Posts: 16
Threads: 4
Joined: Oct 2020
Nov-01-2020, 07:39 PM
(This post was last modified: Nov-01-2020, 07:39 PM by PythonDev.)
(Nov-01-2020, 03:00 PM)deanhystad Wrote: The problem is that you will not accept what the problem really is. You have a string inside a list. If you print that list it will wrap the string inside quotes. If there is a single quote in the string Python wraps the string in double quotes. Bowlofred said this way back at the beginning and you refuse to accept it. I don't know why the list.__str__ code was written to do this, but that is what happens. And as Bowlofred has also said, if you want to get rid of the surrounding quotes you need the thing in the list to not be a string.
Looks like you have 3 choices.
1. Stop caring about the quotes (my favorite)
2. Change your code to: v_field.list = [something_that_is_not_a_string]
3. Write you own code to format the output
Edit:
I think I just realized why you care about the quotes. You are printing v_field while trying to debug a problem. You think the problem is that there are double quotes around v_str_sev, but that is just a side effect of how print works. The real problem is that v_str_sev is not what you should be putting in v_field.list. Since you've never said why you care about the double quotes this is only a guess.
I will try to explain what is happening for a better understanding:
1. I capture the form fields using the cgi module using the FieldStorage class, saving the result in a variable:
array_input = FieldStorage (None, None, [MiniFieldStorage ('v_name', 'John'), MiniFieldStorage ('v_sname', 'Aguiar')])2. I need to pass the data obtained through a threat detection process by removing the parentheses from the value of the variable (array_input). And for this to happen I change the <class 'cgi.FieldStorage'> data type to <class 'str'> and be able to manipulate the string using regular expressions.
3. After removal and the security analysis process, I need to reassemble the data that is in the <class 'str'> format using regular expressions and change the data type to the original start format <class 'cgi.FieldStorage'> and be able to manipulate the form fields.
4. See the reassembly process:
# I get the data unmounted:
array_input = "FieldStorage None, None, [MiniFieldStorage 'v_name', 'John' , MiniFieldStorage 'v_sname', 'Aguiar' ]"
# 1. Redo the string assembly:
v_build_one = "FieldStorage(None, None, [MiniFieldStorage("
v_build_two = "), MiniFieldStorage('"
v_build_tre = ")])"
v_build_for = "[MiniFieldStorage("
import re
v_str_one = re.sub(r"FieldStorage None, None, \[MiniFieldStorage", v_build_one, array_input)
v_str_two = re.sub(r" , MiniFieldStorage '", v_build_two, v_str_one)
v_str_tre = re.sub(r" ]", v_build_tre, v_str_two)
v_str_for = re.sub(r"\[MiniFieldStorage\( ", v_build_for, v_str_tre)
v_str_fiv = re.sub(r"FieldStorage\(None, None, ", "", v_str_for)
v_str_six = re.sub(r"\]\)", "", v_str_fiv)
v_str_sev = re.sub(r"\[", "", v_str_six)
from cgi import FieldStorage
v_field = FieldStorage()
v_field.list = [v_str_sev]
print(v_field)
output with double quote error: FieldStorage(None, None, ["MiniFieldStorage('v_name', 'John'), MiniFieldStorage('v_sname', 'Aguiar')"])
Posts: 6,827
Threads: 20
Joined: Feb 2020
I have zero experience with CGI, but the way you rebuild script looks very specific. I wrote something equally specific but use f'string.
It appears that all you are trying to do is get the key and value for the MiniFieldStorage, and it looks like there will always be two MiniFieldStorage objects in the list. Instead of trying to replace the parts that are formatted wrong I approached this by getting the parts I am interested in and building the string from fresh.
array_input = "FieldStorage None, None, [MiniFieldStorage 'v_name', 'John' , MiniFieldStorage 'v_sname', 'Aguiar' ]"
fields = array_input.replace('FieldStorage None, None, [', '') # throw away stuff we don't care about
fields = fields.replace('MiniFieldStorage', '').replace(']', '').replace(' ', '')
fields = fields.split(',') # Get the things we want
# Rebuild the string
vbuild = f'FieldStorage(None, None, [MiniFieldStorage({fields[0]}, {fields[1]}), MiniFieldStorage({fields[2]},{fields[3]})]'
print(vbuild)Im sure this could be made much better using regular expressions to find MiniFieldStorage and then getting the next two strings.
The end result is still a string, but hopefully a string in the right format for parsing.
Posts: 8,171
Threads: 160
Joined: Sep 2016
Nov-01-2020, 09:18 PM
(This post was last modified: Nov-01-2020, 09:18 PM by buran.)
the problem you have is somewhere before the code you show here
i.e.
how it happened that cgi.FieldStorage instance
FieldStorage (None, None, [MiniFieldStorage ('v_name', 'John'), MiniFieldStorage ('v_sname', 'Aguiar')])become a str
"FieldStorage (None, None, [MiniFieldStorage ('v_name', 'John'), MiniFieldStorage ('v_sname', 'Aguiar')])"somewhere you converted cgi.FieldStorage object int str object and that is where the problem is.
there are appropriate methods to parse cgi.FieldStorage and acceess the MiniFiledStorage objects in the list and their values. Don't manipulate strings
import cgi
# let recreate what you SHOULD have instead of str
array_input = cgi.FieldStorage()
array_input.list = [cgi.MiniFieldStorage('v_name', 'John'), cgi.MiniFieldStorage('v_sname', 'Aguiar')]
# what we have and how we access data
print(type(array_input))
print(type(array_input['v_name']))
print(array_input.getvalue('v_name'))Output: <class 'cgi.FieldStorage'>
<class 'cgi.MiniFieldStorage'>
John
Posts: 16
Threads: 4
Joined: Oct 2020
(Nov-01-2020, 09:18 PM)buran Wrote: the problem you have is somewhere before the code you show here
i.e.
how it happened that cgi.FieldStorage instance
FieldStorage (None, None, [MiniFieldStorage ('v_name', 'John'), MiniFieldStorage ('v_sname', 'Aguiar')])become a str
"FieldStorage (None, None, [MiniFieldStorage ('v_name', 'John'), MiniFieldStorage ('v_sname', 'Aguiar')])"somewhere you converted cgi.FieldStorage object int str object and that is where the problem is.
there are appropriate methods to parse cgi.FieldStorage and acceess the MiniFiledStorage objects in the list and their values. Don't manipulate strings
import cgi
# let recreate what you SHOULD have instead of str
array_input = cgi.FieldStorage()
array_input.list = [cgi.MiniFieldStorage('v_name', 'John'), cgi.MiniFieldStorage('v_sname', 'Aguiar')]
# what we have and how we access data
print(type(array_input))
print(type(array_input['v_name']))
print(array_input.getvalue('v_name'))Output: <class 'cgi.FieldStorage'>
<class 'cgi.MiniFieldStorage'>
John
It all starts with the code below:
# Retrieves form field entries in the environment variable (wsgi.input) and assigns the variable (array_input):
array_input = cgi.FieldStorage(environ["wsgi.input"], environ=environ) After that I send the variable array_input via parameter to the method of another class that processes deconstruction of the value of the variable (array_input) so that I can remove the characters that conflict in the threat detection (xss), because I don't know if it is possible to manipulate the type <class 'cgi.FieldStorage'> using regular expressions from the python re module, below is the code that receives the parameter and decouples the variable:
# Function -> Importa module cgi que trata form request e re (regex)
import re
# Class Function ->
class ProcessInputPost:
# Method Function ->
def spark (v_response, v_uri, array_input):
# Function -> Convert to tuple
a_inp = (array_input)
# Function -> Convert tuple to string:
o_inp = str(a_inp)
# Function -> Remove parentheses for checking data:
v_inp = re.sub ("[()]", "", o_inp)
# Function ->
from cern.safe.threatdetect import ThreatDetect
# Function ->
return ThreatDetect.m_post (v_response, v_uri, array_input)User has been warned for this post. Reason: Edit post content after receiving reply
Posts: 1,838
Threads: 2
Joined: Apr 2017
Nov-02-2020, 05:50 AM
(This post was last modified: Nov-02-2020, 05:50 AM by ndc85430.)
As people are trying to tell you: stop converting the object to a string. Use the appropriate methods and fields to access the data in the object for your needs (and see the docs for what those are).
Perhaps you need to learn about objects and classes?
Also, there's really no need to quote the entirety of other posts that are quite long.
Posts: 8,171
Threads: 160
Joined: Sep 2016
Nov-02-2020, 08:36 AM
(This post was last modified: Nov-02-2020, 08:36 AM by buran.)
some thoughts/observations:
- Assuming that
array_input is still cgi.FieldStorage object at the time when you pass it to this function - you don't change it inside the function. You work with different names during conversion and cleaning process. So at the end of the function array_input is exactly the same as it was in the beginning and that is what you pass to ThreatDetect.m_post(). You never use o_inp and v_inp.
- What package is
cern.safe.threatdetect coming from? Can you provide link to pypi, homepage, docs??
- In any case I think you need to check the values of
cgi.MiniFieldStorage objects - i.e. that is what is the [possibly unsafe] user input in the form fields, not the string representation of cgi.FieldStorage
- Look at this line
a_inp = (array_input). Note that a_inp is NOT tuple. In order to be tuple it should be a_inp = (array_input,) - note the comma.
>>> spam = 1
>>> eggs = (spam)
>>> type(eggs)
<class 'int'>
>>> eggs
1
>>> eggs = (spam,)
>>> type(eggs)
<class 'tuple'>
>>> eggs
(1,)
Posts: 16
Threads: 4
Joined: Oct 2020
(Nov-02-2020, 08:36 AM)buran Wrote: some thoughts/observations:
- Assuming that
array_input is still cgi.FieldStorage object at the time when you pass it to this function - you don't change it inside the function. You work with different names during conversion and cleaning process. So at the end of the function array_input is exactly the same as it was in the beginning and that is what you pass to ThreatDetect.m_post(). You never use o_inp and v_inp.
- What package is
cern.safe.threatdetect coming from? Can you provide link to pypi, homepage, docs??
- In any case I think you need to check the values of
cgi.MiniFieldStorage objects - i.e. that is what is the [possibly unsafe] user input in the form fields, not the string representation of cgi.FieldStorage
- Look at this line
a_inp = (array_input). Note that a_inp is NOT tuple. In order to be tuple it should be a_inp = (array_input,) - note the comma.
>>> spam = 1
>>> eggs = (spam)
>>> type(eggs)
<class 'int'>
>>> eggs
1
>>> eggs = (spam,)
>>> type(eggs)
<class 'tuple'>
>>> eggs
(1,)
now I rectified the code to clarify the understanding :
# Function -> Importa module cgi que trata form request e re (regex)
import re
# Class Function ->
class ProcessInputPost:
# Method Function ->
def spark (v_response, v_uri, array_input):
# Function -> Convert to tuple
a_inp = (array_input,)
# Function -> Convert tuple to string:
o_inp = str(a_inp)
# Function -> Remove parentheses for checking data:
array_input = re.sub ("[()]", "", o_inp)
# Function ->
from cern.safe.threatdetect import ThreatDetect
# Function ->
return ThreatDetect.m_post (v_response, v_uri, array_input)On the return of the method on the last line the parameter (array_input) is no longer a <class 'cgi.FieldStorage'> becomes <class 'str'> because the python regular expression of the (re) module can only understand the type of string data.
bowlofred likes this post
Posts: 8,171
Threads: 160
Joined: Sep 2016
Posts: 8,171
Threads: 160
Joined: Sep 2016
Please, don't change post content after you get reply. This makes my answer look incorrect. I revert your edit.
Posts: 16
Threads: 4
Joined: Oct 2020
(Nov-02-2020, 05:49 PM)buran Wrote: Please, don't change post content after you get reply. This makes my answer look incorrect. I revert your edit.
I did to correct my mistake and have a better understanding
|
