go-cache
marshalsec
go-cache | marshalsec | |
---|---|---|
8 | 7 | |
7,839 | 3,211 | |
- | - | |
0.0 | 0.0 | |
6 months ago | over 1 year ago | |
Go | Java | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
go-cache
-
My first package in go. An in-memory cache package useful when creating multiple instances of the cache
Why I am creating this package? There is an already existing memory cache package which creates (One Janitor for One Cache) So I am running into issues where many go routines are running in our use cases causing the application to crash due to some memory leakage in the library itself or maybe multiple timers running at same time casuing the issue. Also this is a very popular github library but just doesn't fits when I am creating many cache instances. So thought about creating one package by myself.
-
VCache vs Go-Cache
I wrote a new library called VCache (https://github.com/microup/vcache). VCahce differs from go-cache (https://github.com/patrickmn/go-cache) by using a key of type "any" instead of a key of type "string". I compared the performance of both libraries on the main operations: Add, Get, and Delete.
-
Better Cache - A Lightning Fast Caching System with Full Text Search
https://github.com/patrickmn/go-cache is a well known one. My cache module is for it's fast full text search thus I recommend only using mine if u are using a pre-set cache.
-
go-cache VS ccache - a user suggested alternative
2 projects | 2 Apr 2022
-
Implement an in-memory cache in Golang
github.com - patrickmn/go-cache
-
Log4j RCE Found
> when they went a year without a release.
Cause these libraries depend on other libraries that are probably extremely out of date at that point and have their own security vulnerabilities.
An example of a project that hasn't been dismissed as "abandoned", is https://github.com/patrickmn/go-cache because it explicitly doesnt have dependencies.
So yeah, if you have a semi-complex library, a year without a release is abandoned.
-
Cache locally using text file
implementing runtime cache using map seems doable, i may just learn from github.com/patrickmn/go-cache but i dont understand what does it mean cache locally using text file. does it mean I have to:
-
In-memory caching solutions
Though pretty simple but have a look at https://github.com/patrickmn/go-cache
marshalsec
-
How do I construct a curl command for a log4shell ldap server?
I'm using this: https://github.com/mbechler/marshalsec as an LDAP server.
-
A Study Notes of Exploit Spring Boot Actuator
According to the introduction in https://github.com/mbechler/marshalsec/blob/master/marshalsec.pdf, in addition to the javax.script.ScriptEngineManager class , we can also use the com.sun.rowset.JdbcRowSetImplclass to complete the exploitation through JNDI injection. The payload is as follows
-
Log4Shell log4j vulnerability (CVE-2021-44228) - cheat-sheet reference guide
Not sure if that method actually works since LDAP is a different protocol than HTTP? If you're running an HTTP server as the receiver, then your server is just going to be confused by the connection and it might not log anything. You either want to run an LDAP server like https://github.com/mbechler/marshalsec , or have some logging method that triggers on any TCP connection, or use a service like dnslog.cn that can log for you. (although I've seen a lot of companies are now specifically blocking that domain which seems silly).
- GitHub taking down tools allowing defenders to reproduce the Log4j vulnerability
- WTH
- Java Unmarshaller Security – Turning your data into code execution
- Log4j RCE Found
What are some alternatives?
BigCache - Efficient cache for gigabytes of data written in Go.
Java-Deserialization-Cheat-Sheet - The cheat sheet about Java Deserialization vulnerabilities
groupcache - groupcache is a caching and cache-filling library, intended as a replacement for memcached in many cases.
Apache Log4j 2 - Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
GCache - An in-memory cache library for golang. It supports multiple eviction policies: LRU, LFU, ARC
JNDIExploit - 一款用于JNDI注入利用的工具,大量参考/引用了Rogue JNDI项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。
badger - Fast key-value DB in Go.
jdk8u - https://wiki.openjdk.org/display/jdk8u
cache2go - Concurrency-safe Go caching library with expiration capabilities and access counters
logging-log4j1 - Apache log4j1
goose
lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/