Merge changes made in the branch SPM-Spring2021-2599-张小飞201831990641
						commit
						0afac2a30e
					
				|  | @ -1,2 +1,3 @@ | ||||||
| FROM tiangolo/uwsgi-nginx-flask:python3.6 | FROM tiangolo/uwsgi-nginx-flask:python3.6 | ||||||
| COPY ./app /app | COPY ./app /app | ||||||
|  | 
 | ||||||
|  |  | ||||||
|  | @ -32,6 +32,20 @@ class Sqlite3Template: | ||||||
|         self.instructions(self.query) |         self.instructions(self.query) | ||||||
|         self.operate() |         self.operate() | ||||||
|          |          | ||||||
|  |     def instructions_with_parameters(self, query_statement, parameters): | ||||||
|  |         self.query = query_statement | ||||||
|  |         self.parameters = parameters | ||||||
|  | 
 | ||||||
|  |     def do_with_parameters(self): | ||||||
|  |         self.connect(self.db_fname) | ||||||
|  |         self.instructions_with_parameters(self.query, self.parameters) | ||||||
|  |         self.operate_with_parameters() | ||||||
|  | 
 | ||||||
|  |     def operate_with_parameters(self): | ||||||
|  |         self.conn.row_factory = sqlite3.Row | ||||||
|  |         self.results = self.conn.execute(self.query, self.parameters) # self.query is to be given in the child classes | ||||||
|  |         self.conn.commit() | ||||||
|  | 
 | ||||||
|          |          | ||||||
| class InsertQuery(Sqlite3Template): | class InsertQuery(Sqlite3Template): | ||||||
|     def instructions(self, query): |     def instructions(self, query): | ||||||
|  |  | ||||||
|  | @ -38,8 +38,8 @@ def load_freq_history(path): | ||||||
| 
 | 
 | ||||||
| def verify_user(username, password): | def verify_user(username, password): | ||||||
|     rq = RecordQuery(path_prefix + 'static/wordfreqapp.db') |     rq = RecordQuery(path_prefix + 'static/wordfreqapp.db') | ||||||
|     rq.instructions("SELECT * FROM user WHERE name='%s' AND password='%s'" % (username, password)) |     rq.instructions_with_parameters("SELECT * FROM user WHERE name=? AND password=?", (username, password)) | ||||||
|     rq.do() |     rq.do_with_parameters() | ||||||
|     result = rq.get_results() |     result = rq.get_results() | ||||||
|     return result != [] |     return result != [] | ||||||
| 
 | 
 | ||||||
|  | @ -228,7 +228,7 @@ def mainpage(): | ||||||
|                </head> |                </head> | ||||||
|                <body> |                <body> | ||||||
|         ''' |         ''' | ||||||
|         page += '<p><b><font size="+3" color="red">English Pal - Learn English in a smart way!</font></b></p>' |         page += '<p><b><font size="+3" color="red">English Pal -(SPM-Spring2021-2599-张小飞201831990641) Learn English in a smart way!</font></b></p>' | ||||||
|         if session.get('logged_in'): |         if session.get('logged_in'): | ||||||
|             page += ' <a href="%s">%s</a></p>\n' % (session['username'], session['username']) |             page += ' <a href="%s">%s</a></p>\n' % (session['username'], session['username']) | ||||||
|         else: |         else: | ||||||
|  |  | ||||||
|  | @ -10,7 +10,7 @@ import string | ||||||
| driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME) | driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME) | ||||||
| driver.implicitly_wait(10) | driver.implicitly_wait(10) | ||||||
| 
 | 
 | ||||||
| HOME_PAGE = 'http://121.4.94.30:91/' | HOME_PAGE = 'http://121.4.94.30:5000/' | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| def has_punctuation(s): | def has_punctuation(s): | ||||||
|  | @ -19,6 +19,7 @@ def has_punctuation(s): | ||||||
| def test_add_word(): | def test_add_word(): | ||||||
|     try: |     try: | ||||||
|         driver.get(HOME_PAGE) |         driver.get(HOME_PAGE) | ||||||
|  |         print(driver.page_source) | ||||||
|         assert 'English Pal -' in driver.page_source |         assert 'English Pal -' in driver.page_source | ||||||
|      |      | ||||||
|         # login |         # login | ||||||
|  |  | ||||||
|  | @ -10,7 +10,7 @@ import string | ||||||
| driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME) | driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME) | ||||||
| driver.implicitly_wait(10) | driver.implicitly_wait(10) | ||||||
| 
 | 
 | ||||||
| HOME_PAGE = 'http://121.4.94.30:91/' | HOME_PAGE = 'http://121.4.94.30:5000/' | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| def has_punctuation(s): | def has_punctuation(s): | ||||||
|  |  | ||||||
|  | @ -9,7 +9,7 @@ import random, string | ||||||
| driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME) | driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME) | ||||||
| driver.implicitly_wait(10) | driver.implicitly_wait(10) | ||||||
| 
 | 
 | ||||||
| HOME_PAGE = 'http://121.4.94.30:91/' | HOME_PAGE = 'http://121.4.94.30:5000/' | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|  | @ -59,5 +59,6 @@ def test_login(): | ||||||
|      |      | ||||||
|         driver.save_screenshot('./app/test/test_login_pic4.png')     |         driver.save_screenshot('./app/test/test_login_pic4.png')     | ||||||
|         assert 'EnglishPal Study Room for ' + uname in  driver.title |         assert 'EnglishPal Study Room for ' + uname in  driver.title | ||||||
|  | 
 | ||||||
|     finally: |     finally: | ||||||
|         driver.quit() |         driver.quit() | ||||||
|  |  | ||||||
|  | @ -0,0 +1,35 @@ | ||||||
|  | # -*- coding: utf-8 -*- | ||||||
|  | # Run the docker image using the following command: | ||||||
|  | # docker run -d -p 4444:4444 selenium/standalone-chrome | ||||||
|  | from selenium import webdriver | ||||||
|  | from selenium.webdriver.common.desired_capabilities import DesiredCapabilities | ||||||
|  | 
 | ||||||
|  | import random, string | ||||||
|  | 
 | ||||||
|  | driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME) | ||||||
|  | driver.implicitly_wait(10) | ||||||
|  | 
 | ||||||
|  | HOME_PAGE = 'http://121.4.94.30:5000/' | ||||||
|  | 
 | ||||||
|  | def test_login_security_fix(): | ||||||
|  |     try: | ||||||
|  |         driver.get(HOME_PAGE) | ||||||
|  |          | ||||||
|  |         elem = driver.find_element_by_link_text('登录') | ||||||
|  |         elem.click() | ||||||
|  |          | ||||||
|  |         uname = 'lanhui' | ||||||
|  |         elem = driver.find_element_by_name('username') | ||||||
|  |         elem.send_keys(uname) | ||||||
|  |          | ||||||
|  |         elem = driver.find_element_by_name('password') | ||||||
|  |         # 使用原有漏洞密码登录 | ||||||
|  |         elem.send_keys("' or 'a'='a'or'a'='a") | ||||||
|  |          | ||||||
|  |         elem = driver.find_element_by_xpath('//form[1]/p[3]/input[1]') # 找到登录按钮 | ||||||
|  |         elem.click() | ||||||
|  |          | ||||||
|  |         driver.save_screenshot('./app/test/test_login_security_fix0.png') | ||||||
|  |         assert '无法通过验证。' in driver.page_source | ||||||
|  |     finally: | ||||||
|  |         driver.quit() | ||||||
|  | @ -9,7 +9,7 @@ import random, string, time | ||||||
| driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME) | driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME) | ||||||
| driver.implicitly_wait(10) | driver.implicitly_wait(10) | ||||||
| 
 | 
 | ||||||
| HOME_PAGE = 'http://121.4.94.30:91/' | HOME_PAGE = 'http://121.4.94.30:5000/' | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|  | @ -42,7 +42,7 @@ def test_next(): | ||||||
|      |      | ||||||
|         # click Next |         # click Next | ||||||
|         diff = 0 |         diff = 0 | ||||||
|         for i in range(5): |         for i in range(10): | ||||||
|             elem = driver.find_element_by_link_text('下一篇') |             elem = driver.find_element_by_link_text('下一篇') | ||||||
|             elem.click() |             elem.click() | ||||||
|             driver.save_screenshot('./app/test/test_next_essay_pic1.png') |             driver.save_screenshot('./app/test/test_next_essay_pic1.png') | ||||||
|  |  | ||||||
|  | @ -9,7 +9,7 @@ import random, string | ||||||
| driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME) | driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME) | ||||||
| driver.implicitly_wait(10) | driver.implicitly_wait(10) | ||||||
| 
 | 
 | ||||||
| HOME_PAGE = 'http://121.4.94.30:91/' | HOME_PAGE = 'http://121.4.94.30:5000/' | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue