Contents
- file_input.py
- fixed_input.py
- security_bug.py
file_input.py 1/3
[top][prev][next]
# Example of providing a validated list of input
# Sara Sprenkle
def main():
# the list of valid files user can choose from
VALID_LIST = ["highschool.txt", "college.txt", "family.txt"]
VALID_LIST.sort()
print()
print("Which of the following social network files do you want to process?")
x = 1
for filename in VALID_LIST:
print("\t%d: %s" % (x, filename))
x+=1
choicestr = input("Select the file by number: ")
print()
try:
choice = int(choicestr)
if choice < 1 or choice > len(VALID_LIST):
print("ERROR:", choice, "is not a valid selection.")
else:
print("Processing file %d: %s" % (choice, VALID_LIST[choice-1]))
except:
print("ERROR: selection must be an integer.")
main()
fixed_input.py 2/3
[top][prev][next]
# Example of addressing the input() security bug in Python
# Sara Sprenkle
total = 0
numDeposits = int(input("How many deposits are there? "))
if numDeposits <= 0:
print("Error: Number of deposits must be positive")
sys.exit(1)
for x in range(numDeposits):
depositString = input("Enter deposit " + str(x) + ": ")
try:
deposit = float(depositString)
total += deposit
except:
# Note that one less deposit will be included in total; does not
# reprompt for deposit
print("Error: the deposit must be an float.")
print("The total amount deposited is $%.2f." % total)
security_bug.py 3/3
[top][prev][next]
# Example of security bug in python with input() function in Python
# Sara Sprenkle
total = 0
numDeposits = int(input("How many deposits are there? "))
if numDeposits <= 0:
print("Error: Number of deposits must be positive")
sys.exit(1)
for x in range(numDeposits):
# Try entering something like "total * 2" for the second deposit
total += eval(input("Enter deposit " + str(x) + ": "))
print("The total amount deposited is $%.2f." % total)
Generated by GNU enscript 1.6.4.