開発スタッフがアプリ関連の最新技術やニュースをご紹介します。

映画マトリックスの世界を題材にしたUnreal Engine 5 の技術デモ
「The Matrix Awakens: An Unreal Engine 5 Experience」
がPlayStation5とXbox Series X|S向けに12月10日から公開予定のようです。

続きを読む

Today I would like to share about some web security tools that should be used by developers. When we develop a software, we must also consider the aspects of security. So, in some situations, not only have to write secure codes but reverse testing is also needed. Let’s take a look at some web security tools as follows.

1. Zed Attack Proxy (ZAP)

Developed by OWASP (Open Web Application Security Project), ZAP or Zed Attack Proxy is a multi-platform, open-source web application security testing tool. ZAP is used for finding a number of security vulnerabilities in a web app during the development as well as the testing phase.

2. Wapiti

Wapiti is a open source project. Wapiti performs black box testing to check web applications for security vulnerabilities. As it is a command-line application, it is important to have a knowledge of various commands used by Wapiti. You can find all the Wapiti instructions on the official documentation. For checking whether a script is vulnerable or not, Wapiti injects payloads. This tool provides support for both GET and POST HTTP attack methods.

Vulnerabilities exposed by Wapiti are:

• Command Execution detection
• CRLF injection
• Database injection
• File disclosure
• Shellshock or Bash bug
• SSRF (Server Side Request Forgery)
• Weak .htaccess configurations that can be bypassed
• XSS injection
• XXE injection

3. Sqlmap

SQLMap is entirely free to use that allow automating the process of detecting and utilizing SQL injection vulnerability in a website’s database. This tool supports 6 types of SQL injection techniques:

• Boolean-based blind
• Error-based
• Out-of-band
• Stacked queries
• Time-based blind
• UNION query

4. Skipfish

Skipfish is a web application security tool that crawls your website and then checks each page for various security threats and provides a final security report. It is highly optimized for HTTP handling and utilizing minimum CPU.

5. Burp Suite

Burp Suite is a Java-based web penetration testing framework. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. The tool intercepts HTTP/S requests and acts as a middle-man between the user and web pages. The paid version provides a more agile automated testing tool with integrations with other frameworks such as Jenkins.

6. Nikto

The Nikto web server scanner is a security tool that will test a website for thousands of possible security issues including dangerous files, mis-configured services, vulnerable scripts and other issues. It is open source and structured with plugins that extend the capabilities.

Hope you enjoy that.

By Asahi

The PHP team has released PHP 8.1. Let’s see a bit of some main features they have added.

https://twitter.com/official_php/status/1463943033234276360

Improvements

There are many improvements as follow.

• Enumerations
• Readonly properties
• Pure Intersection Types
• never return type
• First-class Callable Syntax
• New array_is_list function
• and many more

We will walk through some feature more details.

Enumerations

PHP 8.1 supports Enumerations (Enums) natively, providing an API for defining and working with Enums:

enum Data
{
    case Draft;
    case Published;
    case Archived;
}
function acceptStatus(Data $data) {...}

Read-only Properties

Read-only properties cannot be changed after they are initialized. You can be confident that your data classes are consistent. PHP 8.1 can reduce boilerplate by defining public properties the author does not intend to change.

class Sample
{
    public readonly Data $data;
 
    public function __construct(Data $data)
    {
        $this->data = $data;
    }
}

First-class Callable Syntax

You can make make a closure from a callable by calling it and passing "...“

function sum(int $a, int $b) {
    // ...
}
 
$sum = sum(...);
$sum(1, 5);
$sum(5, 3);

and there are still more interesting features to look more detail. Please check the official documentation for more detail.

Yuuma

今回は、Chart.js DataLabelsを使って、canvasに円グラフを描く方法をご紹介します。

まずは、htmlファイルを作成し、その中に4つのスクリプトファイルをインポートしています。

    <script src="https://cdn.jsdelivr.net/npm/chart.js@3.0.0/dist/chart.min.js"></script>
    <script src="https://cdn.jsdelivr.net/npm/chart.js@2.8.0"></script>
    <script src="https://cdn.jsdelivr.net/npm/chartjs-plugin-datalabels@2.0.0"></script>  
    <script src="https://unpkg.com/chart.js-plugin-labels-dv@3.0.5/dist/chartjs-plugin-labels.min.js"></script>

<canvas id="my-chart"></canvas>

以上のcanvasにに円グラフを作成します。円グラフを作成するには、このようなdataが含まれている必要があります。

        var data = {
                labels: ["6:00 AM", "6:15 AM", "6:20 AM"],

                datasets: [
                    {
                        labels: ["wake up", "have breakfast", "bursh teeth"],
                        backgroundColor: ["#FA8072","#FFFF66","#FFC0CB"],
                        data: [40, 60, 90],
                        borderWidth: 1,
                        
                    }
                ]
            };

また、typeをpieにする必要もあります。もう一つ、datalabelsを表示するために、グラフにプラグイン名をインポートします。

var myChart = new Chart(ctx, {
            type: 'pie',
            data: data,
           plugins: [ChartDataLabels],
});

ラベルを外に見せるために、このようなセットを挿入します。

                    labels: {
                        render: function(d) { 
                            return `${d.label}`;  
                        },
                        position: 'outside',
                    },

円グラフの中で、ラベルを表示するには次のようにします。

datalabels: {
                      
                        formatter: function(value, context) {
                            return context.dataset.labels[context.dataIndex];
                        },
                  },

その結果が上部に表示されています。

この記事を楽しんでもらえたら嬉しいです。

By Ami

1. app/Models Directory

The artisan:make model command will create the model in the app/Models directory. This feature was decided after Taylor asked people on Twitter how they feel about this.

If you don’t like that, it’s possible to delete the app/Models directory and artisan will create the model file in the app/ folder. 

2. New Landing Page

Laravel 8 comes with a new landing page for a brand new install. It is now redesigned and It is built using TailwindCSS, includes light and dark-mode capabilities, and by default extends links to SaaS products and community sites.

3. Controllers Routing Namespacing

No more double prefix issues! In previous versions of Laravel, the RouteServiceProvider had an attribute called namespace that was used to prefix the controllers in the routes files. That created a problem when you were trying to use a callable syntax on your controllers, causing Laravel to mistakenly double prefix it for you. This attribute was removed and now you can import and use it without the issue.

It can also be used for single action controllers that have the __invoke method.

Route::get(‘/welcome’, [WelcomeController::class, ‘index’]);

Route::get(‘/welcome’, WelcomeController::class);

4. Route Caching

Laravel uses route caching to compile your routes in a PHP array that is more efficient to deal with. In Laravel 8, it’s possible to use this feature even if you have closures as actions to your routes. This should extend the usage of route caching for improved performance.

Route::get(‘/components’, function(){

return view(‘button’);

});

5. Attributes on Extended Blade Components

In Laravel 7 the child components didn’t have access to the $attributes passed to it. In Laravel 8 these components were enhanced and it is now possible to merge nested component attributes. This makes it easier to create extended components.

6. Better Syntax for Event Listening

In the previous versions of Laravel, when creating a closure-based event listener there was much repetition and a cumbersome syntax.

Event::listen(ConferenceScheduled::class, function( ConferenceScheduled $event){

info(get_class($event));

});

In Laravel 8 it’s simpler and cleaner:

Event::listen(function( ConferenceScheduled $event){

info(get_class($event));

});

//one line version

Event::listen(fn( ConferenceScheduled $event =>info(get_class($event))));

7. Queueable Anonymous Event Listeners

In Laravel 8 it is possible to create queueable closure from anywhere in the code. This will create a queue of anonymous event listeners that will get executed in the background. This feature makes it easier to do this, while in previous versions of Laravel you would need to use an event class and an event listener (using the ShouldQueue trait).

<?php

namespace App\Models;

use function Illuminate\Events\queueable;

Class User extends Authenticable

{

protected static function booting()

{

static::created( queueable ( function (User $user) {

info(‘ Queued: ‘.$user->name);

});

}

}

8. Maintenance Mode

artisan down —secret=laracon-2020

This is especially useful when you need to do some maintenance on your application and you want to take it down for your users but still let your developers investigate bugs. This will create a secret cookie that will be granted to whoever hits the correct endpoint, allowing it to use the application while in maintenance mode.

artisan down –render=”errors:503″

Pre-rendering an error view is a safe way for not exposing errors to your end user when your application is down (during a new deployment, for example). The Laravel 8 framework guarantees that your predefined error page will be displayed before everything else from the application.

artisan down –render=”welcome” –redirect=/ –status=200 –secret=laracon-2020

This combines the new features and will make the application only display a single predefined route, while still allowing for the people who have the secret to test and debug. This can be very useful when launching a new app.

9. Closure Dispatch “Catch”

Route::get(‘/queue-catch’, function(){

dispatch( function() {

throw new Exception(‘Something went wrong…’);

})->catch(function( Throwable $e){

info(‘Caught exception!!’);

})

});

Laravel has a pretty robust queue system that accepts a closure queue that will get serialized and executed in the background. Now we have a way to handle failures in case your job fails.

10. Exponential Backoff Strategy

This is an algorithm that decreases the rate of your job in order to gradually find an acceptable rate.

public function backoff(){

return [1,5,10];

}

Tsuki