Spaces:
Runtime error
Runtime error
File size: 1,374 Bytes
e3f1ae8 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
#### examples of secure code
1. def findAverage(list): sum = 0. for x in list: sum = sum + x average = sum / len(list) return average
2. def findMax(list): max = list[0] for x in list: if x > max: max = x return max
3. def findRange(list): return max(list)-min(list)
4. def rng(): return random.randint(0,9)
5. def search(arr, low, high, x): if high >= low: mid = (high + low) // 2 if arr[mid] == x: return mid elif arr[mid] > x: return search(arr, low, mid - 1, x) else: return search(arr, mid + 1, high, x) else: return -1
#### examples of insecure code
(obtained from https://hackernoon.com/10-common-security-gotchas-in-python-and-how-to-avoid-them-e19fbe265e03
and from http://www.pvv.org/~oma/InsecureCodingC_NDC_June2014.pdf)
1.
import subprocess
def transcode_file(request, filename):
command = 'ffmpeg -i '{source}' output_file.mpg'.format(source=filename)
subprocess.call(command, shell=True)
2.
def foo(request, user): assert user.is_admin, “user does not have access”
3.
void authenticate_and_launch(void)
{
int n_missiles = 2;
bool allowaccess = false;
char response[8];
printf("Secret: ");
gets(response);
if (strcmp(response, "Joshua") == 0)
allowaccess = true;
if (allowaccess) {
puts("Access granted");
launch_missiles(n_missiles);
}
if (!allowaccess)
puts("Access denied");
|