From c9aa4f2730166d004ac968000e8252f28ed80864 Mon Sep 17 00:00:00 2001 From: Darius Foo Date: Fri, 29 Jul 2016 09:17:23 +0800 Subject: [PATCH 1/9] Python vulnerable method example --- main.py | 5 +++-- requirements.txt | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/main.py b/main.py index fa02d01..f3554a3 100644 --- a/main.py +++ b/main.py @@ -1,4 +1,5 @@ -from __future__ import print_function + +from django.utils import formats if __name__ == '__main__': - print('Hello world') + formats.get_format() diff --git a/requirements.txt b/requirements.txt index ff7ec9b..43fb6d4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -django==1.6.2 +django==1.7 ipython==3.2.0 qpid-python==0.32.1 filebrowser_safe==0.1 From 38d060e403781824169ea17a8a8189550c935d3c Mon Sep 17 00:00:00 2001 From: cl4r1ty Date: Tue, 2 Aug 2016 20:17:25 -0700 Subject: [PATCH 2/9] change version --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 43fb6d4..137f148 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ -django==1.7 +django==1.7.1 ipython==3.2.0 qpid-python==0.32.1 filebrowser_safe==0.1 -PyJWT==0.1.1 \ No newline at end of file +PyJWT==0.1.1 From 885b9eec7dbe8cda14aa9ac37fd9cc24d462946c Mon Sep 17 00:00:00 2001 From: Jonathan Tan Chiu Joo Date: Tue, 23 Aug 2016 11:26:01 +0800 Subject: [PATCH 3/9] Updated python examples Updated python example to allow the example scanning to show vulnerable methods. Added examples to demonstrate call chains. Changed python imports to include very popular libraries like requests (53m downloads) and pycrpyto (25m downloads). --- main.py | 12 ++++++++++-- requirements.txt | 9 +++++---- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/main.py b/main.py index f3554a3..84a630b 100644 --- a/main.py +++ b/main.py @@ -1,5 +1,13 @@ - +from jwt import algorithms from django.utils import formats - +from rsa import cli +from feedparser import feedparser +from requests import sessions +from lib.Crypto.PublicKey import ElGamal if __name__ == '__main__': formats.get_format() + algorithms.HMACAlgorithm.prepare_key() + cli.VerifyOperation.perform_operation() + feedparser.parse() + sessions.SessionRedirectMixin.resolve_redirects() + ElGamal.generate() diff --git a/requirements.txt b/requirements.txt index 137f148..bbe8f44 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,6 @@ django==1.7.1 -ipython==3.2.0 -qpid-python==0.32.1 -filebrowser_safe==0.1 -PyJWT==0.1.1 +PyJWT==0.4.2 +rsa==3.0 +feedparser==5.1.1 +requests==2.2.1 +pycrypto==2.4 From 74937345fc0ec9a468e10ad89b20f9c4a5f454d0 Mon Sep 17 00:00:00 2001 From: Jason Yeo Date: Thu, 25 Aug 2016 10:53:03 +0800 Subject: [PATCH 4/9] Remove pycrypto and feedparser --- main.py | 5 +---- requirements.txt | 2 -- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/main.py b/main.py index 84a630b..c19799f 100644 --- a/main.py +++ b/main.py @@ -1,13 +1,10 @@ from jwt import algorithms from django.utils import formats from rsa import cli -from feedparser import feedparser from requests import sessions -from lib.Crypto.PublicKey import ElGamal + if __name__ == '__main__': formats.get_format() algorithms.HMACAlgorithm.prepare_key() cli.VerifyOperation.perform_operation() - feedparser.parse() sessions.SessionRedirectMixin.resolve_redirects() - ElGamal.generate() diff --git a/requirements.txt b/requirements.txt index bbe8f44..0163642 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,4 @@ django==1.7.1 PyJWT==0.4.2 rsa==3.0 -feedparser==5.1.1 requests==2.2.1 -pycrypto==2.4 From 3a728263153ff469d12dfc651e860e4f33b16f9c Mon Sep 17 00:00:00 2001 From: Asankhaya Sharma Date: Thu, 25 Aug 2016 16:08:14 +0800 Subject: [PATCH 5/9] Update requirements.txt --- requirements.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/requirements.txt b/requirements.txt index 0163642..64e37f9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,3 +2,6 @@ django==1.7.1 PyJWT==0.4.2 rsa==3.0 requests==2.2.1 +feedparser==5.1.1 +requests==2.2.1 +pycrypto==2.4 From e402d0b04ef3d186a886747b17fc21dfdade8131 Mon Sep 17 00:00:00 2001 From: Asankhaya Sharma Date: Thu, 25 Aug 2016 16:29:52 +0800 Subject: [PATCH 6/9] Update requirements.txt --- requirements.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 64e37f9..189d55c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,5 +3,4 @@ PyJWT==0.4.2 rsa==3.0 requests==2.2.1 feedparser==5.1.1 -requests==2.2.1 pycrypto==2.4 From 80ec16f244b7f795c253abafe593530aafd3252c Mon Sep 17 00:00:00 2001 From: MingYi Date: Mon, 24 Oct 2016 09:34:09 +0800 Subject: [PATCH 7/9] Update dependency to include a package with vuln transitive --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 189d55c..43b582f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,3 +4,4 @@ rsa==3.0 requests==2.2.1 feedparser==5.1.1 pycrypto==2.4 +raven==1.9.4 From d3ad1d3acd326f2c2a7cc0fbc873cbec171cfcb5 Mon Sep 17 00:00:00 2001 From: Chris Hut Date: Thu, 26 Oct 2017 16:23:25 -0700 Subject: [PATCH 8/9] Update requirements.txt Fixes error not using HTTPS in `pip install` --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 43b582f..731eef4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ django==1.7.1 PyJWT==0.4.2 -rsa==3.0 +rsa==3.4 requests==2.2.1 feedparser==5.1.1 pycrypto==2.4 From c1ee2ae19f651eda7dc7e7f655cf7eacb0ad1dc2 Mon Sep 17 00:00:00 2001 From: Darius Foo Date: Tue, 24 Apr 2018 17:58:53 +0800 Subject: [PATCH 9/9] Add note about Python 2/3 --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7b0d52e..aae0dcf 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ -# [:] Example Python Project +# [:] Example Python 2 Project -An example python project to demonstrate [srcclr](https://www.srcclr.com) scans. +An example Python project to demonstrate [srcclr](https://www.srcclr.com) scans. + +Check out the [python3](https://github.com/srcclr/example-python/tree/python3) branch for a project that builds with Python 3. ## Try me!