data.py
  1  """Gruyere - Default data for Gruyere, a web application with holes.
  2  
  3  Copyright 2017 Google Inc. All rights reserved.
  4  
  5  This code is licensed under the https://creativecommons.org/licenses/by-nd/3.0/us/
  6  Creative Commons Attribution-No Derivative Works 3.0 United States license.
  7  
  8  DO NOT COPY THIS CODE!
  9  
 10  This application is a small self-contained web application with numerous
 11  security holes. It is provided for use with the Web Application Exploits and
 12  Defenses codelab. You may modify the code for your own use while doing the
 13  codelab but you may not distribute the modified code. Brief excerpts of this
 14  code may be used for educational or instructional purposes provided this
 15  notice is kept intact. By using Gruyere you agree to the Terms of Service
 16  https://www.google.com/intl/en/policies/terms/
 17  """
 18  
 19  __author__ = 'Bruce Leban'
 20  
 21  # system modules
 22  import copy
 23  
 24  DEFAULT_DATA = {
 25      'administrator': {
 26          'name': 'Admin',
 27          'pw': 'secret',
 28          'is_author': False,
 29          'is_admin': True,
 30          'private_snippet': 'My password is secret. Get it?',
 31          'web_site': 'https://www.google.com/contact/',
 32      },
 33      'cheddar': {
 34          'name': 'Cheddar Mac',
 35          'pw': 'orange',
 36          'is_author': True,
 37          'is_admin': False,
 38          'private_snippet': 'My SSN is <a href="https://www.google.com/' +
 39                             'search?q=078-05-1120">078-05-1120</a>.',
 40          'web_site': 'https://images.google.com/?q=cheddar+cheese',
 41          'color': 'blue',
 42          'snippets': [
 43              'Gruyere is the cheesiest application on the web.',
 44              'I wonder if there are any security holes in this....'
 45          ],
 46      },
 47      'sardo': {
 48          'name': 'Miss Sardo',
 49          'pw': 'odras',
 50          'is_author': True,
 51          'is_admin': False,
 52          'private_snippet': 'I hate my brother Romano.',
 53          'web_site': 'https://www.google.com/search?q="pecorino+sardo"',
 54          'color': 'red',
 55          'snippets': [],
 56      },
 57      'brie': {
 58          'name': 'Brie',
 59          'pw': 'briebrie',
 60          'is_author': True,
 61          'is_admin': False,
 62          'private_snippet': 'I use the same password for all my accounts.',
 63          'web_site': 'https://news.google.com/news/search?q=brie',
 64          'color': 'red; text-decoration:underline',
 65          'snippets': [
 66              'Brie is the queen of the cheeses<span style=color:red>!!!</span>'
 67          ],
 68      },
 69  }
 70  
 71  
 72  def DefaultData():
 73    """Provides default data for Gruyere."""
 74    return copy.deepcopy(DEFAULT_DATA)