User’s CLI input validation for filtering out injection attacks

I am writing a python script, Gestioner.py, which checks for some service CLI commands and validates them if they are suppported or not.

I am also trying to develop a test harness to verify and test such possible security attacks Like Injection attacks, Gest_Test.py, and see that if my earlier Gestioner.py should be able to stop/filter out injection attacks.

My question is :

How can I further add such security attacks filtering functionality in ‘Gestioner.py’, to stop any security injection related inputs given through CLI commands ?

Here are some of the example ‘valid’ commands:

--binfcmd filebinf  --filecmd fileftp  --binfcmd filebinf2 --zip testzipfile2 --stat --type None --mol None 

Here is the Gestioner.py file:

#Gestioner.py #For processing the PService cli commands  from pathlib import Path import os import errno import logging import sys from collections import namedtuple sys.path.insert(0, '..')   supported_cmds = ['binfcmd','zip','stat','type','mol','sync', 'filecmd'] ISSupported = namedtuple('ISSupported', 'result desc')  ### # Base Class for processing Pservice commands ### class CmdGestioner:     def __init__(self):         None      def set_full_command(self, in_cmd=None):         self.full_command = in_cmd      def get_full_command(self):         return self.full_command      def print(self):         print("Output: ", self.full_command)      def is_supported(self, in_command):         pservice_flags = [elem for elem in in_command.split() if str(elem).startswith('--')]          # Compare pservice flags with supported version.         command_not_supported = [x for x in pservice_flags if x.strip('--') not in supported_cmds]         # Compare pservice_flags with supported version.         if (len(command_not_supported) > 0):             commands = ' '.join(str(elem) for elem in command_not_supported)             command_not_supported_strs = 'The following commands are not supported: ' + commands             print (command_not_supported_strs)             return ISSupported(                 result=False,                 desc=command_not_supported_strs)          return ISSupported(                 result=True,                 desc='')   

Test file:

#Gest_test.py  from pathlib import Path import os import errno import logging import sys from Gestioner import CmdGestioner from collections import namedtuple   # Testing application. if __name__== "__main__":   print("Command line parser program.")   cmd = CmdGestioner()   cmd_mtg_str = ''.join(str(elem) for elem in sys.argv[1:])   cmd_args = [str(elem).strip('--') for elem in sys.argv[1:] if str(elem).startswith('--')]    print ("This is the name of the script: ", sys.argv[0])   print ("The arguments are: " , str(sys.argv))   print("The cmd.print() is: ", cmd)   print ("The program arguments are: " , cmd_mtg_str)   print ("Splitting commands into groups by -- from string: ", cmd_mtg_str.strip())   flags = cmd_mtg_str.split('--')   for x in flags:       print(x)   print ('Main commands i.e. those that start with -- ', str(cmd_args))    print('finished')  

Thanks for any suggestions/guidance to work my way in the scripts.

Initial state of checkboxes for basic list filtering

I’m developing a web application which features a list of items. The list can be filtered by type, and the user can choose to view one or more types at once. Let’s say the types are Red, Green, Blue, and Yellow.

My idea was to use checkboxes, one for each type, so that e.g. when Blue and Yellow is selected, then the list contains the sum of these two. Basic logic.

Checkboxes unselected

Now, the default view is as above: no type is selected. In the app’s logic, this is treated the same as selecting all types – in other words, all items are visible on the list. The user can now click on the type they’re interested in, and the list will only contain that.

Is this an intuitive approach?
Or maybe all the checkboxes should be selected on init instead?
Or perhaps a completely different mechanic should be used in place of checkboxes?

I couldn’t decide and made a list of pros and cons:

  • All checkboxes empty on init
    • πŸ™‚ One click required to filter by one given type
    • πŸ™ It doesn’t make much sense that nothing checked means all shown
  • All checkboxes checked on init
    • πŸ™ Three clicks required to filter by one given type
    • πŸ™‚ Makes more sense that all checked means all shown

I’m not sure if my reasoning is correct. Looking at shops which let you e.g. select a laptop brand, it’s normal for them to start with all options unchecked. But since my app’s list is rather short and filtering results are immediate, I’m not sure if any of these approaches is better than the other, or maybe I’m missing a better way.

Url query filtering links not working in modern Sharepoint?

In classic SP tacking a url query onto a page containing a list was a handy way of filtering the content:

 page.aspx?FilterField1=<internal field name>&FilterValue1=<value> 

This no longer works in modern. I’ve tried:

  • adding the query to the news.aspx page:/_layouts/15/news.aspx?FilterField1=&FilterValue1=
  • creating a new page with an unfiltered news web part on it and creating a link with the above query added to the url

Has anyone found a way to get this to work? The alternative is to manually create a page with a filtered news web part on it but that doesn’t seem very “modern”.

Url query filtering links not working in modern Sharepoint?

In classic SP tacking a url query onto a page containing a list was a handy way of filtering the content:

 page.aspx?FilterField1=<internal field name>&FilterValue1=<value> 

This no longer works in modern. I’ve tried:

  • adding the query to the news.aspx page:/_layouts/15/news.aspx?FilterField1=&FilterValue1=
  • creating a new page with an unfiltered news web part on it and creating a link with the above query added to the url

Has anyone found a way to get this to work? The alternative is to manually create a page with a filtered news web part on it but that doesn’t seem very “modern”.

Filtering list view based on querystring using jQuery?

Using Sharepoint 2010 Content Editor Web Parts (some links dynamically created) List View Web Part

Ability to add additional software or packages to the system extremely limited (so would prefer answers that do not suggest software upgrades/additional different Web Parts)

Notes using javascript/JQuery and have access to SPServices.

Given the services I have access to, is there a way to filter the List View Web Part based on a querystring?

On-The-Fly Filtering Of Results

I would like to submit a small problem of usability to you.

This is a problem with on-the-fly filtering of results. The constraint is that the user must first see all the results. Then he filters according to the results he needs to see.

https://xwg5qp.axshare.com

  • Home (initial state) On the right side, all results are displayed. On the left side, all filters (toggle buttons) are disabled.

  • Results filtering: pages 1, 2, 3, 4, 5, 6 and 7.

  • Page 7 All results are displayed. These results are also available at Home.

Is this filtering confusing?

Thank you for your help:)

Event listing, filtering events with search

I’m working on UI for an event listing website. I have a dilemma. I want to include filters, without making the user think they have to use the search bar.

I curently have something like this

  1. Event listing when search is not being used: enter image description here

  2. Event listing when search is being used enter image description here

Anyways, the problem is this:

When the user visits the site – the “Today” filter is set as default. There is no “All events” filter button available to the user (too many events to list).

However, when the user uses search – the “All events” filter appears and becomes active.

My logic is – if the user uses search – he is most likely interested in all the instances of the keyword (let’s say the user searches for a band – he most likely wants to know WHEN are they playing and less likely to answer if they are playing “today”).

  1. The problem is, would the user get confused because of the sudden apperiance of the “All events filter”.

  2. The second problem is: if the user is interested in “this month”. So he changes from “all events” to “this month”, and then wants to search for something else – should the search jump again on “all events” or stay on “this month”.

Sharepoint 2013 – Search files into File Share (content source) with filtering by folders

I crawled content that is on stored on file server (File Share – content source in SharePoint Server) and i get the results in SharePoint search. Everything is fine but i need to have some kind of refiner (i tried many of them but none is working in the way that i need, or it is not working at all) that will have opportunity to choose the folder in which i want to search for some file. Could you give me some suggestions?

Thanks