def fetchUser(username): db_rw = connect() cur = db_rw.cursor(mdb.cursors.DictCursor) cur.execute("SELECT id, username FROM users WHERE username=%s", (username)) if cur.rowcount < 1: return None return FormsDict(cur.fetchone())
def selectors(): def getSelector(defenseList, selectedDefense=None): return "".join("<option value=%d%s>%d - %s</option>" % \ (i,(defenseList[i].name==selectedDefense.name and " selected" or ""), i, defenseList[i].name) \ for i in range(len(defenseList))) return FormsDict(xssoptions=getSelector(xssDefenses,xssDefense), csrfoptions=getSelector(csrfDefenses,csrfDefense))
def fetchUser(username): db_rw = connect() cur = db_rw.cursor() cur.execute("SELECT username FROM users WHERE username=?", (username, )) users = cur.fetchall() if len(users) < 1: return None return FormsDict(username=users[0][0])
def test_decode_method(self): """ FomsDict.attribute returs u'' on UnicodeError. """ data = tob('äöü') d = FormsDict(py2=data, py3=data.decode('latin1')) d = d.decode() self.assertFalse(d.recode_unicode) self.assertTrue(hasattr(list(d.keys())[0], 'encode')) self.assertTrue(hasattr(list(d.values())[0], 'encode'))
def add_picture(b64,key,artist:Multi=[],title=None): if (checkAPIkey(key)): keys = FormsDict() for a in artist: keys.append("artist",a) if title is not None: keys.append("title",title) k_filter, _, _, _ = uri_to_internal(keys) if "track" in k_filter: k_filter = k_filter["track"] utilities.set_image(b64,**k_filter)
def setUp(self): self.old_file_web_schema = api_files.file_web_schema self.old_request = api_files.request self.file_web_schema = MagicMock() self.request = MagicMock() self.request.query = FormsDict() self.db = MagicMock() api_files.file_web_schema = self.file_web_schema api_files.request = self.request
def trackInfo_external(artist:Multi[str],**keys): # transform into a multidict so we can use our nomral uri_to_internal function keys = FormsDict(keys) for a in artist: keys.append("artist",a) k_filter, _, _, _ = uri_to_internal(keys,forceTrack=True) ckeys = {**k_filter} results = trackInfo(**ckeys) return results
def remove_identical(*dicts): #combine multiple dicts keys = FormsDict() for d in dicts: for k in d: try: #multidicts for v in d.getall(k): keys.append(k, v) except: #normaldicts v = d.get(k) keys.append(k, v) new = FormsDict() for k in keys: #values = set(keys.getall(k)) values = keys.getall(k) # NO IDENTICAL REMOVAL FOR NOW for v in values: new.append(k, v) return new
def remove_identical(*dicts): #combine multiple dicts keys = FormsDict() for d in dicts: for k in d: try: #multidicts for v in d.getall(k): keys.append(k, v) except: #normaldicts v = d.get(k) keys.append(k, v) return keys
def pickKeys(d,*keys): if isinstance(d,dict): return {k:d.get(k) for k in d if k in keys} else: # create a normal dictionary of lists newd = {k:d.getall(k) for k in d if k in keys} # one by one add the list entries to the formsdict finald = FormsDict() for k in newd: for v in newd.get(k): finald.append(k,v) return finald
def home(): ''' This is the initial view, before the user has clicked "Submit" ''' return view( 'robo_draft', #summary_text='', use_text='', source_text='', # Use an empty FormsDict on initial load so data fields are empty form=FormsDict(), )
def fetchUser(username): """ checks if there exists given username in table users or not if user exists return (id, username) pair if user does not exist return None @param username: the username of a user @return The row which has username is equal to provided input """ db_rw = connect() cur = db_rw.cursor(mdb.cursors.DictCursor) print username #TODO: Implement a prepared statement so that this query selects a id and username of the row which has column username = username if cur.rowcount < 1: return None return FormsDict(cur.fetchone())
def fetchUser(username): """ checks if there exists given username in table users or not if user exists return (id, username) pair if user does not exist return None @param username: the username of a user @return The row which has username is equal to provided input """ db_rw = connect() cur = db_rw.cursor(mdb.cursors.DictCursor) #TODO use cur.execute() to fetch the row with this username from the users table, if it exists query = "SELECT id, username FROM project2.users WHERE username=%s;" cur.execute(query, (username)) if cur.rowcount < 1: return None return FormsDict(cur.fetchone())
def search(): defenses.setup(request, response) csrftoken = defenses.csrfDefense.init(request, response) defenses.xssDefense.init(response) query = defenses.xssDefense.filter(request.query.q) user = getUser() if user and user.id: if query != "": database.addHistory(user.id, query) history = database.getHistory(user.id) else: history = None return dict(v=FormsDict(defenses=defenses.selectors(), user=getUser(), query=query, history=history, csrfcode=defenses.csrfDefense.formHTML(csrftoken)))
def internal_to_uri(keys): urikeys = FormsDict() #filter if "artist" in keys: urikeys.append("artist", keys["artist"]) if keys.get("associated"): urikeys.append("associated", "yes") elif "track" in keys: for a in keys["track"]["artists"]: urikeys.append("artist", a) urikeys.append("title", keys["track"]["title"]) #time if "timerange" in keys: keydict = keys["timerange"].urikeys() for k in keydict: urikeys.append(k, keydict[k]) elif "within" in keys: urikeys.append("in", time_str(keys["within"])) else: if "since" in keys and keys["since"] is not None: urikeys.append("since", time_str(keys["since"])) if "to" in keys and keys["to"] is not None: urikeys.append("to", time_str(keys["to"])) # delimit if "step" in keys: urikeys.append("step", keys["step"]) if "stepn" in keys: urikeys.append("stepn", str(keys["stepn"])) if "trail" in keys: if keys["trail"] == math.inf: urikeys.append("cumulative", "yes") else: urikeys.append("trail", str(keys["trail"])) # stuff #if "max_" in keys: # urikeys.append("max",str(keys["max_"])) if "page" in keys: urikeys.append("page", str(keys["page"])) if "perpage" in keys: urikeys.append("perpage", str(keys["perpage"])) return urikeys
def search(): defenses.setup(request, response) csrftoken = defenses.csrfDefense.init(request, response) defenses.xssDefense.init(response) query = defenses.xssDefense.filter(request.query.q) user = getUser() if user and user.id: if user.username != 'attacker': # Hack to prevent students from polluting each others' history if query != "": database.addHistory(user.id, query) history = database.getHistory(user.id) else: history = None return dict(v=FormsDict(defenses=defenses.selectors(), user=getUser(), query=query, history=history, csrfcode=defenses.csrfDefense.formHTML(csrftoken)))
def fetchUser(username): """ checks if there exists given username in table users or not if user exists return (id, username) pair if user does not exist return None @param username: the username of a user @return The row which has username is equal to provided input """ db_rw = connect() cur = db_rw.cursor(mdb.cursors.DictCursor) #TODO use cur.execute() to fetch the row with this username from the users table, if it exists query = "select id,username from users where username=%s" cur.execute(query, (username, )) if cur.rowcount < 1: print("User not found", username) return None print('Found user: ', username) return FormsDict(cur.fetchone())
def handle(self, nodes, reqmethod, querykeys, headers): for f in self.functions: if f["method"] != reqmethod: continue pathkeys = FormsDict() # match against paths r = parse.parse(f["path"], "/".join(nodes)) if r is not None: func = f["func"] for k in r.named: # set vars according to path match pathkeys[k] = r[k] types = func.__annotations__ for k in pathkeys: if k in types: if isinstance(types[k], MultiType): subtype = types[k].elementtype pk = pathkeys[k].split("/") pathkeys[k] = [subtype(e) for e in pk] else: pathkeys[k] = types[k](pathkeys[k]) for k in querykeys: if k in types: if isinstance(types[k], MultiType): subtype = types[k].elementtype qk = querykeys.getall(k) querykeys.replace(k, [subtype(e) for e in qk]) else: querykeys[k] = types[k](querykeys[k]) if f["headers"]: return func(**querykeys, **pathkeys, **headers) else: return func(**querykeys, **pathkeys) return {"error": "Not found"}
def show_wifi_form(): return template('wifi-form', errors=None, data=FormsDict(), orientations=ORIENTATIONS, geojson=GEOJSON_NAME)
def test_attr_access(self): """ FomsDict.attribute returs string values as unicode. """ d = FormsDict(py2=tob('瓶'), py3=tob('瓶').decode('latin1')) self.assertEqual(touni('瓶'), d.py2) self.assertEqual(touni('瓶'), d.py3)
def setUp(self): self.old_request = api_scans.request self.request = MagicMock() self.request.query = FormsDict() api_scans.request = self.request
def test_decode_method(self): d = FormsDict(py2=tob('瓶'), py3=tob('瓶').decode('latin1')) d = d.decode() self.assertFalse(d.recode_unicode) self.assertTrue(hasattr(list(d.keys())[0], 'encode')) self.assertTrue(hasattr(list(d.values())[0], 'encode'))
def test_attr_unicode_error(self): """ FomsDict.attribute returs u'' on UnicodeError. """ d = FormsDict(latin=touni('öäüß').encode('latin1')) self.assertEqual(touni(''), d.latin) d.input_encoding = 'latin1' self.assertEqual(touni('öäüß'), d.latin)
def test_attr_missing(self): """ FomsDict.attribute returs u'' on missing keys. """ d = FormsDict() self.assertEqual(touni(''), d.missing)
def handle(self, nodes, reqmethod, querykeys, headers): cls = self.classes[nodes.pop(0)] # REST access to resource if (reqmethod in ["POST"] and len(nodes) == 0) or (len(nodes) == 1): if reqmethod in ["POST"]: newobj = cls(**querykeys) # new object will sign up by itself thanks to class decorator return newobj.__apidict__() if reqmethod in ["GET", "PATCH", "DELETE"]: objkey = nodes.pop(0) obj = self.objects[cls][objkey] if reqmethod == "PATCH": try: return obj.__patch__(**querykeys) except: pass # if no __patch__ method is provided, we try everythin we can # to somehow patch this object for key in querykeys: for assignattempt in ( # oh boy here we go again "getattr(obj,'set_' + key)(querykeys[key])", "getattr(obj,'set' + key)(querykeys[key])", "obj[key] = querykeys[key]", "setattr(obj,key,querykeys[key])"): try: exec(assignattempt) break except: pass return obj.__apidict__() if reqmethod == "GET": return obj.__apidict__() if reqmethod == "DELETE": del self.objects[cls][objkey] return {"status": "success"} # access to object methods elif len(nodes) > 1: objkey = nodes.pop(0) obj = self.objects[cls][objkey] for f in self.functions[cls]: if f["method"] != reqmethod: continue pathkeys = FormsDict() # match against paths r = parse.parse(f["path"], "/".join(nodes)) if r is not None: func = f["func"] for k in r.named: # set vars according to path match pathkeys[k] = r[k] types = func.__annotations__ for k in pathkeys: if k in types: if isinstance(types[k], MultiType): subtype = types[k].elementtype pk = pathkeys[k].split("/") pathkeys[k] = [subtype(e) for e in pk] else: pathkeys[k] = types[k](pathkeys[k]) for k in querykeys: if k in types: if isinstance(types[k], MultiType): subtype = types[k].elementtype qk = querykeys.getall(k) querykeys[k] = [subtype(e) for e in qk] else: querykeys[k] = types[k](querykeys[k]) if f["headers"]: return func(obj, **querykeys, **pathkeys, **headers) else: return func(obj, **querykeys, **pathkeys) return {"status": "failure"}
def __init__(self, post, query=None, files=None): self.POST = FormsDict(**post) self.query = FormsDict(query) if query else FormsDict() self.files = FormsDict(files) if files else FormsDict()
def index(): defenses.setup(request, response) csrftoken = defenses.csrfDefense.init(request, response) return dict(v=FormsDict(defenses=defenses.selectors(), user=getUser(), csrfcode=defenses.csrfDefense.formHTML(csrftoken)))
def setUp(self): self.db = MagicMock() self.request = MagicMock() self.request.query = FormsDict() self.old_request = api_tags.request api_tags.request = self.request