0:00:26
what is going on guys welcome back to
0:00:29
another session of buildbreak and fix
0:00:32
as always brought to you by the raw
0:00:37
you've only got me
0:00:39
today just one rule coder
0:00:42
because tory has to deal with some of
0:00:46
interviews which is going through so
0:00:51
um looking forward to how he
0:00:55
through those hopefully on
0:01:00
but yeah uh first thing is first
0:01:03
let's acknowledge the country and pay
0:01:05
our respects to the
0:01:08
elders of the past present and future so
0:01:13
i begin today by acknowledging the
0:01:15
traditional custodians of the land on
0:01:17
which we gather today and pay my
0:01:19
respects to the elders past present and
0:01:22
future i extend their respect to
0:01:24
aboriginal and torres strait islander
0:01:29
all right um so that was done pretty
0:01:32
smoothly as always
0:01:35
right so just a bit of a context um
0:01:38
actually first let me play some
0:01:42
noise music i meant to be precise
0:01:46
oh just a random one
0:01:57
yeah i do apologize this last
0:02:01
a few days i haven't been on uh because
0:02:05
of some other other commitments um but
0:02:11
and let's get the ball rolling all right
0:02:14
so um yeah a bit for context or where we
0:02:31
sunday we basically
0:02:33
implemented a fix for
0:02:35
preventing the excess attack
0:02:38
so we're gonna be testing that one today
0:02:41
and see how we go if it's actually
0:02:46
if it's actually um
0:02:49
fixed the access attack all right
0:02:52
so let's get the party pumping
0:02:56
i'm going to share my screen and
0:03:03
the changes which i can take but
0:03:06
we'll probably have to have a look at
0:03:12
i'm just gonna close everything that i
0:03:21
here we go i'll share my screen now
0:03:29
all right cool so now
0:03:34
if he's actually um
0:03:38
i'm really hoping he
0:03:44
has this is come no that would be in the
0:03:50
actually did we implement it in the
0:03:52
front end of the backhand
0:03:56
um i can't remember but probably it's
0:04:03
yeah he hasn't been pushed
0:04:06
or is in the back hand
0:04:32
no it hasn't been pushed
0:04:34
because if you would have been then
0:04:36
you would have i would have to pull
0:04:38
requests but put requests on there
0:04:46
with this being said
0:04:49
i'm not entirely sure
0:04:52
so what we might do is we might need to
0:05:01
implement that myself again
0:05:05
and take it from there
0:05:17
now i'm pretty sure it was in
0:05:28
i'm pretty sure it was in the back end
0:05:36
focus on this one so if we do this
0:06:13
you need board names
0:06:19
that was actually save new concurrent
0:06:21
users uh here we go this is attack fix
0:06:25
okay we can probably use that one
0:06:34
do get checked out
0:06:56
that way i would switch to that branch
0:07:02
so in that one let me just make sure
0:07:05
everything is there pure funding.js is
0:07:09
and then that's there yet script is
0:07:16
no way no no that's not the one
0:08:06
access this attack
0:08:51
do we need to do here
0:09:07
it's basically when we
0:09:10
know so in that one we were doing in a
0:09:25
which was the function that we were
0:09:40
and a password now
0:10:01
what's this oh this is just a
0:10:13
so that one was using
0:10:19
is this crumble no no no no this is the
0:10:24
i need to go to the back end instead
0:10:27
this is the front end
0:10:34
no i wonder why i wasn't being able to
0:10:58
that isn't the one
0:11:01
so we basically inserted something
0:11:49
where was it doing the
0:11:57
she was doing it over here
0:12:07
sending all the connections
0:12:14
yep there that one here
0:12:17
i believe we had to
0:12:29
so what would happen is
0:12:34
so what we are trying to do
0:12:41
where we're gonna be have to have to be
0:12:44
testing the exorcist attack and the code
0:12:47
was already already implemented but
0:12:50
um it wasn't pushed uh that is why the
0:12:54
code isn't here but actually let me try
0:13:22
there's no tracking yeah there's no
0:13:24
tracking obviously
0:13:28
we're going to be using our
0:13:55
okay and this is how we're gonna use it
0:14:00
it's basically requiring
0:14:07
actually this is in the back hand so we
0:14:13
don't npm don't purify yeah
0:14:18
is it already actually i'm gonna check
0:14:21
it's already installed
0:14:30
so it wasn't all already installed but
0:14:32
we just installed it
0:14:35
which is great and now we can basically
0:14:50
and then just require that don't purify
0:14:55
i'm gonna check where it is
0:14:59
so it should be in this one
0:15:04
don't purify sanitizer we have
0:15:15
sanitize okay cool
0:15:18
so now what we need to actually purify
0:15:27
so now what we would need to do is
0:15:31
we need to use it as that
0:15:43
so if you don't do a re
0:15:48
actually we can use in that way
0:15:59
oh come on where is it
0:16:28
so we would basically do hair um
0:16:35
dirty message yeah
0:16:37
call it that dirty message
0:16:43
okay and then we can call another one
0:17:04
um that would be dirty message.
0:17:31
okay and then once message is there
0:17:35
we are doing here there
0:17:45
all right let's face it talking const
0:17:49
right okay so we can do that
0:18:01
not even the return come on
0:18:08
and that should fix it for everything
0:18:29
let's check if this works in the first
0:19:05
all right this is almost there
0:19:23
that's built in now we can deploy this
0:19:58
all right that's coming up pretty well
0:20:27
let's see how much further does it go
0:20:29
and then we can finally test it which
0:20:32
would be the exciting part
0:20:54
okay cool so this is successfully done
0:21:10
s3 bucket and we can
0:21:21
actually is already public
0:21:28
already public i was free
0:21:33
yeah it is public interesting
0:21:39
if i open up another browser
0:21:42
then we want to test this
0:22:14
step important note here
0:22:27
let's just save it
0:22:33
okay cool so saving is that which is all
0:23:02
i guess i'll probably have to use
0:23:06
mrs laptop in order to have a second
0:23:09
user so just bid for me i'll be right
0:24:06
that is fine not a problem
0:24:11
see if i try and save it
0:25:05
so it does bring the text out in that
0:25:19
which is not basically how we should be
0:25:46
oh no text is this one
0:25:50
so is it not sanitizing it then
0:25:55
ah because it's coming from websockets
0:26:22
scroll to that one
0:26:27
on the other laptop
0:27:04
yeah they should be right
0:27:10
that didn't work right
0:27:12
ah because um websocket is open
0:27:16
yeah this so that should work
0:27:35
board name tester yeah board board yeah
0:27:51
i just didn't want to go
0:28:11
no it doesn't want to go
0:28:20
oh um i do apologize guys i've got to
0:28:22
tell you is that i do have a important
0:28:26
phone call in just two minutes
0:28:28
so i'll be here for two more minutes and
0:28:31
then i'll unfortunately have
0:28:33
to leave but yeah we'll carry on
0:28:36
doing this tomorrow as well and just
0:28:41
get that out the western as possible so
0:28:45
yeah if you want to join us tomorrow um
0:28:49
where we finally test this pro
0:28:54
where we finally test this properly and
0:28:59
get this working as well feel free to
0:29:04
the same time same place and same task
0:29:09
i'll catch yous tomorrow