NuGet Hell – our NuGet repo does not yet include the new functionality we refer to

We have a solution called MySolution. We have another solution that tests this solution, called "MyTests," which tests "MySolution."

In debug mode, & # 39; MyTests & # 39; on & # 39; Mysolution & # 39; with a path to local DLLs.

In release mode, & # 39; MyTests & # 39; via NuGet on & # 39; Mysolution & # 39 ;.

Only if feature branches of & # 39; MySolution & # 39; in & # 39; dev & # 39; The build server will be transferred to NuGet.

So, problem:

During development, I'm updating MySolution with new features, updating MyTests to test these new features, and it works, and builds and persists, and all is well, as it points to MySolution's local DLL.

If I move to the build server, it can not be created because the new functionality is not included in the MySolution package (now referred to by NuGet). This will also fail if I put my Visual Studio in Sharing mode.

What approaches are available to the team to avoid this form of DLL / NuGet hell? Is there a best practice where the names of feature branches play a smart role (ie, MySolution feature branches are redirected to NuGet, but a version is attached by default in which the MyTests feature topic is displayed becomes)?

Create your Pro Website Domain and include hosting for $ 50

Create your Pro Website Domain and Including Hosting

Create your Pro Website Domain and Including Hosting

I give you a complete website with domain & hosting (one year)
For more information please contact us …. anytime …

………………………….Order now…………….. ………

, (tagsToTranslate) Website (t) WordPress (t) Hosting (t) Domain (t) Web

Does Qt's Project Include files (* .pri) work in Visual Studio?

With the Qt Framework there is the possibility to include other project include files (.pri) in qmake project files (.Professional).

This allows me to include certain core functions (including library dependencies) in them .pri Files and just paste them into the .Professional File.

Now I plan to use the wxWidgets Framework for a DLL project with Visual Studio 2017 and I wonder if there is an equivalent to Qt's Project include files also for C ++ projects / solutions?

(EC2, Amazon Linux) I disconnected a volume and then re-attached it. Now I can no longer include SSH in my instance

I just created a new EC2 instance and was able to execute SSH in it.

I just disconnected it: / dev / xvda Volume, then reconnected immediately, and now I get the "ssh: connect to host ec2-34-222-44-253.us-west-2.compute.amazonaws". COM port 22: resource temporarily unavailable "

Why does not the volume of an EC2 instance become unavailable simply by disconnecting / re-attaching?

I made sure that the instance and everything is restarted.

The results of the web application pen test include a file from a forbidden directory that is not even used or referenced

Brute force Scanner

Many automatic scanners bypass locked directory listings by looking for "bruteforce" files. This means that they are looking for additional files whose names are similar to those of the existing files (ie. filename.js1 and files that are not referenced at all (aka secret.txt). If you happen to have a file whose name is on the bruteforced list and which is in an accessible directory, it will be found, regardless of whether the "directory listing" is enabled or not

It's worth noting that hackers do the same, so this is a real problem. If something is in a publicly accessible directory, you should generally think that it is found. So if you do not want it to be public, you need to keep it away from public directories – disabling the directory list offers very little security.

Real weaknesses

In the end, this does not seem to be a big problem (and probably is not), but leaving backups of javascript files in public directories is generally a bad idea. When it comes to XSS, an attacker generally has the most success if he can exploit a javascript file hosted on the same domain. This is because this provides the opportunity to bypass a CSP or other "security firewalls". If an older Javascript file contains a vulnerability that was fixed in a later release, and an attacker has found a way to force the user's browser to load the older Javascript file, it may be linked to a more malicious vulnerability. This may seem far-fetched, but how many of the worst security holes happen when many small vulnerabilities are grouped together into one larger one?

tl / dr: If something is hosted by your website but has none
Reason to be there, then it is a liability. Kill it with prejudice.

.net – CWE-611: Incorrect Limitation of External XML Entity Reference with XSL Include

Veracode reports that the following code is vulnerable to CWE-611: Improper restriction of the reference for external XML entities.

XslCompiledTransform transform = new XslCompiledTransform();
transform.Load(xslwithospath);
StringWriter results = new StringWriter();
using (XmlReader reader = XmlReader.Create(new StringReader(xml)))

Unfortunately, I can not set the XML resolver to zero because the XSLT uses an include


Is the only solution to rewrite the XSLT so that it does not contain XSL?