Skip to content

Instantly share code, notes, and snippets.

View convenient's full-sized avatar

Luke Rodgers convenient

View GitHub Profile
@convenient
convenient / README.md
Last active March 31, 2026 10:39
Axios Supply Chain Attack Local Package Scanner

Context

On March 31, 2026, StepSecurity identified two malicious versions of the widely used axios HTTP client library published to npm: axios@1.14.1 and axios@0.30.4

The malicious versions inject a new dependency, plain-crypto-js@4.2.1, which is never imported anywhere in the axios source code. Its sole purpose is to execute a postinstall script that acts as a cross platform remote access trojan (RAT) dropper, targeting macOS, Windows, and Linux. The dropper contacts a live command and control server and delivers platform specific second stage payloads. After execution, the malware deletes itself and replaces its own package.json with a clean version to evade forensic detection.

If you have installed axios@1.14.1 or axios@0.30.4, assume your system is compromised.

@convenient
convenient / gist:543c9752384a1fe005dc4ab60c3732bd
Last active October 1, 2021 09:59
Add stacktrace to all magento logs

vendor/magento/framework/Logger/Monolog.php

    public function addRecord($level, $message, array $context = [])
    {
        $context[uniqid('trace')] = (new \Exception())->getTraceAsString();
@convenient
convenient / README.md
Last active February 4, 2019 11:44
Magento 2 Commerce patch files for staging unit test date bug
@convenient
convenient / file-test.php
Last active October 22, 2016 18:19
php-fpm libxml_disable_entity_loader
<?php
error_reporting( error_reporting() & ~E_NOTICE & ~E_WARNING);
/**
* @param SimpleXMLElement|bool $element
* @return string
*/
function loadedOkay($element)
{
if ($element === true) {
@convenient
convenient / gist:9846247e14e3c0950994ed8bd0fcc1c7
Last active June 20, 2017 14:05
Group magento system log by frequency
cut -f 5- -d ':' /var/www/vhosts/project.com/var/log/system.log | sort -n | uniq -c | sort -nr | head -20
Get all 404 requests from log
`lecli query --loggroup bes_web --leql 'where(status=404 AND request!=/(.*?)favicon.ico/)' -r 'last 1 hour'`
`grep -Eo ".{0,255}query" 404.log | sed -e 's/\", "query//' | cut -d ":" -f9 | sed 's/^.//'`
cat reqs.log | sed -e 's/.*userAgent...//' -e 's/.referer.*..//'
@convenient
convenient / gist:d8aa9464e2ae03b4171056cf6e528bc3
Created June 2, 2016 11:29
Magento cron stuck
select IF(count(schedule_id) = 0, 'stuck', 'okay') as crons from cron_schedule where finished_at is not null and finished_at >= DATE_SUB(NOW(), INTERVAL 2 HOUR);
@convenient
convenient / gist:459cbf6649bb73dd7343340cf6e145f8
Created May 3, 2016 10:12
apache access log group by iP
cat /var/log/httpd/access.SSL.log | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -20
@convenient
convenient / mage2
Last active February 3, 2017 08:39
PHPBREW Install php for Magento 1.x
phpbrew install 5.3.26 +default +dbs +apxs2
phpbrew ext install iconv
phpbrew ext install gd
phpbrew ext install xdebug 2.2.3
#nano /home/luker/.phpbrew/php/php-5.3.26/var/db/xdebug.ini
xdebug.remote_host = 127.0.0.1
xdebug.remote_enable = 1
xdebug.remote_port = 9000
xdebug.remote_handler = dbgp
@convenient
convenient / Price
Created December 11, 2015 13:10
Magento indexer changelog backlog
select count(*) from catalog_product_index_price_cl where version_id > (select version_id from enterprise_mview_metadata where changelog_name='catalog_product_index_price_cl');
@convenient
convenient / gist:5113999404d320e15424
Last active September 27, 2016 19:56
MD5 A directory
cd ~/path/to/folder/ && find . -name '*.php' | sort -d | xargs md5sum
#files with spaces
cd . && find . -name '*.mp3' | xargs -d '\n' md5sum | sort -k 3