mirror of
https://github.com/avatao-content/baseimage-tutorial-framework
synced 2024-11-05 16:31:21 +00:00
Create components to handle SQL injection tutorial
This commit is contained in:
parent
b1159d6c3e
commit
e0b3064513
0
src/components/__init__.py
Normal file
0
src/components/__init__.py
Normal file
@ -1,8 +1,12 @@
|
||||
import codecs
|
||||
import sqlite3
|
||||
|
||||
import source_code
|
||||
from component import Component
|
||||
from stateful_component import StatefulComponent
|
||||
from tornado.ioloop import IOLoop
|
||||
|
||||
from login_component import authorize_login
|
||||
|
||||
|
||||
def echo_handler(data):
|
||||
@ -24,9 +28,59 @@ def reverse_handler(data, *args):
|
||||
return data
|
||||
|
||||
|
||||
def login_handler(data, component):
|
||||
email, password = data['data']['email'], data['data']['password']
|
||||
try:
|
||||
sql_statement = source_code.find_local_variable_value(authorize_login, 'sql_statement')
|
||||
yield (
|
||||
'anchor_logger',
|
||||
'The SQL statement executed by the server will look like this:\n `{}`'.format(sql_statement)
|
||||
)
|
||||
|
||||
yield ('anchor_webide',
|
||||
source_code.get_source_code(authorize_login, strip_comments=False))
|
||||
|
||||
sql_statement_with_values = sql_statement.format(email, password)
|
||||
yield (
|
||||
'anchor_logger',
|
||||
'After the submitted parameters are substituted it looks like this:\n `{}`'.format(
|
||||
sql_statement_with_values
|
||||
)
|
||||
)
|
||||
|
||||
logged_in_email, is_admin = authorize_login(email, password)
|
||||
|
||||
yield (
|
||||
'anchor_logger',
|
||||
'After the query is executed, it returns _{}_ as email address, and _{}_ for is_admin'.format(
|
||||
logged_in_email, is_admin
|
||||
)
|
||||
)
|
||||
|
||||
if logged_in_email is not None:
|
||||
response = 'Logged in as _{}_. You __{}have__ admin privileges.'.format(
|
||||
logged_in_email,
|
||||
'' if is_admin else 'don\'t '
|
||||
)
|
||||
else:
|
||||
response = 'Bad username/password!'
|
||||
except sqlite3.Warning:
|
||||
response = 'Invalid request!'
|
||||
|
||||
yield ('anchor_login', '# Login page\n' + response)
|
||||
|
||||
|
||||
def source_code_handler(data, component):
|
||||
component.unsubscribe(data['anchor'])
|
||||
yield (data['anchor'],
|
||||
source_code.get_source_code(authorize_login, strip_comments=True))
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
anchor_a = Component('anchor_a', change_case_handler)
|
||||
anchor_b = Component('anchor_b', rot13_handler)
|
||||
anchor_c = Component('anchor_c', reverse_handler)
|
||||
|
||||
anchor_login = StatefulComponent('anchor_login', login_handler)
|
||||
anchor_webide = StatefulComponent('anchor_webide', source_code_handler)
|
||||
IOLoop.instance().start()
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user