httpoxy – a CGI application vulnerability for PHP, Go, Python and others

httpoxy

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments.

It comes down to a simple namespace conflict:

  • RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY
  • HTTP_PROXY is a popular environment variable used to configure an outgoing proxy

This leads to a remotely exploitable vulnerability. If you’re running PHP or CGI, you should block the Proxy header now.

Python Introduction, Resources and FAQs

If one your New Year’s resolutions was learning Python programming language, I’ve got a resource for you – “Python Introduction, Resources and FAQs” – an excellent list of resources from online tutorials and tools to books and videos.

27 languages to improve your Python

Nick Coghlan writes:

One of the things we do as part of the Python core development process is to look at features we appreciate having available in other languages we have experience with, and see whether or not there is a way to adapt them to be useful in making Python code easier to both read and write. This means that learning another programming language that focuses more specifically on a given style of software development can help improve anyone’s understanding of that style of programming in the context of Python.

To aid in such efforts, I’ve provided a list below of some possible areas for exploration, and other languages which may provide additional insight into those areas.

The languages and areas are:

  • Procedural programming: C, Rust, Cython
  • Object-oriented data modelling: Java, C#, Eiffel
  • Object-oriented C derivatives: C++, D
  • Array-oriented data processing: MATLAB/Octave, Julia
  • Statistical data analysis: R
  • Computational pipeline modelling: Haskell, Scala, Clojure, F#
  • Event driven programming: JavaScript, Go, Erlang, Elixir
  • Gradual typing: TypeScript
  • Dynamic metaprogramming: Hy, Ruby
  • Pragmatic problem solving: Lua, PHP, Perl
  • Computational thinking: Scratch, Logo

ftfy – fixes text for you

ftfy – fixes text for you

ftfy makes Unicode text less broken and more consistent. It works in Python 2.7, Python 3.2, or later.

The most interesting kind of brokenness that this resolves is when someone has encoded Unicode with one standard and decoded it with a different one. This often shows up as characters that turn into nonsense sequences