I would like to route all paths ending in 'search/' to one url. I have tried many ways, But nothing worked.
the following is the last that I tried.
path(r'^search/$', views.search, name="search"),
Can you please help?
After writing this, it occurs to me that you are using path which does not process regular expressions. You should probably be using url (deprecated) or re_path. If that's not it, ...
urls.py in an app is included into the master project urls.py. This results in a heirarchical structure. for example. most Django sites have a project urls.py containing
url(r'^admin/', admin.site.urls),
which dispatches any URL starting /admin to the Django admin code. that code dispatches based on the remaining part of the URL. That code's urls.py never sees /admin.
If you really want to catch anything starting /search rather than only /myapp/search you'll have to put the path or url definition in the top-level (project) urls.py. Unusual, but perfectly possible
url(r'^admin/', admin.site.urls),
path(r'search/$', search_app.views.search, name="search"),
I have no idea what the namespace will be (for reverse("dont_know:search") )
Related
In the piece of code I have, there are many instances where I have the following line
'/home/myname/directory'
For example, I have the following lines of code
filepath = os.listdir('/home/myname/directory')
for content in filepath
# do something
In the next part of the project, I have to share the code with some one else. I know this person runs openSUSE. If I want code to create that specific directory with the same path to the directory as mine, what do I need to include?
I know its going to involve the OS module but i am not sure which functions and methods to use.
Your code can check the existence of the directory and create it if not found:
if not os.path.exists("/home/myname/directory"):
os.makedirs("/home/myname/directory")
# do something
If we have a web page that able to read or delete file (based on name) inside certain folder, for example: 'public/upload/', what kind of filtering we must use to prevent security issues?
For example in Ruby/Sinatra:
file_name = params[:file_name]
base_dir = 'public/upload/'
# prevent user from entering ../../../../../etc/passwd or any other things
file_name.gsub!('../','')
File.delete "#{base_dir}/#{file_name}"
Is it enough?
This kind of filtering is always error prone. However, something that could work, but which I cannot say is bulletproof, would be this:
Preventing Directory Traversal in PHP but allowing paths
Ruby has something like php's "realpath" afaik.
OWASP also has bit on how to prevent path traversal:
https://www.owasp.org/index.php/File_System#Path_traversal
Along with examples of how path traversal can be exploited:
https://www.owasp.org/index.php/Path_Traversal
Each test case saves results to a separate UITestActionLog.html file. But in the end of each test case I'd like to move that .html to a different folder and rename it.
Is it possible to do so in, say, [TestCleanup()]? If yes, then how can I programmatically get .html report location?
The TestContext class contains several fields with "directory" in their names. These can be used to access the various directories associated with running the tests.
As well as managing the files as asked by your question the TestContext class has an AddResultFile method. The Microsoft documentation on this mehod is not clear, but it seems that the files are saved for failing tests and discarded for passing tests.
To get the directory in which the UITestActionLog file will be located, use the TestContext.TestResultsDirectory Property. You can use below code to get the full path:
string fullPath = TestContext.TestResultsDirectory +"\" +"UITestActionLog.html";
I have a Java Web App running on Tomcat on which I'm supposed to exploit Path traversal vulnerability. There is a section (in the App) at which I can upload a .zip file, which gets extracted in the server's /tmp directory. The content of the .zip file is not being checked, so basically I could put anything in it. I tried putting a .jsp file in it and it extracts perfectly. My problem is that I don't know how to reach this file as a "normal" user from browser. I tried entering ../../../tmp/somepage.jsp in the address bar, but Tomcat just strips the ../ and gives me http://localhost:8080/tmp/ resource not available.
Ideal would be if I could somehow encode ../ in the path of somepage.jsp so that it gets extracted in the web riot directory of the Web App. Is this possible? Are there maybe any escape sequences that would translate to ../ after extracting?
Any ideas would be highly appreciated.
Note: This is a school project in a Security course where I'm supposed to locate vulnerabilities and correct them. Not trying to harm anyone...
Sorry about the downvotes. Security is very important, and should be taught.
Do you pass in the file name to be used?
The check that the server does is probably something something like If location starts with "/tmp" then allow it. So what you want to do is pass `/tmp/../home/webapp/"?
Another idea would be to see if you could craft a zip file that would result in the contents being moved up - like if you set "../" in the filename inside the zip, what would happen? You might need to manually modify things if your zip tools don't allow it.
To protect against this kind of vulnerability you are looking for something like this:
String somedirectory = "c:/fixed_directory/";
String file = request.getParameter("file");
if(file.indexOf(".")>-1)
{
//if it contains a ., disallow
out.print("stop trying to hack");
return;
}
else
{
//load specified file and print to screen
loadfile(somedirectory+file+".txt");
///.....
}
If you just were to pass the variable "file" to your loadfile function without checking, then someone could make a link to load any file they want. See https://www.owasp.org/index.php/Path_Traversal
Is it possible to inject runtime information in to a require.js "data main" script and use to build paths? More explanation...
In my node.js app.js I dynamically find the path to the configured 'theme' like this:
var themePath = require('./conf/config.js').config.theme.full_path;
and later in the require.js data main script, I'd like to prepend this theme path when defining paths. So assuming I've set my requirejs data-main="xxx" and the following is the xxx file, I'd like to do something like the following:
require.config({
baseUrl: "/js/",
paths: {
"templates" : DYNAMIC_THEME_PATH + '/templates',
"views" : DYNAMIC_THEME_PATH + '/views'
}
});
I'm not sure 1. how I can "see" the themePath from within this require.js data main file, and 2. is this even possible?
EDIT - My solution
So the real challenge I was having was getting a runtime variable discovered on the server in to the require.js data main script. In node land, global doesn't correspond to the window on the client side (of course) because the javascript isn't in to the browser yet .. duh. So I don't see how you can get this discoverable in the client side script.
Ok, so what I WAS able to do was inject the discovered theme path in the ejs, then, dynamically load the data main script with that prepended like:
<script data-main="<%= theme_path %>/main" src="../js/libs/require-jquery.js"></script>
Of course this means I have to have the data main script in the theme directory which wasn't my initial plan; however, it does have the advantage that I can then use relative paths to load my path/to/templates path/to/views, etc. etc.
Lastly, I sort of hate when folks answer they're own questions .. so I'm going to leave this up in hopes that someone can either give me a better recommendation or better explain this and they can get the credit ;)