Python get_template Exemples

Exemple #1

Fichier : app.py Projet : Contrast-Security-OSS/vulnpy

def vulnerable_app(environ, start_response):
    """
    A WSGI application callable that exposes vulnpy's API.

    This application currently only supports user_input coming form
    QUERY_STRING parameters. In the future, it should support form
    submissions.
    """
    response = []
    try:
        name, trigger_func = _get_trigger_info(environ)
    except NotFound:
        return not_found(start_response)

    if trigger_func:
        user_input = _get_user_input(environ)
        trigger_func(user_input)
        if trigger_func is xss.do_raw:
            response.append("<p>XSS: {}</p>".format(user_input))

    response.append(get_template("{}.html".format(name)))
    headers = [("Content-Type", "text/html")]

    # This makes the app vulnerable to cache control missing, since both no-cache and
    # no-store are missing
    headers.append(("Cache-Control", "public"))
    # This makes the app vulnerable to X-XSS-Protection disabled
    headers.append(("X-XSS-Protection", "0"))

    start_response("200 OK", headers)

    return [six.ensure_binary(s) for s in response]

Exemple #2

Fichier : vulnerable_routes.py Projet : Contrast-Security-OSS/vulnpy

    def _root_view():
        user_input = _get_user_input(request)
        trigger_func = get_trigger(name, trigger)

        if trigger_func:
            trigger_func(user_input)
        template = get_template("{}.html".format(name))

        if name == "xss" and trigger == "raw":
            template += "<p>XSS: " + user_input + "</p>"

        return template

Exemple #3

def vulnerable_app(environ, start_response):
    """
    A WSGI application callable that exposes vulnpy's API.

    This application currently only supports user_input coming form
    QUERY_STRING parameters. In the future, it should support form
    submissions.
    """
    response = []
    try:
        name, trigger_func = _get_trigger_info(environ)
    except NotFound:
        return not_found(start_response)

    if trigger_func:
        user_input = _get_user_input(environ)
        trigger_func(user_input)
        if trigger_func is xss.do_raw:
            response.append("<p>XSS: {}</p>".format(user_input))

    response.append(get_template("{}.html".format(name)))
    start_response("200 OK", [("Content-Type", "text/html")])
    return [six.ensure_binary(s) for s in response]

Exemple #4

Fichier : vulnerable_routes.py Projet : Praetor-Ian-Testing/vulnpy

 def _root(request):
     return Response(get_template("{}.html".format(name)))

Exemple #5

Fichier : vulnerable_routes.py Projet : Contrast-Security-OSS/vulnpy

 def _root_view():
     return get_template("{}.html".format(name))

Exemple #6

def _set_xss_response(resp, path, user_input):
    template = get_template(path)
    template += "<p>XSS: " + user_input + "</p>"

    resp.body = template
    resp.content_type = "text/html"

Exemple #7

def _set_response(resp, path):
    """
    Set the response body and Content-Type
    """
    resp.body = get_template(path)
    resp.content_type = "text/html"