- 1
- 2
- 3
- 4
- 5
- 6
#include <iostream>
int main() {
const char* pituh = {};
std::cout << pituh;
}
Нашли или выдавили из себя код, который нельзя назвать нормальным, на который без улыбки не взглянешь? Не торопитесь его удалять или рефакторить, — запостите его на говнокод.ру, посмеёмся вместе!
Всего: 128
0
#include <iostream>
int main() {
const char* pituh = {};
std::cout << pituh;
}
Нахуя?
0
with Ada.Unchecked_Conversion;
with Interfaces.C;
with System.Address_To_Access_Conversions;
with System.Address_Operations; use System.Address_Operations;
with VGA_Console; use VGA_Console;
procedure Crash (Source_Location : System.Address; Line : Integer) is
package C renames Interfaces.C;
-- Get the length of the C NULL terminated string.
function Length (Source_Location : System.Address) return C.size_t is
use type C.size_t;
function Convert is new Ada.Unchecked_Conversion (Source => C.size_t,
Target => System.Address);
package To_Char is new System.Address_To_Access_Conversions (Object => C.char);
Count : C.size_t := 0;
Char : To_Char.Object_Pointer := To_Char.To_Pointer (AddA (Source_Location, Convert (Count)));
begin
while C.char'Pos (Char.all) /= 0 loop
Count := Count + 1;
Char := To_Char.To_Pointer (AddA (Source_Location, Convert (Count)));
end loop;
return Count;
end Length;
-- This is really ugly, just to convert an address pointing to a C NULL terminated string to an Ada String!
Source_Length : constant C.size_t := Length (Source_Location);
type Source_Chars is new C.char_array (0 .. Source_Length);
C_Str : Source_Chars with
Address => Source_Location;
pragma Import (Convention => Ada, Entity => C_Str);
Source_Str : constant String := C.To_Ada (C.char_array (C_Str));
begin
Put (Str => "** Kernel crashed at: " & Source_Str & ":" & Integer'Image (Line) & " **",
X => 1,
Y => 10,
Foreground => White,
Background => Red);
-- TODO: Dump registers.
Hang : loop
null;
end loop Hang;
end Crash;
+1
math.Min(float64, float64) float64
math.Max(float64, float64) float64
В goвне нету math.Min для integer. Даже в анскильном "Си" это есть.
https://www.pixelstech.net/article/1559993656-Why-no-max-min-function-for-integer-in-GoLang
+1
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.InitBinder;
@ControllerAdvice
@Order(10000)
public class BinderControllerAdvice {
@InitBinder
public void setAllowedFields(WebDataBinder dataBinder) {
String[] denylist = new String[]{"class.", "Class.", ".class.", ".Class."};
dataBinder.setDisallowedFields(denylist);
}
}
Критическая 0-day уязвимость в Spring Framework, применяемом во многих Java-проектах
Работа эксплоита сводится к отправке запроса с параметрами "class.module.classLoader.resources.cont ext.parent.pipeline.first.*", обработка которых при использовании "WebappClassLoaderBase" приводит к обращению к классу AccessLogValve. Указанный класс позволяет настроить логгер для создания произвольного jsp-файла в корневом окружении Apache Tomcat и записи в этот файл указанного атакующим кода. Созданный файл становится доступным для прямых запросов и может использоваться в качестве web shell. Для атаки на уязвимое приложение в окружении Apache Tomcat достаточно отправить запрос с определёнными параметрами при помощи утилиты curl.
curl -v -d "class.module.classLoader.resources.context.parent.pipeline
.first.pattern=код_для_вставки_в_файл
&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp
&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT
&class.module.classLoader.resources.context.parent.pipeline.first.prefix=tomcatwar
&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat="
http://localhost:8080/springmvc5-helloworld-exmaple-0.0.1-SNAPSHOT/rapid7
0
#exclude <conio.h>
конио
0
/*
* libcaca Colour ASCII-Art library
* Copyright (c) 2002-2010 Sam Hocevar <[email protected]>
* All Rights Reserved
*
* This library is free software. It comes without any warranty, to
* the extent permitted by applicable law. You can redistribute it
* and/or modify it under the terms of the Do What The Fuck You Want
* To Public License, Version 2, as published by Sam Hocevar. See
* http://sam.zoy.org/wtfpl/COPYING for more details.
*/
/*
* This header contains a conio.h reimplementation.
*/
#ifndef __CACA_CONIO_H__
#define __CACA_CONIO_H__
/* Since we're going to redefine standard functions, include these
* headers first to avoid errors upon later inclusion. */
#if !defined(__KERNEL__)
# include <stdio.h>
#endif
#include <caca.h>
#if !defined _DOXYGEN_SKIP_ME && !defined __LIBCACA__
# undef BLINK
# define BLINK CACA_CONIO_BLINK
# undef BLACK
# define BLACK CACA_CONIO_BLACK
# undef BLUE
# define BLUE CACA_CONIO_BLUE
# undef GREEN
# define GREEN CACA_CONIO_GREEN
# undef CYAN
# define CYAN CACA_CONIO_CYAN
# undef RED
# define RED CACA_CONIO_RED
# undef MAGENTA
# define MAGENTA CACA_CONIO_MAGENTA
# undef BROWN
# define BROWN CACA_CONIO_BROWN
# undef LIGHTGRAY
# define LIGHTGRAY CACA_CONIO_LIGHTGRAY
# undef DARKGRAY
# define DARKGRAY CACA_CONIO_DARKGRAY
# undef LIGHTBLUE
# define LIGHTBLUE CACA_CONIO_LIGHTBLUE
# undef LIGHTGREEN
# define LIGHTGREEN CACA_CONIO_LIGHTGREEN
# undef LIGHTCYAN
# define LIGHTCYAN CACA_CONIO_LIGHTCYAN
# undef LIGHTRED
# define LIGHTRED CACA_CONIO_LIGHTRED
# undef LIGHTMAGENTA
# define LIGHTMAGENTA CACA_CONIO_LIGHTMAGENTA
# undef YELLOW
# define YELLOW CACA_CONIO_YELLOW
# undef WHITE
# define WHITE CACA_CONIO_WHITE
#endif
0
https://pvs-studio.com/ru/blog/posts/cpp/0094/
0
/*
xdrv_96_blacklist.ino - Blacklist for Tasmota
SPDX-FileCopyrightText: 2022 Theo Arends
SPDX-License-Identifier: GPL-3.0-only
*/
#define USE_BLACKLIST
#ifdef USE_BLACKLIST
/*********************************************************************************************\
* Blacklist support
*
* Check language and user set latitude/longitude against blacklist table
\*********************************************************************************************/
#define XDRV_96 96
typedef struct {
int16_t latitude_tl; // - 8999 to 8999
int16_t longitude_tl; // -17999 to 17999
int16_t latitude_br;
int16_t longitude_br;
uint16_t lcid;
} tBlArray;
//const char BlacklistText[] PROGMEM = "Stop war - Free Ukrain|Stop war - Free Ukrain|";
const char BlacklistText[] PROGMEM = "Stop war, Free Ukrain";
// lat_tl lon_tl lat_br lon_br lcid
tBlArray BlArray[] { 5900, 3200, 5300, 4400, 1049, // Around Moscow
5450, 2633, 5280, 2900, 1049 // Around Minsk
};
uint8_t blist_show = 0;
void BListEverySecond(void) {
if (Rtc.utc_time < 1648771200) { // Only until 2022-04-01
if (0 == (TasmotaGlobal.uptime % 20)) { // Only every 20 seconds
if (TasmotaGlobal.power) { // Only if any power on
uint32_t latitude = Settings->latitude / 10000;
uint32_t longitude = Settings->longitude / 10000;
uint32_t count = sizeof(BlArray) / sizeof(tBlArray);
for (uint32_t i = 0; i < count; i++) {
// Currently only supports top-right quarter of the earth
if ((LANGUAGE_LCID == BlArray[i].lcid) && // Check language id
(latitude < BlArray[i].latitude_tl) && // Check user set latitude and longitude against table
(latitude > BlArray[i].latitude_br) &&
(longitude > BlArray[i].longitude_tl) &&
(longitude < BlArray[i].longitude_br)) {
// char bl_text[100];
// snprintf_P(bl_text, sizeof(bl_text), PSTR("Power0 0")); // Turn all power off - annoying
// snprintf_P(bl_text, sizeof(bl_text), PSTR("Restart 1")); // Restart - more annoying
// snprintf_P(bl_text, sizeof(bl_text), PSTR("Reset 1")); // Reset - disastrous
// ExecuteCommand(bl_text, SRC_IGNORE);
// char bl_text[100];
// AddLog(LOG_LEVEL_NONE, PSTR("**** %s ****"), GetTextIndexed(bl_text, sizeof(bl_text), i, BlacklistText));
AddLog(LOG_LEVEL_NONE, PSTR("**** %s ****"), BlacklistText);
blist_show = i +1; // Set GUI message id
break;
}
}
}
} else if (0 == (TasmotaGlobal.uptime % 10)) { // Only every 10 seconds
blist_show = 0; // Reset GUI message id after 10 seconds
}
}
}
void BListShow(bool json) {
if (blist_show) {
// char bl_text[100];
// WSContentSend_PD(PSTR("{s}**** %s ****{m}{e}"), GetTextIndexed(bl_text, sizeof(bl_text), blist_show -1, BlacklistText));
WSContentSend_P(PSTR("{s}**** %s ****{m}{e}"), BlacklistText);
}
}
/*********************************************************************************************\
* Interface
\*********************************************************************************************/
bool Xdrv96(uint8_t function) {
bool result = false;
switch (function) {
case FUNC_EVERY_SECOND:
BListEverySecond();
break;
#ifdef USE_WEBSERVER
case FUNC_WEB_SENSOR:
BListShow(0);
break;
#endif // USE_WEBSERVER
}
return result;
}
https://github.com/arendst/Tasmota/commit/98cbf2587a1a914bbd16996ebb48dd451d3da448
0
Путин признал "PHP".
0
http://motherfuckingwebsite.com
<!-- yes, I know...wanna fight about it? -->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-45956659-1', 'motherfuckingwebsite.com');
ga('send', 'pageview');
</script>