Upload examples.txt

examples.txt

@@ -0,0 +1,47 @@
+#### examples of secure code
+
+
+1. def findAverage(list): sum = 0. for x in list: sum = sum + x average = sum / len(list) return average
+
+2. def findMax(list): max = list[0] for x in list: if x > max: max = x return max
+
+3. def findRange(list): return max(list)-min(list)
+
+4. def rng(): return random.randint(0,9)
+
+5. def search(arr, low, high, x): if high >= low: mid = (high + low) // 2 if arr[mid] == x: return mid elif arr[mid] > x: return search(arr, low, mid - 1, x) else: return search(arr, mid + 1, high, x) else: return -1
+
+
+
+
+#### examples of insecure code
+(obtained from https://hackernoon.com/10-common-security-gotchas-in-python-and-how-to-avoid-them-e19fbe265e03
+ and from http://www.pvv.org/~oma/InsecureCodingC_NDC_June2014.pdf)
+
+1.
+import subprocess
+def transcode_file(request, filename): 
+  command = 'ffmpeg -i '{source}' output_file.mpg'.format(source=filename) 
+  subprocess.call(command, shell=True)
+
+2.
+def foo(request, user): assert user.is_admin, “user does not have access”
+
+3.
+void authenticate_and_launch(void)
+{
+ int n_missiles = 2;
+ bool allowaccess = false;
+ char response[8];
+ printf("Secret: ");
+ gets(response);
+ if (strcmp(response, "Joshua") == 0)
+ allowaccess = true;
+ if (allowaccess) {
+ puts("Access granted");
+ launch_missiles(n_missiles);
+ }
+ if (!allowaccess)
+ puts("Access denied");
+
+