ideas
cats
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ideas
-
Why CISA Is Warning CISOs About a Breach at Sisense
State Encryption was one of those long requested features[0] (I had it on my ideas list for years[1]) that Hashicorp didn't have much incentive to build. I don't think it has to with distancing opentofu as such, but the opentofu team prioritizing the right things that customers actually need.
[0]: https://github.com/hashicorp/terraform/issues/9556
[1]: https://github.com/captn3m0/ideas#-mars-terraform-remote-htt...
-
OPML Is Underrated
What I would really like to see is “subscribeable OPML feeds”, so GitHub could provide a OPML feed for what shows up in your home page, and you any changes in your subscriptions (repos you watch etc) would change the OPML, which would then cause your feed reader to unsubscribe/subscribe to specific RAS feeds.
Unfortunately, this isn’t supported by the majority of RSS clients (tt-rss is the only one I know) which means in practice OPML feeds are merely import/export mechanisms.
Ref: https://github.com/captn3m0/ideas#opml-sync
-
Text adventure ported to social media
I’ve been wanting to write a Mastodon/Twitter twine compiler that would take an existing Twine story and compile it to a list of posts.
https://github.com/captn3m0/ideas#twitter-adventure-maker
The primary difficulty is in flattening the state, which twine supports (apple=true, key=false in this story) but if it’s not too many variables might work out.
-
Twine is an open-source tool for telling interactive, nonlinear stories
In my list of ideas is one for a Twine-compatible Twitter-Adventure Maker[0]. Remember those "choose your own adventure threads" that showed up on twitter and got viral a while back[1]. It would be great to be able to use Twine for authoring those.
[0]: https://github.com/captn3m0/ideas#twitter-adventure-maker
[1]: https://www.linkedin.com/pulse/media-trend-choose-your-own-a...
-
Thoughts on RSS
I wish OPML (the import/export RSS format) was also subscribe-able[1] in more clients. So my GitHub "news feed" would live at github.com/captn3m0/news.opml (which would just be a list of RSS URLs), and the client would update this list periodically.
Same thing works well for Twitter, or other sites.
[1]: https://github.com/captn3m0/ideas/#opml-sync
-
Show HN: Mitmproxy2swagger – Automagically reverse-engineer REST APIs
Almost exactly a fit against my idea[1] to generate OpenAPI from HAR files.
[1]: https://github.com/captn3m0/ideas#openapi-specification-gene...
-
Battleship
Want to build the same, but using boardgame.io. Search for Gym here: https://github.com/captn3m0/ideas
-
Show HN: Napkin – Build Back End Functions in the Browser
I've been wanting something like this for an idea of mine[1]. Would love to have the ability to send arbitary responses (JPG/PNG)
[1]: https://github.com/captn3m0/ideas#svg-to-png-on-the-edge
cats
- Ask HN: What Underrated Open Source Project Deserves More Recognition?
- Yet Another REST API Fuzzer
-
CWE Top Most Dangerous Software Weaknesses
Out of this frustration I've built: https://github.com/Endava/cats. It's for APIs, but mostly addressing exactly this case: don't use strings for everything, if you choose to use it though, make sure you add patterns for checking if things are valid, make sure you think about all the corner cases and all the weird characters that can brake you app, and so on.
-
API Security Testing
If the API has an OpenAPI spec available, you can use: https://github.com/Endava/cats
-
Cucumber Maintainer out of Job and future of the project is uncertain
This is why we need better tools which will give benefits for the added complexity. If you need to create both the feature files AND the code, it's just complexity with little benefits. But frameworks like https://github.com/karatelabs/karate or https://github.com/Endava/cats are hiding this complexity and remove the code layer entirely. Which, in my view, this is where you need to be in 2023, particularly for API testing.
-
Invisible Characters
I've built a tool specifically to test if these kind of characters will reach API backends: https://github.com/Endava/cats. My idea was that APIs should explicitly reject or sanitise input containing such characters.
- REST API fuzzer with minimum configuration
- Learnings from 5 Years of Tech Startup Code Audits
-
ce framework pentru fuzzing folositi ?
Cats by Endava
- am creat un web server in C imun la buffer overflows
What are some alternatives?
mitmproxy2swagger - Automagically reverse-engineer REST APIs via capturing traffic
openapi-fuzzer - Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!
twine - Utilities for interacting with PyPI
restler-fuzzer - RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
har2requests - Generate Python Requests code from your browser activity 🤖
mimic - [ab]using Unicode to create tragedy
ideas - 💡 Looking for inspiration for your next open source project? Or perhaps you've got a brilliant idea you can't wait to share with others? Open Source Ideas is a community built specifically for this! 👋
jcrapi2 - A Java Wrapper For Official Supercell Clash Royal Api
twison - A Twine 2 story format that provides JSON export
RESTest - RESTest: Automated Black-Box Testing of RESTful Web APIs
gym-battleship - Battleship environment for reinforcement learning tasks