examples.txt

#### examples of secure code


1. def findAverage(list): sum = 0. for x in list: sum = sum + x average = sum / len(list) return average

2. def findMax(list): max = list[0] for x in list: if x > max: max = x return max

3. def findRange(list): return max(list)-min(list)

4. def rng(): return random.randint(0,9)

5. def search(arr, low, high, x): if high >= low: mid = (high + low) // 2 if arr[mid] == x: return mid elif arr[mid] > x: return search(arr, low, mid - 1, x) else: return search(arr, mid + 1, high, x) else: return -1


#### examples of insecure code
(obtained from https://hackernoon.com/10-common-security-gotchas-in-python-and-how-to-avoid-them-e19fbe265e03
 and from http://www.pvv.org/~oma/InsecureCodingC_NDC_June2014.pdf)

1.
import subprocess
def transcode_file(request, filename): 
  command = 'ffmpeg -i '{source}' output_file.mpg'.format(source=filename) 
  subprocess.call(command, shell=True)

2.
def foo(request, user): assert user.is_admin, “user does not have access”

3.
void authenticate_and_launch(void)
{
 int n_missiles = 2;
 bool allowaccess = false;
 char response[8];
 printf("Secret: ");
 gets(response);
 if (strcmp(response, "Joshua") == 0)
 allowaccess = true;
 if (allowaccess) {
 puts("Access granted");
 launch_missiles(n_missiles);
 }
 if (!allowaccess)
 puts("Access denied");