I'm using awsconfiguration.json for AWS Cognito for my iOS Application written in swift. But I'm afraid of security that awsconfiguration.json is stored in my local directory. How can I protect this json file against a third man attack?
Please see similar Github Issue https://github.com/aws-amplify/aws-sdk-ios/issues/1671
The comments talk about
the file is non-sensitive data, so resources that should be accessed by authenticated users should be configured with the approiate controls. Amplify CLI helps you with this, depending on the resources you are provisioning in AWS.
there is a way to configure it in-memory via AWSInfo.configureDefaultAWSInfo(awsConfiguration)
Configure your AWS dependencies using in-memory configuration instead of the configuration JSON file as suggested by AWS documentation.
Sample code:
func buildAuthConfiguration() -> [String:JSONValue] {
return [
"awsCognitoAuthPlugin": [
"IdentityManager": [
"Default": [:]
],
"Auth": [
"Default": [
"authenticationFlowType": "String"
]
],
"CognitoUserPool": [
"Default": [
"PoolId": "String",
"AppClientId": "String",
"Region": "String"
]
],
"CredentialsProvider": [
"CognitoIdentity": [
"Default": [
"PoolId": "String",
"Region": "String"
]
]
]
]
]
}
func buildAPIConfiguration() -> [String: JSONValue] {
return [
"awsAPIPlugin": [
"apiName" : [
"endpoint": "String",
"endpointType": "String",
"authorizationType": "String",
"region": "String"
]
]
]
}
func configureAmplify() {
let authConf = AuthCategoryConfiguration(plugins: buildAuthConfiguration())
let apiConf = APICategoryConfiguration(plugins: buildAPIConfiguration())
let config = AmplifyConfiguration(
analytics: nil,
api: apiConf,
auth: authConf,
dataStore: nil,
hub: nil,
logging: nil,
predictions: nil,
storage: nil
)
try Amplify.configure(config)
// Rest of your code
}
Source: https://github.com/aws-amplify/amplify-ios/issues/1171#issuecomment-832988756
You can provide data protection to your app files by saving it into file directory
Following documentation can help you to achieve it.
https://developer.apple.com/documentation/uikit/protecting_the_user_s_privacy/encrypting_your_app_s_files
The fix to add a new constructor has been released in 2.13.6 version of the SDK.
to allow passing a JSONObject containing the configuration from the awsconfiguration.json file. You can store the information in JSONObject in your own security mechanism and provide it at runtime through the constructor.
https://github.com/aws-amplify/aws-sdk-android/pull/1002
Related
I have generic repository "my_repo". I uploaded files there from jenkins with to paths like my_repo/branch_buildNumber/package.tar.gz and with custom property "tag" like "1.9.0","1.10.0" etc. I want to get item/file with latest/newest tag.
I tried to modify Example 2 from this link ...
https://www.jfrog.com/confluence/display/JFROG/Using+File+Specs#UsingFileSpecs-Examples
... and add sorting and limit the way it was done here ...
https://www.jfrog.com/confluence/display/JFROG/Artifactory+Query+Language#ArtifactoryQueryLanguage-limitDisplayLimitsandPagination
But im getting "unknown property desc" error.
The Jenkins Artifactory Plugin, like most of the JFrog clients, supports File Specs for downloading and uploading generic files.
The File Specs schema is described here. When creating a File Spec for downloading files, you have the option of using the "pattern" property, which can include wildcards. For example, the following spec downloads all the zip files from the my-local-repo repository into the local froggy directory:
{
"files": [
{
"pattern": "my-local-repo/*.zip",
"target": "froggy/"
}
]
}
Alternatively, you can use "aql" instead of "pattern". The following spec, provides the same result as the previous one:
{
"files": [
{
"aql": {
"items.find": {
"repo": "my-local-repo",
"$or": [
{
"$and": [
{
"path": {
"$match": "*"
},
"name": {
"$match": "*.zip"
}
}
]
}
]
}
},
"target": "froggy/"
}
]
}
The allowed AQL syntax inside File Specs does not include everything the Artifactory Query Language allows. For examples, you can't use the "include" or "sort" clauses. These limitations were put in place, to make the response structure known and constant.
Sorting however is still available with File Specs, regardless of whether you choose to use "pattern" or "aql". It is supported throw the "sortBy", "sortOrder", "limit" and "offset" File Spec properties.
For example, the following File Spec, will download only the 3 largest zip file files:
{
"files": [
{
"aql": {
"items.find": {
"repo": "my-local-repo",
"$or": [
{
"$and": [
{
"path": {
"$match": "*"
},
"name": {
"$match": "*.zip"
}
}
]
}
]
}
},
"sortBy": ["size"],
"sortOrder": "desc",
"limit": 3,
"target": "froggy/"
}
]
}
And you can do the same with "pattern", instead of "aql":
{
"files": [
{
"pattern": "my-local-repo/*.zip",
"sortBy": ["size"],
"sortOrder": "desc",
"limit": 3,
"target": "local/output/"
}
]
}
You can read more about File Specs here.
(After answering this question here, we also updated the File Specs documentation with these examples).
After a lot of testing and experimenting i found that there are many ways of solving my main problem (getting latest version of package) but each of way require some function which is available in paid version. Like sort() in AQL or [RELEASE] in REST API. But i found that i still can get JSON with a full list of files and its properties. I can also download each single file. This led me to solution with simple python script. I can't publish whole but only the core which should bu fairly obvious
import requests, argparse
from packaging import version
...
query="""
items.find({
"type" : "file",
"$and":[{
"repo" : {"$match" : \"""" + args.repository + """\"},
"path" : {"$match" : \"""" + args.path + """\"}
}]
}).include("name","repo","path","size","property.*")
"""
auth=(args.username,args.password)
def clearVersion(ver: str):
new = ''
for letter in ver:
if letter.isnumeric() or letter == ".":
new+=letter
return new
def lastestArtifact(response: requests):
response = response.json()
latestVer = "0.0.0"
currentItemIndex = 0
chosenItemIndex = 0
for results in response["results"]:
for prop in results['properties']:
if prop["key"] == "tag":
if version.parse(clearVersion(prop["value"])) > version.parse(clearVersion(latestVer)):
latestVer = prop["value"]
chosenItemIndex = currentItemIndex
currentItemIndex += 1
return response["results"][chosenItemIndex]
req = requests.post(url,data=query,auth=auth)
if args.verbose:
print(req.text)
latest = lastestArtifact(req)
...
I just want to point that THIS IS NOT permanent solution. We just didnt want to buy license yet only because of one single problem. But if there will be more of such problems then we definetly buy PRO subscription.
I am trying to get the VolumeId and State of the Volume attached to the machines using aws API .
Code
#!/usr/local/bin/ruby
require "aws-sdk"
require "rubygems"
list=Aws::EC2::Client.new(region: "us-east-1")
volume=list.describe_volumes()
volumes=%x( aws ec2 describe-volumes --region='us-east-1' )
puts volumes
Below is the sample output of the command
aws ec2 describe-volumes --region='us-east-1' .
Please help to get VolumeID and state from the below
Sample Output of API(JSON):
{
"Volumes": [
{
"AvailabilityZone": "us-east-1d",
"Attachments": [
{
"AttachTime": "2015-02-02T07:31:36.000Z",
"InstanceId": "i-bca66353",
"VolumeId": "vol-892a2acd",
"State": "attached",
"DeleteOnTermination": true,
"Device": "/dev/sda1"
}
],
"Encrypted": false,
"VolumeType": "gp2",
"VolumeId": "vol-892a2acd",
"State": "in-use",
"Iops": 100,
"SnapshotId": "snap-df910966",
"CreateTime": "2015-02-02T07:31:36.380Z",
"Size": 8
},
]
}
for getting just the volume_ids ->
JSON.parse(volumes)['Volumes'].map{|v|v["VolumeId"]}
for getting just the states ->
JSON.parse(volumes)['Volumes'].map{|v|v["state"]}
for getting a hash/map with volume-ids as keys and their states as values ->
JSON.parse(volumes)['Volumes'].map{|v| [v["VolumeId"],v["state"]] }.to_h
I fired one transaction on Sawtooth. I can see transaction data using API. My question is how to decode the transaction payload.
{
"header": {
"batcher_public_key": "03d58421f80cf7f2d51efd7f4fc28fd07a81de146f7d01acc70c9e5dcfdf2cc20f",
"dependencies": [],
"family_name": "document",
"family_version": "1.0",
"inputs": [
"7d5acb"
],
"nonce": "",
"outputs": [
"7d5acb"
],
"payload_sha512": "9be6b4029768c2dda71b86eed2b1ba441442ec56714b863993f12aeab09242ef84087bc53b0cfadb93bbf99bcc7cdb8e03d71b1158887c8c3735abafb9765a43",
"signer_public_key": "03d58421f80cf7f2d51efd7f4fc28fd07a81de146f7d01acc70c9e5dcfdf2cc20f"
},
"header_signature": "e4379a4a4f66c52677df299ddc136a968efb64fba9de30acdf230a719442cdc56c2cf55953c14bbc5cc68991a8bef156df3d32fcf6c37f201c279f6ad7065cab",
"payload": "o2RWZXJiY3NldGROYW1leCBlZjlkMThjZGIwYjNkZDNmNWU1ZWE2MDliZjY3MDhmOWVWYWx1ZWA="
}
I want to decode payload": "o2RWZXJiY3NldGROYW1leCBlZjlkMThjZGIwYjNkZDNmNWU1ZWE2MDliZjY3MDhmOWVWYWx1ZWA=".
Can anyone please guide.
The sawtooth rest-api returns base64 encoded data, First you have to decode your Data,
import base64
decoded = base64.b64decode("o2RWZXJiY3NldGROYW1leCBlZjlkMThjZGIwYjNkZDNmNWU1ZWE2MDliZjY3MDhmOWVWYWx1ZWA=")
Now it really depends how you encoded your data, Use deserialisation for cbor, protobuf etc.
In the documentation for the Serilog.Sinks.File a JSON formatter is used:
// Install-Package Serilog.Formatting.Compact
.WriteTo.File(new CompactJsonFormatter(), "log.txt")
Is it possible to do the same using JSON configuration?
Yes, in the Args object, specify the full type name of the formatter:
"WriteTo": [
{
"Name": "File",
"Args": {
"path": "log.txt",
"formatter": "Serilog.Formatting.Compact.CompactJsonFormatter, Serilog.Formatting.Compact"
}
}
]
I am trying to get get ownership information against AssetIDs through the Youtube ContentID API.
I can see the data that I need through the API Explorer but cant seem to drill down the data using dot notation.
Here is the output from the API explorer:
{
"kind": "youtubePartner#asset",
"id": "A146063471697194",
"type": "music_video",
"ownership": {
"kind": "youtubePartner#rightsOwnership",
"general": [
{
"ratio": 100,
"owner": "Indmusic",
"type": "exclude"
}
]
},
"ownershipEffective": {
"kind": "youtubePartner#rightsOwnership",
"general": [
{
"ratio": 100,
"owner": "Indmusic",
"type": "exclude"
}
]
}
}
When accessing the "owner" I receive undefined instead of the listed value.
var url2 = _.sprintf('https://www.googleapis.com/youtube/partner/v1/assets/%s?fetchMetadata=effective&fetchOwnership=effective&key=%s',id,API_KEY);
var result2 = JSON.parse(UrlFetchApp.fetch(url2, getUrlFetchOptions()).getContentText());
Logger.log(result2.ownership.general.owner);
returns undefined
I have tried both ownershipEffective and ownership and they are both undefined.
I can log data from result2.ownership.general but nothing below that.
You can tell that general is an array by the [brackets] in:
"general": [
{
"ratio": 100,
"owner": "Indmusic",
"type": "exclude"
}
]
Try:
Logger.log(result2.ownership.general[0].owner);
general, having been declared an array, requires a position [0] even though there is only 1 item in the array.