SY306 Web and Databases for Cyber Operations Cascading Style Sheets - - PowerPoint PPT Presentation

▶

Aug 29, 2022 289 likes •360 views

2 Things well learn and do HTML5 basics, tables, forms SY306 Web and Databases for Cyber Operations Cascading Style Sheets JavaScript, Dynamic HTML CGI / Python Slide Set #9: CGI with Python Databases Relational

SLIDE 1

1 (see online resources, e.g. http://www.tutorialspoint.com/python/index.htm)

SY306 Web and Databases for Cyber Operations Slide Set #9: CGI with Python

Things we’ll learn and do

HTML5 – basics, tables, forms
Cascading Style Sheets
JavaScript, Dynamic HTML
CGI / Python
Databases – Relational Model
SQL
Web applications with database back-end
Web based attacks (XSS, SQL injections,…)

SLIDE 2

2 CGI – What does it all look like? CGI Script Basics

Common Gateway Interface (CGI)

– “Common”: Not specific to any operating system or language

Output file generated at runtime:
1. When a program executed as a CGI script, “standard output” is

redirected to web server

2. Web server then redirects output to client's browser

SLIDE 3

3 How can CGI get data from user? Technique #1: Forms

User enters data via a form, submits
Web server directs data to a CGI program
Script receives data in one of two ways:
1. method = “get”
2. method = “post”

Use language-specific method to get these inside CGI program

Technique #2: URL with parameters

<a href=“http://www.usna.edu/CS/calendar/view.py?events=seminars”> Seminars </a>

SLIDE 4

4 The Big Example Part 1 (the form)

(standard header stuff…) <body> <h1> Welcome to The Ultimate Survey </h1> <form method="post" action="set9_survey.py"> <p> Favorite food: <input type="text" name="food" /> </p> <p> Favorite color: <label><input type="radio" name="color" value="red"/> Red </label> <label><input type="radio" name="color" value="gold"/> Gold </label> <label><input type="radio" name="color" value="blue"/> Blue </label> </p> <p><input type="submit" value="Submit" /> </p> </form> </body> </html>

survey.html

The Big Example Part 2 (CGI to receive)

#!/usr/bin/env python3 import cgi import cgitb; cgitb.enable() form = cgi.FieldStorage() # instantiate only once! # get inputs from browser food = form.getvalue(“food”) color = form.getvalue(“color”) # Save result in file. Use colon as separator

utfile = open ("favorites.txt","a")
utfile.write(food + " : " + color + "\n")
utfile.close()

#generate output as feedback for the user print ("Content-Type: text/html\n") print ('''\ <!DOCTYPE html> <html> <head> <meta charset = "utf-8"> <title>Survey Feedback</title> </head> <body> <h1>Thank you for filling out our survey</h1> <p>Your responses have been recorded as follows:</p> <ul> ''') print (“<li>Favorite food: “ + food + “</li>”) print (“<li>Favorite color: “ + color + “</li>”) print (“</ul></body></html>”)

survey.py

SLIDE 5

5 Exercise #1

Write Python script that will, given the URL

provided below, generate HTML that looks like the screenshot

http://mope.academy.usna.edu/~adina/sy306/ice/ex1.py?maxNumber=5

The Big Example Part 3 (CGI to process)

survey_results.py

#!/usr/bin/env python3 import cgi import cgitb cgitb.enable() #print response header print ("Content-Type: text/html") print () #print start html part print ('''\ <!DOCTYPE html> <html> <head> <meta charset = "utf-8"> <title>Survey Results</title> </head> <body> ''') #start printing the results and count the number of red responses print ('<h1>Results so far</h1>') print ('<ol>') nbRed = 0 # read from file with open("favorites.txt","r") as lines: for line in lines: #skip the empty lines if line == "\n": continue #remove the newline character and split by : # s = line[:-1].split(':') #solution 1 line = line.strip() #solution 2 s = line.split(‘:’) print ("<li>Favorite food: " + s[0] + " favorite color: **" + s[1] + "**</li>") #if s[1] == "red": #this will not work if there are extra spaces if s[1].find("red") >= 0: nbRed = nbRed+1 print ("</ol>") print ("<h1> There are " + str(nbRed) + " responses for color 'red'. </h1>") #print end html part print ('</body></html>')

SLIDE 6

6

Exercise #2: Write Python script that accepts two numbers from browser user, prints error if num2 is zero, otherwise

utputs num1/num2.

Gotchas

Indentation – turn-off auto-indentation, make sure

you use spaces, not tabs

Unix server – use UNIX line endings in script
File permissions – server needs to be able to r/w/x

SY306 Web and Databases for Cyber Operations Cascading Style Sheets - - PowerPoint PPT Presentation

1

(see online resources, e.g. http://www.tutorialspoint.com/python/index.htm)

SY306 Web and Databases for Cyber Operations Slide Set #9: CGI with Python

Things we’ll learn and do

2

CGI – What does it all look like? CGI Script Basics

– “Common”: Not specific to any operating system or language

redirected to web server

3

How can CGI get data from user? Technique #1: Forms

Use language-specific method to get these inside CGI program

Technique #2: URL with parameters

4

The Big Example Part 1 (the form)

survey.html

The Big Example Part 2 (CGI to receive)

survey.py

5

Exercise #1

provided below, generate HTML that looks like the screenshot

http://mope.academy.usna.edu/~adina/sy306/ice/ex1.py?maxNumber=5

The Big Example Part 3 (CGI to process)

survey_results.py

6

Exercise #2: Write Python script that accepts two numbers from browser user, prints error if num2 is zero, otherwise

Gotchas

you use spaces, not tabs

different files/folders

– setfacl –m u:www-data:rwx LabX