From 73aefcbf42736542f7da19b1d13fd121f24a9e55 Mon Sep 17 00:00:00 2001 From: "pixeebot-test[bot]" <123999551+pixeebot-test[bot]@users.noreply.github.com> Date: Sun, 21 Jul 2024 02:07:27 +0000 Subject: [PATCH] Sandbox URL Creation --- introduction/playground/A6/soln.py | 6 +++--- introduction/playground/A6/utility.py | 30 +++++++++++++-------------- introduction/views.py | 15 +++++--------- requirements.txt | 1 + 4 files changed, 24 insertions(+), 28 deletions(-) diff --git a/introduction/playground/A6/soln.py b/introduction/playground/A6/soln.py index ee85180..c91f4a4 100644 --- a/introduction/playground/A6/soln.py +++ b/introduction/playground/A6/soln.py @@ -1,4 +1,4 @@ -import requests +from security import safe_requests def check_vuln(list_of_modules)->list: @@ -6,10 +6,10 @@ def check_vuln(list_of_modules)->list: for i in list_of_modules: k = i.split("==") url = f"https://pypi.org/pypi/{k[0]}/{k[1]}/json" - response = requests.get(url) + response = safe_requests.get(url) response.raise_for_status() info = response.json() existing_vuln = info['vulnerabilities'] if len(existing_vuln) > 0: vulns.append(existing_vuln) - return vulns \ No newline at end of file + return vulns diff --git a/introduction/playground/A6/utility.py b/introduction/playground/A6/utility.py index 4f899f6..c91f4a4 100644 --- a/introduction/playground/A6/utility.py +++ b/introduction/playground/A6/utility.py @@ -1,15 +1,15 @@ -import requests - - -def check_vuln(list_of_modules)->list: - vulns = [] - for i in list_of_modules: - k = i.split("==") - url = f"https://pypi.org/pypi/{k[0]}/{k[1]}/json" - response = requests.get(url) - response.raise_for_status() - info = response.json() - existing_vuln = info['vulnerabilities'] - if len(existing_vuln) > 0: - vulns.append(existing_vuln) - return vulns \ No newline at end of file +from security import safe_requests + + +def check_vuln(list_of_modules)->list: + vulns = [] + for i in list_of_modules: + k = i.split("==") + url = f"https://pypi.org/pypi/{k[0]}/{k[1]}/json" + response = safe_requests.get(url) + response.raise_for_status() + info = response.json() + existing_vuln = info['vulnerabilities'] + if len(existing_vuln) > 0: + vulns.append(existing_vuln) + return vulns diff --git a/introduction/views.py b/introduction/views.py index 0f550c4..b6dd199 100644 --- a/introduction/views.py +++ b/introduction/views.py @@ -1,7 +1,6 @@ import base64 import datetime import hashlib -import json import logging import os import pickle @@ -19,25 +18,21 @@ from xml.sax.handler import feature_external_ges import jwt -import requests import yaml from argon2 import PasswordHasher from django.contrib import messages -from django.contrib.auth import authenticate, login -from django.contrib.auth.forms import UserCreationForm -from django.core import serializers -from django.http import HttpResponse, HttpResponseBadRequest, JsonResponse +from django.contrib.auth import login +from django.http import HttpResponse, HttpResponseBadRequest from django.shortcuts import redirect, render -from django.template import loader from django.template.loader import render_to_string from django.views.decorators.csrf import csrf_exempt from PIL import Image, ImageMath -from requests.structures import CaseInsensitiveDict from .forms import NewUserForm from .models import (FAANG, AF_admin, AF_session_id, Blogs, CF_user, authLogin, - comments, info, login, otp, sql_lab_table, tickits) + comments, login, otp, sql_lab_table, tickits) from .utility import customHash, filter_blog +from security import safe_requests #*****************************************Lab Requirements****************************************************# @@ -953,7 +948,7 @@ def ssrf_lab2(request): elif request.method == "POST": url = request.POST["url"] try: - response = requests.get(url) + response = safe_requests.get(url) return render(request, "Lab/ssrf/ssrf_lab2.html", {"response": response.content.decode()}) except: return render(request, "Lab/ssrf/ssrf_lab2.html", {"error": "Invalid URL"}) diff --git a/requirements.txt b/requirements.txt index dc8ab8e..95bc245 100644 --- a/requirements.txt +++ b/requirements.txt @@ -31,3 +31,4 @@ urllib3==1.26.9 Werkzeug==2.1.2 whitenoise==6.2.0 zipp==3.8.0 +security==1.3.0