data.py
  1  """Gruyere - Default data for Gruyere, a web application with holes.
  2  
  3  Copyright 2010 Google Inc. All rights reserved.
  4  
  5  This code is licensed under the http://creativecommons.org/licenses/by-nd/3.0/us
  6  Creative Commons Attribution-No Derivative Works 3.0 United States license.
  7  
  8  DO NOT COPY THIS CODE!
  9  
 10  This application is a small self-contained web application with numerous
 11  security holes. It is provided for use with the Web Application Exploits and
 12  Defenses codelab. You may modify the code for your own use while doing the
 13  codelab but you may not distribute the modified code. Brief excerpts of this
 14  code may be used for educational or instructional purposes provided this
 15  notice is kept intact. By using Gruyere you agree to the Terms of Service
 16  http://code.google.com/terms.html
 17  """
 18  
 19  __author__ = 'Bruce Leban'
 20  
 21  import copy
 22  
 23  DEFAULT_DATA = {
 24      'administrator': {
 25          'name': 'Admin',
 26          'pw': 'secret',
 27          'is_author': False,
 28          'is_admin': True,
 29          'private_snippet': 'My password is secret. Get it?',
 30          'web_site': 'http://www.google.com/contact/security.html',
 31      },
 32      'cheddar': {
 33          'name': 'Cheddar Mac',
 34          'pw': 'orange',
 35          'is_author': True,
 36          'is_admin': False,
 37          'private_snippet': 'My SSN is <a href="http://www.google.com/' +
 38              'search?q=078-05-1120">078-05-1120</a>.',
 39          'web_site': 'http://images.google.com/images?q=cheddar+cheese',
 40          'color': 'blue',
 41          'snippets': [
 42            'Gruyere is the cheesiest application on the web.',
 43            'I wonder if there are any security holes in this....'
 44          ],
 45      },
 46      'sardo': {
 47          'name': 'Miss Sardo',
 48          'pw': 'odras',
 49          'is_author': True,
 50          'is_admin': False,
 51          'private_snippet': 'I hate my brother Romano.',
 52          'web_site': 'http://www.google.com/search?q="pecorino+sardo"',
 53          'color': 'red',
 54          'snippets': [],
 55      },
 56      'brie': {
 57          'name': 'Brie',
 58          'pw': 'briebrie',
 59          'is_author': True,
 60          'is_admin': False,
 61          'private_snippet': 'I use the same password for all my accounts.',
 62          'web_site': 'http://news.google.com/news/search?q=brie',
 63          'color': 'red; text-decoration:underline',
 64          'snippets': [
 65              'Brie is the queen of the cheeses<span style=color:red>!!!</span>'
 66          ],
 67      },
 68  }
 69  
 70  
 71  def DefaultData():
 72    """Provides default data for Gruyere."""
 73    return copy.deepcopy(DEFAULT_DATA)