WAP page, Python and creating a file on file system - Newbie
HELP!! All I need to do is to create a file in a folder. I am running Abyss WEB server and Python. and googling many sites has taught me how to create a file in a folder. BUT. I need to do this from a WML file - This is proving difficult... I can setup an index.wml and a deck of cards. Each card points to a .py file. This file creates a file in the folder of my choice but always returns an error to the WAP browser. I have tried PRINTing WML content within the Python code and thought I had formed a WML output but still the WAP browser returns an error. It seems an awful lot of trouble to go to, load Python to create a file in a folder. Is there any way I can easily do this? Before people reply with how to do stuff in OOP. I have no knowledge of OOP and class instantiation etc etc. I really do need a noddy guide in what I am doing. Regards Dave -- http://mail.python.org/mailman/listinfo/python-list
Re: PLEASE READ - information on (Case 58158) [RELEASE] Python 3.6.0 is released!
Thank you for your email. Your web change 58158[RELEASE] Python 3.6.0 is released!request has been received and will be dealt with shortly. This service desk only covers minor changes to the legacy NHS Digital website (content.digital.nhs.uk) that are made on a web request form. For changes relating to the new beta NHS Digital website or any other communications request please refer to the intranet and complete a communications support request form. This message may contain confidential information. If you are not the intended recipient please inform the sender that you have received the message in error before deleting it. Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Thank you for your co-operation. NHSmail is the secure email and directory service available for all NHS staff in England and Scotland NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSi recipients NHSmail provides an email address for your career in the NHS and can be accessed anywhere For more information and to find out how you can switch, visit www.nhsdigital.nhs.uk/nhsmail -- https://mail.python.org/mailman/listinfo/python-list
Inheritting Built In Types
I am attempting build an object which inherits from the built in list object. Essentially I need to do something every time data is added or changed in a list. I have all the over ridding functions working excepting for the functions that over ride the "set slice" functionalitity. For example: x[1:3] = [6,7] I consulted the reference manual: http://docs.python.org/ref/sequence-methods.html It states that there is a __setslice__ method which is depricated since release 2.0. The depricated function works, but I do not want to implement ontop of functionality that is marked to be removed. "If no __setslice__() is found a slice object is created, and passed to __setitem__()". I executed the below code sample to check this behavior. class newlist(list): def __setitem__(self, i, data): if isinstance(data, slice): print "Received Slice Object" list.__setitem(self, i, data) if __name__ == "__main__": x = newlist([1,2,3,4,5]) x[1:3] = [6,7] print x On a Windows XP machine wiht Python 2.3.5 and a Linux server with Python 2.4.2 I receive the following output: [1, 6, 7, 4, 5] My print statement never gets executed. Am I checking for the slice object incorrectly? That's the only thing I can think of. -Mark -- http://mail.python.org/mailman/listinfo/python-list
Potential Security Bug
Hello, I’m Amit Laish, a security researcher from GE Digital. During one of our assessments we discovered something that we consider a bug with security implications which can cause a denial of service by disk exhausting, and we would like to share it with you, and hear you opinion about it. Link for the required files: https://drive.google.com/open?id=1QxItN7cj0J9LIMqYa0SmmckeQrxSxkBC 1. 20GB.zip – contains 200 files that each file is 100MB, after decompression the size is 20GB. 2. create_zip.py – create new zip name malicious.zip which contains fake value of the uncompressed size header. 3. poc.py – extracts the malicious archive Denial of Service via Decompression in Zipfile Library Background The Zipfile library can be used to extract data from compressed archives. Each file has a metadata that contains information regarding the file, such as uncompressed size, packed size, and more. The decompression progress should extract the data based on the information in the uncompressed data size header and check if the extracted data is equal to the size in the uncompressed data header. The problem The Zipfile library does not use the header of uncompressed size when extracting data from compressed archives. As a result, an attacker can craft a malicious compressed archive file that contains a fake value in the uncompressed size header and combine specific compressed data, which makes the decompressed data’s size more than the system can handle, and thus, cause a denial of service. [cid:[email protected]] Figure 1 – Unpacked size is 200 bytes and after decompression 20GB of the disk space is taken The red team successfully exploited the vulnerability and caused a denial of service. Implications Malicious users can use this method and distribute the archive, and once the victim or application that relies on the uncompressed size header value decompresses it, the whole disk space is exhausted, causing a denial of service. This attack may cause sensitive services to stop working. How to reproduce Note: Both archive file and the malicious script to reproduce the attack are attached to the report. 1. Run create_zip.py file, which changes the header of the uncompressed size to 1 byte and saves it to new file archive called malicious.zip. 2. Run poc.py file to extract the malicious archive. 3. If the vulnerability exists, the disk’s space is approximately taken by 20 GB. Recommendation The extraction progress should use the metadata header that indicates the uncompressed size for each file or should extract the smaller value between the metadata and the file’s size. Thanks, Amit Laish – GE Digital. -- https://mail.python.org/mailman/listinfo/python-list
