mirror of
https://github.com/avatao-content/baseimage-tutorial-framework
synced 2024-11-22 12:51:32 +00:00
Create components to handle SQL injection tutorial
This commit is contained in:
parent
b1159d6c3e
commit
e0b3064513
0
src/components/__init__.py
Normal file
0
src/components/__init__.py
Normal file
@ -1,8 +1,12 @@
|
|||||||
import codecs
|
import codecs
|
||||||
|
import sqlite3
|
||||||
|
|
||||||
|
import source_code
|
||||||
from component import Component
|
from component import Component
|
||||||
|
from stateful_component import StatefulComponent
|
||||||
from tornado.ioloop import IOLoop
|
from tornado.ioloop import IOLoop
|
||||||
|
|
||||||
|
from login_component import authorize_login
|
||||||
|
|
||||||
|
|
||||||
def echo_handler(data):
|
def echo_handler(data):
|
||||||
@ -24,9 +28,59 @@ def reverse_handler(data, *args):
|
|||||||
return data
|
return data
|
||||||
|
|
||||||
|
|
||||||
|
def login_handler(data, component):
|
||||||
|
email, password = data['data']['email'], data['data']['password']
|
||||||
|
try:
|
||||||
|
sql_statement = source_code.find_local_variable_value(authorize_login, 'sql_statement')
|
||||||
|
yield (
|
||||||
|
'anchor_logger',
|
||||||
|
'The SQL statement executed by the server will look like this:\n `{}`'.format(sql_statement)
|
||||||
|
)
|
||||||
|
|
||||||
|
yield ('anchor_webide',
|
||||||
|
source_code.get_source_code(authorize_login, strip_comments=False))
|
||||||
|
|
||||||
|
sql_statement_with_values = sql_statement.format(email, password)
|
||||||
|
yield (
|
||||||
|
'anchor_logger',
|
||||||
|
'After the submitted parameters are substituted it looks like this:\n `{}`'.format(
|
||||||
|
sql_statement_with_values
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
logged_in_email, is_admin = authorize_login(email, password)
|
||||||
|
|
||||||
|
yield (
|
||||||
|
'anchor_logger',
|
||||||
|
'After the query is executed, it returns _{}_ as email address, and _{}_ for is_admin'.format(
|
||||||
|
logged_in_email, is_admin
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
if logged_in_email is not None:
|
||||||
|
response = 'Logged in as _{}_. You __{}have__ admin privileges.'.format(
|
||||||
|
logged_in_email,
|
||||||
|
'' if is_admin else 'don\'t '
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
response = 'Bad username/password!'
|
||||||
|
except sqlite3.Warning:
|
||||||
|
response = 'Invalid request!'
|
||||||
|
|
||||||
|
yield ('anchor_login', '# Login page\n' + response)
|
||||||
|
|
||||||
|
|
||||||
|
def source_code_handler(data, component):
|
||||||
|
component.unsubscribe(data['anchor'])
|
||||||
|
yield (data['anchor'],
|
||||||
|
source_code.get_source_code(authorize_login, strip_comments=True))
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
anchor_a = Component('anchor_a', change_case_handler)
|
anchor_a = Component('anchor_a', change_case_handler)
|
||||||
anchor_b = Component('anchor_b', rot13_handler)
|
anchor_b = Component('anchor_b', rot13_handler)
|
||||||
anchor_c = Component('anchor_c', reverse_handler)
|
anchor_c = Component('anchor_c', reverse_handler)
|
||||||
|
anchor_login = StatefulComponent('anchor_login', login_handler)
|
||||||
|
anchor_webide = StatefulComponent('anchor_webide', source_code_handler)
|
||||||
IOLoop.instance().start()
|
IOLoop.instance().start()
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user