Skip to content

Instantly share code, notes, and snippets.

View Swalloow's full-sized avatar
๐ŸŽฏ
Focusing

Junyoung Park Swalloow

๐ŸŽฏ
Focusing
80 followers · 60 following
View GitHub Profile
@Swalloow
Swalloow / test.java
Created January 26, 2016 06:44
public class test {
private int test;
}
@Swalloow
Swalloow / save_db.py
Created March 11, 2017 18:40
DataFrame to MySQL
def save_db(df, table):
try:
engine = create_engine("mysql+mysqldb://root:"+"password"+"@localhost/"+table, encoding='utf-8')
conn = engine.connect()
# Save dataframe to database
df.to_sql(name=table, con=engine, if_exists='append')
print("Saved successfully!!")
except:
@Swalloow
Swalloow / flask-wtf.html
Last active March 12, 2017 12:24
Flask-WTF
<!-- ๋ฒ„ํŠผ์ด๋‚˜ input์„ ์ œ์ถœํ•˜๋ฉด ์ฃผ์‹์ด ํŒ”๋ฆฐ๋‹ค! -->
<form action='/stock/sell' method='get'>
<input type=submit value=sell_stock>
</form>
<a href="/stock/sell/"> click me!</a>
<form action='/stock/sell' method='post'>
<input type=submit value=sell_stock>
</form>
<!-- ํ”Œ๋ผ์Šคํฌ์—์„œ๋Š” `Flask-WTF` ํŒจํ‚ค์ง€๋ฅผ ํ†ตํ•ด ์ž…๋ ฅ ํผ์„ ๊ฒ€์ฆํ•˜๊ณ  CSRF๋ฅผ ๋ฐฉ์ง€๊ฐ€๋Šฅ -->
@Swalloow
Swalloow / inject.py
Created March 12, 2017 12:18
SQL Injection
@app.route("/user/<user_id>")
def show_user(user_id):
cur = db.cursor()
query = "SELECT * FROM user_table where user = %s"%user_id
c.execute(query)
return c.fetchall()
@Swalloow
Swalloow / xss.py
Created March 12, 2017 12:19
XSS Python
@app.route('/hi/<user>')
def hi(user):
return "<h1>hello, %s!</h1>"%user
# ์œ„์™€ ๊ฐ™์€ ๊ฐ„๋‹จํ•œ ๋ผ์šฐํŒ…์—์„œ ์•„๋ž˜์™€ ๊ฐ™์ด ๊ณต๊ฒฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
# GET /hi/alert("hacked!")
# <h1> hello, alert("hacked!") </h1>
# ์ด๊ฑธ ๋ณธ ์œ ์ €๋Š” javascript alert์ฐฝ์ด ๋‚˜ํƒ€๋‚œ๋‹ค
@Swalloow
Swalloow / bad.py
Created March 12, 2017 12:22
Bad Url
# GET /jobs/application/6337
@app.route(/jobs/application/<job_id>)
def find_job(job_id):
SELECT * FROM job where id = job_id ...
# ๋Œ€์‘๋ฐฉ์•ˆ์œผ๋กœ๋Š” `Flask-Login` ๋“ฑ์„ ์‚ฌ์šฉํ•˜์—ฌ ๊ฐ„์ ‘ ์ฐธ์กฐํ•˜๋Š” ๋ฐฉ๋ฒ•์ด ์žˆ์Šต๋‹ˆ๋‹ค.
from flask.ext.login import login_required, current_user
@app.route("/mypage/<id>")
@Swalloow
Swalloow / missing.py
Created March 12, 2017 12:23
Missing function-level access control
@app.route("/mypage/<id>")
@jwt_required(scope='admin')
def mypage(id):
...
@Swalloow
Swalloow / wordcount.scala
Created March 25, 2017 14:28
WordCount with Scala
val file = spark.textFile("hdfs://...")
val counts = file.flatMap(line => line.split(" "))
.map(word => (word, 1))
.reduceByKey(_ + _)
counts.saveAsTextFile("hdfs://...")
@Swalloow
Swalloow / wordcount.java
Created March 25, 2017 14:29
WordCount with Java
//package org.myorg;
import java.io.IOException;
import java.util.*;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.conf.*;
import org.apache.hadoop.io.*;
import org.apache.hadoop.mapred.*;
import org.apache.hadoop.util.*;
@Swalloow
Swalloow / app.py
Created April 1, 2017 16:10
Flask-Docker
From flask import Flask
app = Flask(__name__)
@app.route('/')
def hello_world():
return 'Hello, world!'
if __name__ == '__main__':
app.run(debug=True,host='0.0.0.0')