forked from mrlan/EnglishPal
Merge changes made in the branch SPM-Spring2021-2599-张小飞201831990641
commit
0afac2a30e
|
@ -1,2 +1,3 @@
|
||||||
FROM tiangolo/uwsgi-nginx-flask:python3.6
|
FROM tiangolo/uwsgi-nginx-flask:python3.6
|
||||||
COPY ./app /app
|
COPY ./app /app
|
||||||
|
|
||||||
|
|
|
@ -32,6 +32,20 @@ class Sqlite3Template:
|
||||||
self.instructions(self.query)
|
self.instructions(self.query)
|
||||||
self.operate()
|
self.operate()
|
||||||
|
|
||||||
|
def instructions_with_parameters(self, query_statement, parameters):
|
||||||
|
self.query = query_statement
|
||||||
|
self.parameters = parameters
|
||||||
|
|
||||||
|
def do_with_parameters(self):
|
||||||
|
self.connect(self.db_fname)
|
||||||
|
self.instructions_with_parameters(self.query, self.parameters)
|
||||||
|
self.operate_with_parameters()
|
||||||
|
|
||||||
|
def operate_with_parameters(self):
|
||||||
|
self.conn.row_factory = sqlite3.Row
|
||||||
|
self.results = self.conn.execute(self.query, self.parameters) # self.query is to be given in the child classes
|
||||||
|
self.conn.commit()
|
||||||
|
|
||||||
|
|
||||||
class InsertQuery(Sqlite3Template):
|
class InsertQuery(Sqlite3Template):
|
||||||
def instructions(self, query):
|
def instructions(self, query):
|
||||||
|
|
|
@ -38,8 +38,8 @@ def load_freq_history(path):
|
||||||
|
|
||||||
def verify_user(username, password):
|
def verify_user(username, password):
|
||||||
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
|
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db')
|
||||||
rq.instructions("SELECT * FROM user WHERE name='%s' AND password='%s'" % (username, password))
|
rq.instructions_with_parameters("SELECT * FROM user WHERE name=? AND password=?", (username, password))
|
||||||
rq.do()
|
rq.do_with_parameters()
|
||||||
result = rq.get_results()
|
result = rq.get_results()
|
||||||
return result != []
|
return result != []
|
||||||
|
|
||||||
|
@ -228,7 +228,7 @@ def mainpage():
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
'''
|
'''
|
||||||
page += '<p><b><font size="+3" color="red">English Pal - Learn English in a smart way!</font></b></p>'
|
page += '<p><b><font size="+3" color="red">English Pal -(SPM-Spring2021-2599-张小飞201831990641) Learn English in a smart way!</font></b></p>'
|
||||||
if session.get('logged_in'):
|
if session.get('logged_in'):
|
||||||
page += ' <a href="%s">%s</a></p>\n' % (session['username'], session['username'])
|
page += ' <a href="%s">%s</a></p>\n' % (session['username'], session['username'])
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -10,7 +10,7 @@ import string
|
||||||
driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
|
driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
|
||||||
driver.implicitly_wait(10)
|
driver.implicitly_wait(10)
|
||||||
|
|
||||||
HOME_PAGE = 'http://121.4.94.30:91/'
|
HOME_PAGE = 'http://121.4.94.30:5000/'
|
||||||
|
|
||||||
|
|
||||||
def has_punctuation(s):
|
def has_punctuation(s):
|
||||||
|
@ -19,6 +19,7 @@ def has_punctuation(s):
|
||||||
def test_add_word():
|
def test_add_word():
|
||||||
try:
|
try:
|
||||||
driver.get(HOME_PAGE)
|
driver.get(HOME_PAGE)
|
||||||
|
print(driver.page_source)
|
||||||
assert 'English Pal -' in driver.page_source
|
assert 'English Pal -' in driver.page_source
|
||||||
|
|
||||||
# login
|
# login
|
||||||
|
|
|
@ -10,7 +10,7 @@ import string
|
||||||
driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
|
driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
|
||||||
driver.implicitly_wait(10)
|
driver.implicitly_wait(10)
|
||||||
|
|
||||||
HOME_PAGE = 'http://121.4.94.30:91/'
|
HOME_PAGE = 'http://121.4.94.30:5000/'
|
||||||
|
|
||||||
|
|
||||||
def has_punctuation(s):
|
def has_punctuation(s):
|
||||||
|
|
|
@ -9,7 +9,7 @@ import random, string
|
||||||
driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
|
driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
|
||||||
driver.implicitly_wait(10)
|
driver.implicitly_wait(10)
|
||||||
|
|
||||||
HOME_PAGE = 'http://121.4.94.30:91/'
|
HOME_PAGE = 'http://121.4.94.30:5000/'
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -59,5 +59,6 @@ def test_login():
|
||||||
|
|
||||||
driver.save_screenshot('./app/test/test_login_pic4.png')
|
driver.save_screenshot('./app/test/test_login_pic4.png')
|
||||||
assert 'EnglishPal Study Room for ' + uname in driver.title
|
assert 'EnglishPal Study Room for ' + uname in driver.title
|
||||||
|
|
||||||
finally:
|
finally:
|
||||||
driver.quit()
|
driver.quit()
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Run the docker image using the following command:
|
||||||
|
# docker run -d -p 4444:4444 selenium/standalone-chrome
|
||||||
|
from selenium import webdriver
|
||||||
|
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
|
||||||
|
|
||||||
|
import random, string
|
||||||
|
|
||||||
|
driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
|
||||||
|
driver.implicitly_wait(10)
|
||||||
|
|
||||||
|
HOME_PAGE = 'http://121.4.94.30:5000/'
|
||||||
|
|
||||||
|
def test_login_security_fix():
|
||||||
|
try:
|
||||||
|
driver.get(HOME_PAGE)
|
||||||
|
|
||||||
|
elem = driver.find_element_by_link_text('登录')
|
||||||
|
elem.click()
|
||||||
|
|
||||||
|
uname = 'lanhui'
|
||||||
|
elem = driver.find_element_by_name('username')
|
||||||
|
elem.send_keys(uname)
|
||||||
|
|
||||||
|
elem = driver.find_element_by_name('password')
|
||||||
|
# 使用原有漏洞密码登录
|
||||||
|
elem.send_keys("' or 'a'='a'or'a'='a")
|
||||||
|
|
||||||
|
elem = driver.find_element_by_xpath('//form[1]/p[3]/input[1]') # 找到登录按钮
|
||||||
|
elem.click()
|
||||||
|
|
||||||
|
driver.save_screenshot('./app/test/test_login_security_fix0.png')
|
||||||
|
assert '无法通过验证。' in driver.page_source
|
||||||
|
finally:
|
||||||
|
driver.quit()
|
|
@ -9,7 +9,7 @@ import random, string, time
|
||||||
driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
|
driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
|
||||||
driver.implicitly_wait(10)
|
driver.implicitly_wait(10)
|
||||||
|
|
||||||
HOME_PAGE = 'http://121.4.94.30:91/'
|
HOME_PAGE = 'http://121.4.94.30:5000/'
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -42,7 +42,7 @@ def test_next():
|
||||||
|
|
||||||
# click Next
|
# click Next
|
||||||
diff = 0
|
diff = 0
|
||||||
for i in range(5):
|
for i in range(10):
|
||||||
elem = driver.find_element_by_link_text('下一篇')
|
elem = driver.find_element_by_link_text('下一篇')
|
||||||
elem.click()
|
elem.click()
|
||||||
driver.save_screenshot('./app/test/test_next_essay_pic1.png')
|
driver.save_screenshot('./app/test/test_next_essay_pic1.png')
|
||||||
|
|
|
@ -9,7 +9,7 @@ import random, string
|
||||||
driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
|
driver = webdriver.Remote('http://localhost:4444/wd/hub', DesiredCapabilities.CHROME)
|
||||||
driver.implicitly_wait(10)
|
driver.implicitly_wait(10)
|
||||||
|
|
||||||
HOME_PAGE = 'http://121.4.94.30:91/'
|
HOME_PAGE = 'http://121.4.94.30:5000/'
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue