I'm looking for guidance on importing BouncyCastle for use in a Talend project. I need to open a privatekey in PEM format and use it to sign a nonce in order to fetch an auth token.
I can add the jar to the build path, but not sure how to import it into my Routines code. I tried another technique, but facing an error using the SHA512withRSA algorithm. I have working Java code to achieve this, I'm just trying to port it into my Talend workflow.
Right click on the routine and select Edit Routines Libraries
Add your jar, and check If the library is required to include the jar in the build.
Related
I used swagger codegen plugin with gradle for generating API client libraries from the json. For Gradle I followed the steps from here and it worked perfectly fine. For Python since there is no gradle.build or pom.xml file I am not able to generate client libraries and I am a Python beginner. Also one thing to add is that I am not creating any APIs, I just want to extract API client libraries from the json file that I have.
I am exploring the option of using Octoperf as a hosted solution.
One thing that I need is the ability to call some custom libraries (either Java or Javascript / Node.js).
In the SCRIPT PRE and SCRIPT POST examples in the Octoperf documentation I see calls being made to import com.google.common.base.Stopwatch. However, it is not clear to me how Octoperf knows where to pull this dependency from.
Does anyone know if there is a way to specify this and how?
this dependency in your example is already included in every JVM. If you need to add other dependencies in OctoPerf, just place them in the files menu of your project and they will be copied to lib/ext when the test is started:
https://doc.octoperf.com/design/edit-virtual-user/configuration/files/
Currently I'm involved in a project for implementing security code reviews for Workfusion bots. Workfusion can handle a mix of Java and Groovy code embedded in XML files or standalone code.
My team is trying to assess if it's possible to use any free/opensource Static Application Security Tool for it. I'm currently exploring the posiblity of creating a plugin for Spotbugs.
I was able to run reviews successfully with Java code + Maven with Spotbugs and FindSecBugs plugins, but I haven't figured out how to extend Spotbugs in order to parse the XML files, extract the embedded Groovy scripts and analyze them.
Do you know any static application security tool for Workfusion or could suggest any approach to extend any other SAST tool?
The main requirement for Find Security Bugs to work is the ability to compile the code.
If you have access to the class files, FindSecurityBugs should work. If the code is evaluate at runtime, you'll need to compile the snippet which is not an easy task if the script have access to a special context with initialized objects.
We are using crypto package in our node js app. The thing is we do not want the developer to know about the encryption algorithm we implemented. However, the developer would be knowing the encryption algorithm and the encryption key as they can view the source code of the encryption algorithm.
So my question is: is it possible to compile the encryption algorithm into a file like dll(.NET) or jar file (java) and include it in the project (open source solution). If not, how to prevent developer from viewing the source code?
The final expectation is the developer will know we use crypto package, but do not know we use what algorithm and key we implemented.
Note: I do not expect solution of restricting file access to the user nor hosting it in another environment.
node-ffi is a Node.js addon for loading and calling dynamic libraries using pure JavaScript. It can be used to create bindings to native libraries without writing any C++ code.
https://github.com/node-ffi/node-ffi
I am trying to use sanbox in my jsf application. So i need tag library for sandbox or jar file
can anyone help me out in this.
You can identify which Sandbox Jar you need to use from here