Create components to handle SQL injection tutorial

This commit is contained in:
Bálint Bokros 2017-11-27 18:52:34 +01:00
parent b1159d6c3e
commit e0b3064513
2 changed files with 55 additions and 1 deletions

View File

View File

@ -1,8 +1,12 @@
import codecs
import sqlite3
import source_code
from component import Component
from stateful_component import StatefulComponent
from tornado.ioloop import IOLoop
from login_component import authorize_login
def echo_handler(data):
@ -24,9 +28,59 @@ def reverse_handler(data, *args):
return data
def login_handler(data, component):
email, password = data['data']['email'], data['data']['password']
try:
sql_statement = source_code.find_local_variable_value(authorize_login, 'sql_statement')
yield (
'anchor_logger',
'The SQL statement executed by the server will look like this:\n `{}`'.format(sql_statement)
)
yield ('anchor_webide',
source_code.get_source_code(authorize_login, strip_comments=False))
sql_statement_with_values = sql_statement.format(email, password)
yield (
'anchor_logger',
'After the submitted parameters are substituted it looks like this:\n `{}`'.format(
sql_statement_with_values
)
)
logged_in_email, is_admin = authorize_login(email, password)
yield (
'anchor_logger',
'After the query is executed, it returns _{}_ as email address, and _{}_ for is_admin'.format(
logged_in_email, is_admin
)
)
if logged_in_email is not None:
response = 'Logged in as _{}_. You __{}have__ admin privileges.'.format(
logged_in_email,
'' if is_admin else 'don\'t '
)
else:
response = 'Bad username/password!'
except sqlite3.Warning:
response = 'Invalid request!'
yield ('anchor_login', '# Login page\n' + response)
def source_code_handler(data, component):
component.unsubscribe(data['anchor'])
yield (data['anchor'],
source_code.get_source_code(authorize_login, strip_comments=True))
if __name__ == '__main__':
anchor_a = Component('anchor_a', change_case_handler)
anchor_b = Component('anchor_b', rot13_handler)
anchor_c = Component('anchor_c', reverse_handler)
anchor_login = StatefulComponent('anchor_login', login_handler)
anchor_webide = StatefulComponent('anchor_webide', source_code_handler)
IOLoop.instance().start()