How to specify unprotected subdirectories in owasp.properties file? - security

I am using owasp csrfguard-3.0.0 for CSRF. I was able to specify unprotect js files from my Javascript folder using org.owasp.csrfguard.unprotected.JavaScript=javascript/*.js but I have other directories inside that folder as well how can I unprotect them.
e.g x/y/z is my folder structure how can I use org.owasp.csrfguard.unprotected to unprotect all the files from each directory.

I was able to resolve it by setting unprotected using .css/.js so that all the files of specified type will be ignored. That also helps even though those files are from different folders.

Related

Accessing all the files from a folder

I'm trying to access all the files from a certain folder so that I can get their path and put it into an array. Once I get this array, I'd like to use it in a react file and display its contents on a page. I had a general idea of looping through the folder but couldn't find a solution to my problem. Is there a way to do this, directly or maybe through a third-party package?

Modifying compressed zip folder context menu

I am currently developing a piece of software that will be used to upload files to SharePoint Online. I am currently adding options to the right click menu for different types of files to allow easy integration with the software, however I have run into a bit of an issue.
I have separate commands for files and folders and have currently added them as follows:
[HKEY_CURRENT_USER\Software\Classes\Folder\shell\Transfer]
#="Upload Folder to SharePoint"
"AppliesTo"="under:T:\\**\\**\\** OR J:\\**\\**\\** OR Q:\\**\\**\\**"
"Icon"="Path to Icon"
[HKEY_CURRENT_USER\Software\Classes\Folder\shell\Transfer\command]
#="Command for Folders"
[HKEY_CURRENT_USER\Software\Classes\*\shell\Transfer]
#="Upload File to SharePoint"
"AppliesTo"="under:T:\\**\\**\\** OR J:\\**\\**\\** OR Q:\\**\\**\\**"
"Icon"="Path to Icon"
[HKEY_CURRENT_USER\Software\Classes\*\shell\Transfer\command]
#="Command for files"
The above registry keys work perfectly and as intended, however a problem has occured relating to ZIP files. ZIPs are getting the context menu added under HKCU\Software\Classes\Folder\ instead of HKCU\Software\Classes\*\. Because of this, the context menu for ZIPs specifically causes issues with the software as it is expecting a directory folder but receives a ZIP file.
I have tried googling to find a location for putting the registry keys for ZIPs but I have been unable to find it. Does anyone know how I can either add these registry keys for specifically just ZIP files and hide the Folder additions or change the Folder registry keys to use a different command for ZIPs?
I managed to find the solution. It was necessary to make an association for .zip to CompressedFolder by doing:
[HKEY_CURRENT_USER\Software\Classes\.zip]
#="CompressedFolder"
Then I could put everything I needed under:
[HKEY_CURRENT_USER\Software\Classes\CompressedFolder\shell\GPATransfer]
#="Upload File to SharePoint"
Now anything under HKCU\Software\Classes\Folder\ does not get applied to zips. Instead, anything under HKCU\Software\Classes\CompressedFolder\ is applied to zips.

Can i exclude a file from a folder but not exclude files with same name from sub folder - InstallShield 2016 Dynamic Linking?

In InstallShield 2016 [Basic MSI Project] Dynamic Linking settings for a component, Can i exclude a file say with name A and not exclude the files with name A in subfolders.
Below settings, today excludes file with name A from all folders including the sub folders.
No, the settings for a single dynamic file link are unable to do that. Depending on the number of subdirectories involved, you may prefer to create one dynamic link for the top-level directory, excluding the file name, and one dynamic link for each subdirectory, not excluding the file name.
(In general I prefer avoiding dynamic file links. They make it too easy to violate component rules, or drop required files, on accident.)

require all templates including files with underscores

With brunch, I can require all files in a folder like this
require('/templates/');
But that does not cover files with underscores, I still need to require them like this:
require('templates/_mood');
How could I require all files in the templates folder including files with underscores?
tl;dr you can’t simply.
require('/templates/'); does not load all files, instead it loads templates/index file by default. in index you can require all files in current directory and that way your problem will be solved

how to add directory to SupportFiles in InstallShield

Is there a possibility to add directory (with sub directories) to SupportFiles section in installshield. I have dynamically created content (list of files changes constantly) that I use to support my installation.
Is there any other method to add dynamically whole directory to installation package. I need files from this directory only during installation process. At the end of the installation I want IS to remove these files automatically ?
The ISSetupFile table ( which drives the Support Files pattern ) only supports extracting files to a single directory. There is no way in the UI to tell it to be dynamic although you could have a build automation step that reflects the contents of a directory and wires it up to the table using the automation interface. This still couldn't do sub directories though.
What you probably want to do is creating a self-extracting zip of the files you need as part of your build and add that EXE to Support Files. Then write custom actions that call the EXE to extract the payload to Support Files and another CA to clean it up. Look for the custom action ISSetupFilesExtract and ISSetupFilesCleanup to figure out the best way to do this.
Although I'm late to the party: #BuvinJ mentioned in a comment that you can add directories to "Advanced Files" under "Disk1." In this case, they do appear in the temporary directory (support directory), eg. SUPPORTDIR\Disk1
SUPPORTDIR is a temporary location where the installer dumps files, and cleans them up afterward. An example is C:\Users\<your user name>\AppData\Local\Temp\2\{F6B9B2D6-2A5A-4146-9297-E80A199CB0CB}.
This could be a quicker/cheaper/faster solution to writing custom actions and/or packaging up files by hand in, say, a self-extracting zip file.

Resources