daily

GitHub XSLT Trending

The latest build: 2024-06-16Source of data: GitHubTrendingRSS

Tests for URI Template implementations


URI Template Tests

This is a set of tests for implementations of RFC6570 - URI Template. It is designed to be reused by any implementation, to improve interoperability and implementation quality.

If your project uses Git for version control, you can make uritemplate-tests into a submodule.

Test Format

Each test file is a JSON document containing an object whose properties are groups of related tests. Alternatively, all tests are available in XML as well, with the XML files being generated by transform-json-tests.xslt which uses json2xml.xslt as a general-purpose JSON-to-XML parsing library.

Each group, in turn, is an object with three children:

  • level - the level of the tests covered, as per the RFC (optional; if absent, assume level 4).
  • variables - an object representing the variables that are available to the tests in the suite
  • testcases - a list of testcases, where each case is a two-member list, the first being the template, the second being the result of expanding the template with the provided variables.

Note that the result string can be a few different things:

  • string - if the second member is a string, the result of expansion is expected to match it, character-for-character.
  • list - if the second member is a list of strings, the result of expansion is expected to match one of them; this allows for templates that can expand into different, equally-acceptable URIs.
  • false - if the second member is boolean false, expansion is expected to fail (i.e., the template was invalid).

For example:

{ "Level 1 Examples" : { "level": 1, "variables": { "var" : "value", "hello" : "Hello World!" }, "testcases" : [ ["{var}", "value"], ["{hello}", "Hello%20World%21"] ] }}

Tests Included

The following test files are included:

  • spec-examples.json - The complete set of example templates from the RFC
  • spec-examples-by-section.json - The examples, section by section
  • extended-tests.json - more complex test cases
  • negative-tests.json - invalid templates

For all these test files, XML versions with the names *.xml can be generated with the transform-json-tests.xslt XSLT stylesheet. The XSLT contains the names of the above test files as a parameter, and can be started with any XML as input (i.e., the XML input is ignored).

License

Copyright 2011-2012 The Authors

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

 http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)


Living Off The Land Binaries and Scripts (and now also Libraries)

All the different files can be found behind a fancy frontend here: https://lolbas-project.github.io (thanks @ConsciousHacker for this bit of eyecandy and the team over at https://gtfobins.github.io/). This repo serves as a place where we maintain the YML files that are used by the fancy frontend.

Goal

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.

Criteria

A LOLBin/Lib/Script must:

  • Be a Microsoft-signed file, either native to the OS or downloaded from Microsoft.
  • Have extra "unexpected" functionality. It is not interesting to document intended use cases.
    • Exceptions are application whitelisting bypasses
  • Have functionality that would be useful to an APT or red team

Interesting functionality can include:

  • Executing code
    • Arbitrary code execution
    • Pass-through execution of other programs (unsigned) or scripts (via a LOLBin)
  • Compiling code
  • File operations
    • Downloading
    • Upload
    • Copy
  • Persistence
    • Pass-through persistence utilizing existing LOLBin
    • Persistence (e.g. hide data in ADS, execute at logon)
  • UAC bypass
  • Credential theft
  • Dumping process memory
  • Surveillance (e.g. keylogger, network trace)
  • Log evasion/modification
  • DLL side-loading/hijacking without being relocated elsewhere in the filesystem.

We do not approve binaries that allows for netntlm coercing, since most Windows binaries allows for that. Only exception is binaries that allows that on other than default ports (such as rpcping) or can allow direct credential theft.

Contributing

If you have found a new LOLBin or LOLScript that you would like to contribute, please review the contributing guidelines located here: https://github.com/LOLBAS-Project/LOLBAS/blob/master/CONTRIBUTING.md

A template for the required format has been provided here: https://github.com/LOLBAS-Project/LOLBAS/blob/master/YML-Template.yml

The History of the LOLBin

The phrase "Living off the land" was coined by Christopher Campbell (@obscuresec) & Matt Graeber (@mattifestation) at DerbyCon 3.

The term LOLBins came from a Twitter discussion on what to call binaries that can be used by an attacker to perform actions beyond their original purpose. Philip Goh (@MathCasualty) proposed LOLBins. A highly scientific internet poll ensued, and after a general consensus (69%) was reached, the name was made official. Jimmy (@bohops) followed up with LOLScripts. No poll was taken.

Common hashtags for these files are:

  • #LOLBin
  • #LOLBins
  • #LOLScript
  • #LOLScripts
  • #LOLLib
  • #LOLLibs

Our primary maintainer (@oddvarmoe) of this project did a talk at DerbyCon 2018 called: #Lolbins Nothing to LOL about! - https://www.youtube.com/watch?v=NiYTdmZ8GR4 This talk goes over the history of this project.

Maintainers

The following folks help maintain the LOLBAS Project on their personal time:

Thanks

As with many open-source projects, this one is the product of a community and we would like to thank ours:

  • The domain http://lolbins.com has been registered by an unknown individual and redirected it to the old version of this project.
  • The domain http://lolbas-project.com has been registered by Jimmy (@bohops).
  • The logos for the project were created by Adam Nadrowski (@_sup_mane). We #@&!!@#! love them.

Notice

  • Please refer to NOTICE.md for license information

NIST SP 800-53 content and other OSCAL content examples


GitterProcess Content

OSCAL Examples

This directory contains numerous OSCAL examples in XML, JSON, and YAML formats based on the latest OSCAL stable release.

These files are maintained by a Continuous Integration and Continuous Deployment (CI/CD) process that automatically converts source content into the alternate formats found in the many subdirectories of this repository. As a result, these example files should not be modified. Instead, the source of the file should be edited in the src subdirectories.

The structure and contents of the examples directory are as follows:

  • examples: This directory contains sample OSCAL content organized by OSCAL model.
  • nist.gov/SP800-53/rev4: This directory contains OSCAL examples of the catalog, and low, moderate, and high baselines defined by NIST Special Publication (SP) 800-53 Revision 4.
  • nist.gov/SP800-53/rev5: This directory contains OSCAL examples of the catalog, and low, moderate, and high baselines defined by NIST Special Publication (SP) 800-53 Revision 5 and SP 800-53B respectively.
  • src: This directory contains the source files for all the OSCAL examples located in this repository.
  • build: This directory includes instructions and tools to build OSCAL dependencies, generate, convert, and check example content in this repository for release.