionally utilise. In 1.8 beta versions this feature is utilised internally and might have compatibility issues with extensions, this release does not use this feature internally so no such issues will be present.

    1.7.3

    No release notes provided.

    1.7.2

    This is a security release and resolves an issue which would allow a user to add arbitrary classes to fenced code blocks. This might have security consequences, see #699 for more detail.

    Commits
    • cb17b64 Increment version for release
    • 21f99b1 Merge pull request #745 from aidantwoods/dev-1.7.x/opt-in-rawHtml
    • 791faca Test on 7.4
    • add8d18 Add rawHtml without using it (extensions may opt-in)
    • 7073ac3 Dev for 1.7.4
    • 3d2b25b Add test to prevent regression
    • 6d89393 New release due to mislabeled previous tag
    • d60bcdc Bump version
    • c390a9e Merge pull request #700 from aidantwoods/fix/spaces-in-class-names-1.7.x
    • 0f1e9da Fix test platforms
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies php 
    opened by dependabot[bot] 1
  • [todo] Add rooms support

    [todo] Add rooms support

    • [x] Room hash generating automatically on create room command.
    • [x] Guest can join to rooms by their hash and password.
    • [x] Client can send messages to room.
    • [x] #18 Private websocket rooms
    • [x] Clients can see each member in the room.
    • [x] Clients can recieve messages inside in the room if authorized.
    • [x] Client browser ignores self-initiated websocket messages.
    • [x] If room doesn't exists - display password form which will fail all the time.
    • [x] If guest user post fails to join - all authenticated room users will be notified.
    • [x] #14 Design API to provide frontend integration.
    opened by antonkomarev 1
  • Rooms API

    Rooms API

    Define connection

    var chat = io.connect({WS_HOSTNAME} + ':' + {WS_PORT} + '/r', {secure: true})

    Create room

    chat.emit('room.create', {
    password: '{PASSWORD}'
});

    On success:

    • room is created;
    • the room's hash is sent to the client;
    • the provided password is encrypted using bcrypt and saved as room.password in database;

    After that client should manually perform Join room using password again.

    Success events

    chat.on('room.create', {
    success: true,
    room: '{ROOM_NAME}'
});

    Fail events

    chat.on('room.create', {
    success: false,
    errors: ['Error message 1', 'Error message 2']
});

    Join room

    chat.emit('room.join', {
    room: '{ROOM_NAME}',
    password: '{PASSWORD}'
});

    Success events

    Name: room.join Recipients: Initiator Description: User receives self state in room.

    chat.on('room.join', {
    success: true,
    name: user.name
})

    Name: room.roster Recipients: Active room users (including initiator) Description: All users in room receives updated room roster as users objects.

    chat.on('room.roster', [
    {name: "User 1"},
    {name: "User 2"}
])

    Fail events

    Name: room.join Recipients: Initiator Description: User informed that authentication has been failed.

    chat.on('room.join', {
    success: false,
    room: room
});

    Name: room.join.attempt Recipients: Active room users Description: All users in room receives information that somebody has failed authentication.

    chat.on('room.join.attempt', {
    success: false,
    room: room,
    errors: ['Somebody tried to join room with empty password']
});

    Leave room

    chat.emit('room.leave' {
    room: '{ROOM_NAME}'
});

    Success events

    Name: room.leave Recipients: Initiator Description: User receives info that he left the room.

    chat.on('room.leave', {
    success: true
})

    Name: room.roster Recipients: Active room users Description: All users in room receives updated room roster as users objects.

    chat.on('room.roster', [
    {name: "User 1"},
    {name: "User 2"}
])

    Fail events

    chat.on('room.leave', {
    success: false,
    errors: ['Empty arguments']
});

    Send message

    chat.emit('room.data', {
    room: '{ROOM_NAME}',
    data: 'STRING'
});

    Success events

    chat.on('room.data', {
    success: true,
    sender: '{USER_NAME}',
    data: '{JSON_DATA}'
});

    Fail events

    chat.on('room.data', {
    success: false,
    errors: ['Empty arguments']
});

    chat.on('room.data.attempt', {
    success: false,
    errors: ['Somebody tried to send message without authorization']
});
    opened by antonkomarev 1
  • Bump symfony/http-foundation from 4.2.1 to 4.4.3

    Bump symfony/http-foundation from 4.2.1 to 4.4.3

    Bumps symfony/http-foundation from 4.2.1 to 4.4.3.

    Changelog

    Sourced from symfony/http-foundation's changelog.

    CHANGELOG

    5.1.0

    • Deprecate Response::create(), JsonResponse::create(), RedirectResponse::create(), and StreamedResponse::create() methods (use __construct() instead)
    • added Request::preferSafeContent() and Response::setContentSafe() to handle "safe" HTTP preference according to RFC 8674

    5.0.0

    • made Cookie auto-secure and lax by default
    • removed classes in the MimeType namespace, use the Symfony Mime component instead
    • removed method UploadedFile::getClientSize() and the related constructor argument
    • made Request::getSession() throw if the session has not been set before
    • removed Response::HTTP_RESERVED_FOR_WEBDAV_ADVANCED_COLLECTIONS_EXPIRED_PROPOSAL
    • passing a null url when instantiating a RedirectResponse is not allowed

    4.4.0

    • passing arguments to Request::isMethodSafe() is deprecated.
    • ApacheRequest is deprecated, use the Request class instead.
    • passing a third argument to HeaderBag::get() is deprecated, use method all() instead
    • [BC BREAK] PdoSessionHandler with MySQL changed the type of the lifetime column, make sure to run ALTER TABLE sessions MODIFY sess_lifetime INTEGER UNSIGNED NOT NULL to update your database.
    • PdoSessionHandler now precalculates the expiry timestamp in the lifetime column, make sure to run CREATE INDEX EXPIRY ON sessions (sess_lifetime) to update your database to speed up garbage collection of expired sessions.
    • added SessionHandlerFactory to create session handlers with a DSN
    • added IpUtils::anonymize() to help with GDPR compliance.

    4.3.0

    • added PHPUnit constraints: RequestAttributeValueSame, ResponseCookieValueSame, ResponseHasCookie, ResponseHasHeader, ResponseHeaderSame, ResponseIsRedirected, ResponseIsSuccessful, and ResponseStatusCodeSame
    • deprecated MimeTypeGuesserInterface and ExtensionGuesserInterface in favor of Symfony\Component\Mime\MimeTypesInterface.
    • deprecated MimeType and MimeTypeExtensionGuesser in favor of Symfony\Component\Mime\MimeTypes.
    • deprecated FileBinaryMimeTypeGuesser in favor of Symfony\Component\Mime\FileBinaryMimeTypeGuesser.
    • deprecated FileinfoMimeTypeGuesser in favor of Symfony\Component\Mime\FileinfoMimeTypeGuesser.
    • added UrlHelper that allows to get an absolute URL and a relative path for a given path

    4.2.0

    ... (truncated)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Release 3.0

    Release 3.0

    • [x] Upgrade Laravel from 5.2 to 5.7 (#31)
    • [x] Refactor Controllers
    • [x] Refactor Unit tests & improve coverage
    • [x] Refactor Feature tests & improve coverage
    • [x] Declare strict_types=1
    • [x] Post actions MUST return status 201
    • [x] Redirect from API home page to web application
    • [x] Add Response classes to controller actions
    enhancement 
    opened by antonkomarev 0
  • Changed node module bcrypt to bcryptjs

    Changed node module bcrypt to bcryptjs

    Since CentOS has issues with node-gyp compilation we decided to switch to bcryptjs package because it doesn't have such requirements and has same API.

    opened by antonkomarev 0
  • Private websocket rooms

    Private websocket rooms

    Links to make researches:

    • http://socket.io/docs/rooms-and-namespaces/
    • http://stackoverflow.com/questions/8539574/private-channels-in-node-js-and-redis-how-to/8540388#8540388
    • https://www.ukietech.com/blog/programming/step-by-step-instruction-of-setting-up-real-time-secure-broadcasting-with-laravel-5-1-socket-io-and-redis/
    • https://www.joezimjs.com/javascript/plugging-into-socket-io-advanced/
    • https://scotch.io/tutorials/a-realtime-room-chat-app-using-node-webkit-socket-io-and-mean
    • http://www.benknowscode.com/2013/08/dynamically-creating-game-rooms-with-socket-io-node.html
    • http://www.sitepoint.com/chat-application-using-socket-io/
    • https://github.com/KorbenC/nodejs-private-webchat
    • https://github.com/Fabryz/support-chat/blob/master/server.js
    • https://github.com/tamaspiros/advanced-chat
    • https://github.com/tamaspiros/angularchat

    P2P implementations:

    enhancement help wanted 
    opened by antonkomarev 0
  • Bump guzzlehttp/guzzle from 6.5.5 to 6.5.8

    Bump guzzlehttp/guzzle from 6.5.5 to 6.5.8

    Bumps guzzlehttp/guzzle from 6.5.5 to 6.5.8.

    Release notes

    Sourced from guzzlehttp/guzzle's releases.

    Release 6.5.8

    See change log for changes.

    Release 6.5.7

    See change log for changes.

    Release 6.5.6

    See change log for changes.

    Changelog

    Sourced from guzzlehttp/guzzle's changelog.

    6.5.8 - 2022-06-20

    • Fix change in port should be considered a change in origin
    • Fix CURLOPT_HTTPAUTH option not cleared on change of origin

    6.5.7 - 2022-06-09

    • Fix failure to strip Authorization header on HTTP downgrade
    • Fix failure to strip the Cookie header on change in host or HTTP downgrade

    6.5.6 - 2022-05-25

    • Fix cross-domain cookie leakage
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies php 
    opened by dependabot[bot] 0
  • Bump laravel/framework from 5.7.29 to 6.20.42

    Bump laravel/framework from 5.7.29 to 6.20.42

    Bumps laravel/framework from 5.7.29 to 6.20.42.

    Release notes

    Sourced from laravel/framework's releases.

    v6.20.42

    Fixed

    • Fixed for dropping columns when using MSSQL as (#39905)
    • Fixed parent call in View (#39908)

    v6.20.41

    Added

    • Added phar to list of shouldBlockPhpUpload() in validator (2d1f76a)

    v6.20.40

    Fixed

    • Fixes Illuminate/Database/Query/Builder::limit() to only cast integer when given other than null (#39644)

    v6.20.39

    Fixed

    • Fixed $value in Illuminate/Database/Query/Builder::limit() (ddfa71e)

    v6.20.38

    Added

    • Added new lost connection error message for sqlsrv (#39466)

    v6.20.37

    Fixed

    • Fixed rate limiting unicode issue (#39375)

    v6.20.36

    Fixed

    • Add new lost connection message to DetectsLostConnections for Vapor (#39209)

    v6.20.35

    Added

    • Added new lost connection message to DetectsLostConnections (#39028)

    v6.20.34

    Fixed

    • Silence validator date parse warnings (#38670)

    v6.20.33

    Changed

    • Error out when detecting incompatible DBAL version (#38543)

    v6.20.32

    Fixed

    v6.20.31

    Fixed

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies php 
    opened by dependabot[bot] 0
  • Add terminal command secu

    Add terminal command secu

    Create terminal command secu using Node.js.

    Command should be installable using NPM package manager.

    npm install -g secu

    After that terminal command will be available.

    $ secu -p -t text string -f /path/to/file

Input password

> Sup3rs3cur3dp4ssw0rd

Here you are: https://secu.su/HASH

    As result user will get link with created SЁCU.

    enhancement help wanted 
    opened by antonkomarev 1
Releases(3.0.0)
Owner
SЁCU
SЁCU
GitHub https://secu.su
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

PHPGGC: PHP Generic Gadget Chains PHPGGC is a library of unserialize() payloads along with a tool to generate them, from command line or programmatica

Ambionics Security 2.5k Jan 4, 2023
Obfuscate your data by generating reversible, non-sequential, URL-safe identifiers.

Laravel Hashid Laravel Hashid provides a unified API across various drivers such as Base62, Base64, Hashids and Optimus, with support for multiple con

Elf Sundae 390 Nov 16, 2022
API in PHP for DDoS Attacks (sends a command to a SSH Server from a URL)

SSH-PHP-API API in PHP for DDoS Attacks (sends a command to a SSH Server from a URL) [Install on Ubuntu 20.04: apt install apache2 php php-fpm php-ssh

Вентокс 3 Sep 23, 2022
A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote URL.

Simple PHP Web Backdoor A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote U

Aqhmal Hafizi 15 Oct 7, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Jan 6, 2023
Tool to store text encrypted in the cloud.

CryptPaste The free open source way to store encrypted text. How it works First your input is encrypted in the browser with javascript, then it is enc

null 0 Jan 10, 2022
A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

Current version: 1.3.5 PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted a

null 4.6k Jan 7, 2023
Run locally to export crypto tx data from crypto exchanges using their api connections, and process into a normalised format.

CryptoCredible The missing crypto-exchange data exporter tldr: run locally to export your crypto tx data from popular exchanges via api connections. E

Lee Overy 6 Apr 6, 2022
HTML/PHP/CSS website that tracks two API data

Detailed instructions on how to build and run Step 1: download XAMPP for a live web server XAMPP download 1 XAMP download 2 Step 2: Download all files

Winsor Tse 0 Jun 2, 2022
Automatic Encrypt and Decrypt your database data. Tested and used on Laravel 8

Laravel Encrypt Database Automatic Encrypt and Decrypt your database data. Tested and used on Laravel 8. I'm yet building the tests. Important Note th

Wellington Barbosa 2 Dec 15, 2021
A simple php (lumen) app for sharing sensitive text (basically like onetimesecret), but with full end-to-end AES-256-GCM encryption so even the server has no access to the data, and developed with very simple deployment in mind.

A simple php (lumen) app for sharing sensitive text (basically like onetimesecret), but with full end-to-end AES-256-GCM encryption so even the server has no access to the data, and developed with very simple deployment in mind.

Alan Woo 51 Nov 21, 2022
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

[sCRiPTz-TEAM] 3 Dec 31, 2021
Easily anonymize sensitive data through eloquent queries

Laravel Encryptable This package allows you to anonymize sensitive data (like the name, surname and email address of a user) similarly to Laravel's En

H-FARM Innovation 93 Sep 6, 2022
🔒 Password Exposed Helper Function - Check if a password has been exposed in a data breach.

?? Password Exposed Helper Function This PHP package provides a password_exposed helper function, that uses the haveibeenpwned.com API to check if a p

Jordan Hall 212 Oct 24, 2022
A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryption, digital signing and message authentication.

PHP Encryption A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryp

null 19 Dec 31, 2022
An experimental object oriented SSH api in PHP

PHP SSH (master) Provides an object-oriented wrapper for the php ssh2 extension. Requirements You need PHP version 5.3+ with the SSH2 extension. Insta

Antoine Hérault 355 Dec 6, 2022
Api random address

RandomAddress what actually it does? Its scrap Address from Fakeaddress and gives output in json format for api use. This address are working many pla

Nitin1818 6 Dec 28, 2022
Secure API Toolkit

Sapient: Secure API toolkit Sapient secures your PHP applications' server-to-server HTTP(S) traffic even in the wake of a TLS security breakdown (comp

Paragon Initiative Enterprises 315 Jan 3, 2023
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Graham Campbell 170 Nov 20, 2022