xxxxxxxxxx
======
LEAKED
======
apiKey: AIzaSyBIklC6-GUCwA9d_F8VRtKQQwkz6rX_ZEM
authDomain: platy-pixel-d07cd.firebaseapp.com
projectId: platy-pixel-d07cd
storageBucket: platy-pixel-d07cd.appspot.com
messagingSenderId: 172079264802
appId: 1:172079264802:web:9b5194bd5a6d566fe6067b
======
LEAKED
======
xxxxxxxxxx
import MySQLdb
serv = MySQLdb.connect(host = "localhost", user = "root", passwd = "abcdefg")
c = serv.cursor()
print c.execute("SHOW DATABASES")
The data will be stored in a relational database (RDBMS). Therefore, we need to define the tables and relations within the database.
The products table
The table “products” must only contain the unique id, which is also the primary key.
The "products" table
The "products" table
The names table
The table “names” must contain a column for the product id, one for the language code, and one for the name. Its primary key is the combination of the product id and the language code. All columns must not be null.
The "names" table
The "names" table
The relation to the products is realized by a foreign key constraint to the products table via the product id.
HTTP API
The HTTP API shall provide the following endpoints on the given paths:
Path HTTP Method Function
/products POST Create a product
/products GET Get all products and translations
/product/{UUID} PUT Update product
/product/{UUID} GET Get the specific product
The data shall be encoded in JSON using the following specifications:
xxxxxxxxxx
{
"lang": "ISO-639-1 Code",
"name": "A non empty string."
}
xxxxxxxxxx
def get_pin_and_cookie_name(app):
"""Given an application object this returns a semi-stable 9 digit pin
code and a random key. The hope is that this is stable between
restarts to not make debugging particularly frustrating. If the pin
was forcefully disabled this returns None.
Second item in the resulting tuple is the cookie name for remembering.
"""
pin = os.environ.get("WERKZEUG_DEBUG_PIN")
rv = None
num = None
# Pin was explicitly disabled
if pin == "off":
return None, None
# Pin was provided explicitly
if pin is not None and pin.replace("-", "").isdigit():
# If there are separators in the pin, return it directly
if "-" in pin:
rv = pin
else:
num = pin
modname = getattr(app, "__module__", app.__class__.__module__)
try:
# getuser imports the pwd module, which does not exist in Google
# App Engine. It may also raise a KeyError if the UID does not
# have a username, such as in Docker.
username = getpass.getuser()
except (ImportError, KeyError):
username = None
mod = sys.modules.get(modname)
# This information only exists to make the cookie unique on the
# computer, not as a security feature.
probably_public_bits = [
username,
modname,
getattr(app, "__name__", app.__class__.__name__),
getattr(mod, "__file__", None),
]
# This information is here to make it harder for an attacker to
# guess the cookie name. They are unlikely to be contained anywhere
# within the unauthenticated debug page.
private_bits = [str(uuid.getnode()), get_machine_id()]
h = hashlib.md5()
for bit in chain(probably_public_bits, private_bits):
if not bit:
continue
if isinstance(bit, text_type):
bit = bit.encode("utf-8")
h.update(bit)
h.update(b"cookiesalt")
cookie_name = "__wzd" + h.hexdigest()[:20]
# If we need to generate a pin we salt it a bit more so that we don't
# end up with the same value and generate out 9 digits
if num is None:
h.update(b"pinsalt")
num = ("%09d" % int(h.hexdigest(), 16))[:9]
# Format the pincode in groups of digits for easier remembering if
# we don't have a result yet.
if rv is None:
for group_size in 5, 4, 3:
if len(num) % group_size == 0:
rv = "-".join(
num[x : x + group_size].rjust(group_size, "0")
for x in range(0, len(num), group_size)
)
break
else:
rv = num
return rv, cookie_name
xxxxxxxxxx
import hashlib
from itertools import chain
probably_public_bits = [
'web3_user',# username
'flask.app',# modname
'Flask',# getattr(app, '__name__', getattr(app.__class__, '__name__'))
'/usr/local/lib/python3.5/dist-packages/flask/app.py' # getattr(mod, '__file__', None),
]
private_bits = [
'279275995014060',# str(uuid.getnode()), /sys/class/net/ens33/address
'd4e6cb65d59544f3331ea0425dc555a1'# get_machine_id(), /etc/machine-id
]
h = hashlib.md5()
for bit in chain(probably_public_bits, private_bits):
if not bit:
continue
if isinstance(bit, str):
bit = bit.encode('utf-8')
h.update(bit)
h.update(b'cookiesalt')
#h.update(b'shittysalt')
cookie_name = '__wzd' + h.hexdigest()[:20]
num = None
if num is None:
h.update(b'pinsalt')
num = ('%09d' % int(h.hexdigest(), 16))[:9]
rv =None
if rv is None:
for group_size in 5, 4, 3:
if len(num) % group_size == 0:
rv = '-'.join(num[x:x + group_size].rjust(group_size, '0')
for x in range(0, len(num), group_size))
break
else:
rv = num
print(rv)