Can the way that I have used eval() be exploited? - python-3.6

I'm using a (very hacky) implementation of eval() to create dynamic sentences based on what the user has entered in. I'm well aware of the security problems that using eval() creates but I'm unable to find one myself. Are there any and, if so, what would be an alternate solution?
name = request.POST['name']
food = request.POST['food']
sen = "My name is {name}. " + "My favorite food is {food}. " #Would be created from a database table which lists all of the forms but, for the purposes of this example, this is what that would look like.
f = f'f"{sen}"'
ee = eval(f)
print(ee)

Related

How to deal with German "Umlaute" in an API request?

I am working with the API from the "Deutsche Bahn" for a small private data science project in R. However, cities with an "Umlaut" such as "Köln" or "München" etc. are cumbersome, since the request with the GET command, i.e.,
url_location <- paste0("https://apis.deutschebahn.com/db-api-marketplace/apis/fahrplan/v1/location/","Koeln")
rd <- GET(url_location,
add_headers(Accept = "application/json",
`DB-Client-Id` = "client id",
`DB-Api-Key` = "api key"))
yields entries like K<U+00F6>ln Hbf which I cannot work with.
Question: Is there any option in the GET command (which I could not find) or any alternative which is able to interpret these "Umlaute" appropriately? Or is there a way to substitute these strange "<U+00F6>" parts afterwards?

How do you add an environment option with an evaluated name in R?

I created a google token (R6 object of classes Token2.0, Token) to so I can interact with the YouTube Analytics API as follows:
google_token <- httr::oauth2.0_token(httr::oauth_endpoints("google"),
httr::oauth_app("google", appId, appSecret),
scope = c("https://www.googleapis.com/auth/yt-analytics.readonly"))
I also have a variable Account <- "myChannel". Similar to a previous question I posted here I would like to evaluate Account and assign the value to be the content of google_token. For example, options(myChannel, google_token) works, and running getOption("myChannel") shows the token, but because I will generate various tokens and want to create various options, I want to use Account. I would hope something like the following works:
options(eval(Account) = google_token
# OR
do.call(options, as.list(setNames(google_token, Account)
Neither of which work. Any suggestions?
I was able to figure this out by assigning the option value to a list, naming the list whatever I wanted it to be in the option, and then assigning the option, as follows:
tokenOption <- list(google_token)
names(tokenOption) <- Account
options(tokenOption)
getOption("myChannel")
> #Gives me the results of my google_token

How to append / add layers to geopackages in PyQGIS

For a project I am creating different layers which should all be written into one geopackage.
I am using QGIS 3.16.1 and the Python console inside QGIS which runs on Python 3.7
I tried many things but cannot figure out how to do this. This is what I used so far.
vl = QgsVectorLayer("Point", "points1", "memory")
vl2 = QgsVectorLayer("Point", "points2", "memory")
pr = vl.dataProvider()
pr.addAttributes([QgsField("DayID", QVariant.Int), QgsField("distance", QVariant.Double)])
vl.updateFields()
f = QgsFeature()
for x in range(len(tag_temp)):
f.setGeometry(QgsGeometry.fromPointXY(QgsPointXY(lon[x],lat[x])))
f.setAttributes([dayID[x], distance[x]])
pr.addFeature(f)
vl.updateExtents()
# I'll do the same for vl2 but with other data
uri ="D:/Documents/QGIS/test.gpkg"
options = QgsVectorFileWriter.SaveVectorOptions()
context = QgsProject.instance().transformContext()
QgsVectorFileWriter.writeAsVectorFormatV2(vl1,uri,context,options)
QgsVectorFileWriter.writeAsVectorFormatV2(vl2,uri,context,options)
Problem is that the in the 'test.gpkg' a layer is created called 'test' and not 'points1' or 'points2'.
And the second QgsVectorFileWriter.writeAsVectorFormatV2() also overwrites the output of the first one instead of appending the layer into the existing geopackage.
I also tried to create single .geopackages and then use 'Package Layers' processing tool (processing.run("native:package") to merge all layers into one geopackage, but then the attributes types are all converted into strings unfortunately.
Any help is much appreciated. Many thanks in advance.
You need to change the SaveVectorOptions, in particular the mode of actionOnExistingFile after creating the gpkg file :
options = QgsVectorFileWriter.SaveVectorOptions()
#options.driverName = "GPKG"
options.layerName = v1.name()
QgsVectorFileWriter.writeAsVectorFormatV2(v1,uri,context,options)
#switch mode to append layer instead of overwriting the file
options.actionOnExistingFile = QgsVectorFileWriter.CreateOrOverwriteLayer
options.layerName = v2.name()
QgsVectorFileWriter.writeAsVectorFormatV2(v2,uri,context,options)
The documentation is here : SaveVectorOptions
I also tried to create single .geopackages and then use 'Package Layers' processing tool (processing.run("native:package") to merge all layers into one geopackage, but then the attributes types are all converted into strings unfortunately.
This is definitively the recommended way, please consider reporting the bug

Use input variable in assert or specify the data to assert

I have a unit test for a function that adds data (untransformed) to the database. The data to insert is given to the create function.
Do I use the input data in my asserts or is it better to specify the data that I’m asserting?
For eample:
$personRequest = [
'name'=>'John',
'age'=>21,
];
$id = savePerson($personRequest);
$personFromDb = getPersonById($id);
$this->assertEquals($personRequest['name'], $personFromDb['name']);
$this->assertEquals($personRequest['age'], $personFromDb['age']);
Or
$id = savePerson([
'name'=>'John',
'age'=>21,
]);
$personFromDb = getPersonById($id);
$this->assertEquals('John', $personFromDb['name']);
$this->assertEquals(21, $personFromDb['age']);
I think 1st option is better. Your input data may change in future and if you go by 2nd option, you will have to change assertion data everytime.
2nd option is useful, when your output is going to be same irrespective of your input data.
I got an answer from Adam Wathan by e-mail. (i took his test driven laravel course and noticed he uses the 'specify' option)
I think it's just personal preference, I like to be able to visually
skim and see "ok this specific string appears here in the output and
here in the input", vs. trying to avoid duplication by storing things
in variables." Nothing wrong with either approach in my opinion!
So i can't choose a correct answer.

Visual Basic 2010: How do I reference one of many objects through an additional object? (Pointer-like behaviour?)

I am writing an application in Visual Basic 2010 Express.
I have two objects of a class from a driver DLL that is provided to me. They have some of their own subroutines that I'd like to call, and I'd like an easy way to toggle between them.
Instead of writing a whole bunch of code like this:
selected = x
...
If selected = x then
DriverInstanceX.DoSomething()
Else If Selected = y then
DriverInstanceY.DoSomething()
Endif
I would like to do this:
Bob = (some reference to X - NOT a copy of X!)
...
Bob.DoSomething()
Bob.DoSomethingElse()
I'm sure this is really easy - I am just not sure where to look.
Thanks for any help!
' set the object based on what was selected first, here...
Dim selectedDriverInstance = new DriverObject
' now you can run the method without checking for each as selected was already set.
selectedDriverInstance.DoSometng()
Cool?
Of course, DriverObject can be the instance x or instance y depending on what u set it to, do the assignment there and set it to our fixed name object selectedDriverInstance. this way you can do everything using selectedDriverInstance as it is set to either instance x or instance y already, get me?

Resources