Posts

Showing posts from August, 2020

Deep copy and Shallow copy in Python

 The original link of the leetcode challenge:  https://leetcode.com/problems/copy-list-with-random-pointer/ 浅拷贝:重新在堆中创建内存,拷贝前后对象的基本数据类型互不影响,但拷贝前后对象的引用类型因共享同一块内存,会相互影响。 深拷贝:从堆内存中开辟一个新的区域存放新对象,对对象中的子对象进行递归拷贝,拷贝前后的两个对象互不影响。 Deep copy:  In python, this is implemented using “ deepcopy() ” function.  In case of deep copy, a copy of object is copied in other object. It means that  any changes  made to a copy of object  do not reflect  in the original object. 138 .  Copy List with Random Pointer import copy class Solution:     def copyRandomList(self, head):         return copy.deepcopy(head) 

samples of vulnerability in code

  (1)system(fileCmd);处存在命令执行漏洞及任意文件删除问题,需要进行命令执行过滤. Arbitrary command execution. (2)printf(fileCmd);处存在格式化字符串漏洞,此处可以通过%s来打印命令. Format string attack. (3)fileContent =readBase64File(filePath);处存在目录穿越,任意文件读取漏洞,此处可以对../这种目录穿越特征进行过滤.  (4)strcpy(filePath, dirPaths[dirIdx]);处存在数组访问越界,从而可以也可以导致缓冲区溢出问题,判断有符号数的dirIdx时需要判断其大于等于0. bufferoverflow

Vulnerability about captCha and Mitigation

 vulnerability : - The content of the graphic captcha can be recognized by OCR - In a multi-stage process, the verification code is verified first. After success, the next step does not need the verification, so the package can be captured directly and the verification of the first step can be skipped - The captCHA does not expire immediately after verification in the service segment. It will not be updated until the client requests again. As long as the client no longer requests the captcha, the original captcha can be used - Whether the module generating captcha generates captcha according to the parameters provided. If so, it indicates that there is a vulnerability - Some captchas are bound to a parameter in a packet, such as an attribute in a cookie, and are considered valid as long as they match. There are holes in this mechanism. - In some cases, captchas are hidden in HTML source code or otherwise obtained in "clear text" - On the server side, should the user name and ...

defaultdict in python

defaultdict: Defaultdict  is a container like  dictionaries  present in the module  collections .  The functionality of both dictionaries and defualtdict are almost same except for the fact that defualtdict never raises a  KeyError . It provides a default value for the key that does not exists. formation: from collections import defaultdict defaultdict(def_value) def_value can be a function, a value, a lambda when the key does not exists.