Running Github Enterprise 2.18. Is there any way to determine via the API that a user is dormant? I don't see a specific call for it anywhere...
To answer your question....
Running Github Enterprise 2.18. Is there any way to determine via the
API that a user is dormant?
No, it's not possible using GitHub API (Enterprise or not).
GitHub has a strict privacy agreement for it's users. Since repositories can
be public as well as private, you're out of luck getting dormancy info via their API.
GitHub's own help page mentions it in their "Reports" section:
If you need to get information on the users, organizations, and
repositories in your GitHub Enterprise Server instance, you would
ordinarily fetch JSON data through the GitHub API. Unfortunately, the
API may not provide all of the data that you want and it requires a
bit of technical expertise to use. The site admin dashboard offers a
Reports section as an alternative, making it easy for you to download
CSV reports with most of the information that you are likely to need
for users, organizations, and repositories.
Specifically, you can download CSV reports that list
all users
all users who have been active within the last month
all users who have been inactive for one month or more
all users whohave been suspended
all organizations
all repositories
The help page also goes on to show examples on how to invoke the report data via CURL (you could do this with other methods as well, like in Powershell, which I prefer)
curl -L -u username:password/token http(s)://hostname/stafftools/reports/dormant_users.csv
You could make use of that data, without the API and parse it into your application. The world is your oyster.
Related
I'm reworking our companies management website and would like to display any commits or updates on our devops azure page on an "update" page for admins to view.
What would be the easiest way to do this?
Thanks
You can also check out Azure devops Rest api to retrieve the git commits for a project.
GET https://dev.azure.com/{organization}/{project}/_apis/git/repositories/{repositoryId}/commits?api-version=5.1
You probably need write codes to extract and display the required properties(eg. commiter, author, url, etc.) of
commits from the results.
You can check the examples in this document to learn how to make azure devops service rest api calls.
You can also check out the .NET client library. For git Commits you can refer to GitHttpClientBase.GetCommitsAsync Method.
Hope above helps!
I would like to make some Pyton or NodeJS script to help me with repetitive tasks or searchs in my personal Evernote.
I don't want to make any application for general use. Only some scripts for me.
Is there a quick way to make this before creating an account in sandbox.evernote.com? I want to access my already available data in Evernote.
Yes, this exact thing exists. Go here:
https://dev.evernote.com/doc/articles/dev_tokens.php
And get a "developer token" for your production account. It will allow access to your account only and you can do what you like with your data via the API.
I've read much about implementing LinkedIn into my website, but is it possible to upload job offers from an external software directly to LinkedIn?
I’m working with an SAP based recruiting management software. One of the function it is capable of, is to create job offers. But until now, they are only internal. I want to implement a function, which allows the user to automatically upload a job offer to LinkedIn.
Does LinkedIn provide some kind of support for such kind of work? XING for example, offers you documentations for a connection via API or XML. Is there something additional existing for LinkedIn?
Looks like it isn't available for the normal APIs. They have a specific section based on their "Talent Solutions" that may be of interest. Looks to be a paid program
https://developer.linkedin.com/partner-programs/talent
Are there scripts for exporting and importing all Apigee Edge objects, such as developers, users, apps, caches, key value maps, etc?
To clarify, it would be nice to have non-runtime objects as a priority vs. the runtime data contained within. E.g., the current content of caches are not as critical as just having the cache object available.
I have released a tool that can be used to retrieve Apigee organization settings. This tool has been in use internally at Apigee for some time, but this is the first time it has been released to the public. It uses the Apigee management API to pull configuration data, and that data to be pulled is configurable. The data is stored in a hierarchical directory structure, which can be archived, explored, or used to compare organizations. It can be used with both the Apigee Edge cloud and on-prem offerings.
A few caveats:
This tool does not retrieve all data from an organization. For example, it does not retrieve API proxies. Use the Apigee management UI or management API to retrieve API proxies.
The tool is composed of a few bash scripts. It has been successfully run on Linux and Mac OS X.
The tool does not write data back into the organization, although the files it retrieves can often be POSTed back to the organization using the management API.
This tool is released as-is. It is not officially supported by Apigee.
Find the tool at the api-platform samples site (https://github.com/apigee/api-platform-samples) in the tools/org-snapshot directory.
There is work planned to provide a tool that will export/import provisional data (such as apps, developer, products). Other aspects of an org's configuration require access to the production Cassandra database, which cannot be given out publicly. We have a provisional tool for in-house use that we are currently hardening. If the consumer tool (when it is available) doesn't provide all of the backup support you need, you will need to log a support ticket for them to run the in-house tool.
There are scripts for importing a set of objects (developers, apps, API products) that work with the sample proxies that you can find on GitHub:
https://github.com/apigee/api-platform-samples/tree/master/setup
For Perl programmers: see also Apigee::Edge on CPAN
I am currently working on a school assignment which requires us to perform security testing on a website created by one of our peers. The website is created using ASP.Net 3.5/4 and an MS-SQL database.
The website's main features are:
Registration & Login using Roles
Uploading documents
Sharing of uploaded documents
Leaving comments on shared documents
I already have started testing the website using:
XSS in the Register, Login and Leave Comment Sections
SQL Injection in the Register and Login pages
Upload of executables, with a different extension (I have changed an executable file to .doc to test whether the system is checking the extension of the file or the actual contents)
These tests have been carried out manually and I have access to the source code!
Can you suggest any other tests I might want to carry out?
Cheers
A good resource for things to lock-down would be OWASP - I linked to their "top ten" items as I have followed it myself for locking down apps and found it really helpful.
Drilling down into any item on their top ten list will discuss how to recognize a particular vulnerability and suggest how to remove the vulnerability. All code-agnostic stuff, high-level descriptions so it can be applied to any project be it .Net, Ruby, PHP, etc.
Check for Local File Inclusion and Remote File Inclusion vulnerabilities as well.
You can also check the login system: If the website lets you login (and you have an account or can make one), login and check to see how the login code works (i.e. check your cookies to see if they are PHP sessions [secure] or some other method [usually not secure]). If you find a vulnerability in the login system, you could elevate your privileges from regular user to admin.
Also, "Upload of executables, with a different extension." Could you clarify that for me?
The best thing to do is to use your imagination.
You should also use Cat.NET's engine (which is a free Microsoft provide security focused static analysis tool).
I have been working on making Cat.NET easier and faster to use inside VisualStudio and here is a pretty cool PoC of how it in action: Real-time Vulnerability Creation Feedback inside VisualStudio (with Greens and Reds)
If you are interested in Cat.NET you can download it from http://www.microsoft.com/en-us/download/details.aspx?id=19968