D385 Pre-Assessment (All Correct)

D385 Pre-Assessment (All Correct) 21 studiers today 4.8 (17 reviews) Students also studied Terms in this set (39) Western Governors UniversityD 333 Save D385 Software Security and Testing...69 terms sdelbonPreview D385 - Software Security Testing 34 terms Brandon_Lewis664 Preview D385 40 terms rcblockhead3Preview

D385 -

108 term esth What is the primary defense against log injection attacks? Sanitize outbound log messages import logging import sys import logging import sys #log division by zero error to the log, the output is printed to the screen

def divideByZeroError(dividend, divisor):

logging.basicConfig(stream=sys.stdout,format='%

(levelname)s:%(message)s')

try:

quotient = dividend/divisor print (quotient)

except Exception as e:

#logging error here, use str(e) as part of the output

if __name__ == '__main__':

dividend = int(input()) divisor = int(input()) divideByZeroError(dividend,divisor)

logging.error("The exception that occured is: %s", str(e))

An attacker exploits a cross-site scripting vulnerability. Access the user's data Which Python function is prone to a potential code injection attack?eval()

What are two common defensive coding techniques? Check functional and preconditions and postconditions # unit test case import unittest

def multiply_numbers(x, y):

#add your code here return x * y # add your code here

class TestForNone(unittest.TestCase):

def test_when_a_is_null(self):

try:

self.assertIsNone(multiply_numbers(5, None))

except AssertionError as msg:

print(msg)

if __name__ == '__main__':

unittest.main()

if x is None:

print("x is a null value") return y

elif y is None:

print("y is a null value") return x

else:

return x * y Which package is meant for internal use by Python for regression testing?test from string import Template

CONFIG = {

"API_KEY": "'you've just exposed your secret_key'"

}

class User:

name = "" email = ""

def __init__(self, name, email):

self.name = name self.email = email

def __str__(self):

return self.name

if __name__ == '__main__':

name = input() email = input() user = User(name, email)

# FIXME: Here is where you want to use the template

class print(f"The secret is {user.__init__.__globals__['CONFIG'] ['API_KEY']}") t = Template("Hello, my name is $n.") print(t.substitute(n=user.name))

import time

class Limiter:

def __init__(self, rate, per):

self.rate = rate self.per = per self.bucket = rate self.last_check = time.time()

def limit(self, callback_fn):

current = time.time() time_passed = current - self.last_check self.last_check = current # Finish line 18 by writing an expression that determines the value of the bucket

# Use the following variables in your expression:

time_passed, self.bucket, self.rate, and self.per bucket = # Insert your expression here

if (bucket > self.rate):

self.bucket = self.rate

if (bucket < 1>