# Functions in Python 

## 1. Defining and Calling Functions

**Definition:**
A function is a block of organized, reusable code that is used to perform a specific task. In Python, functions are defined using the def keyword, followed by the function name and parentheses.

Functions help in structuring the code and making it reusable, which is especially useful in cybersecurity for tasks like encryption, decryption, traffic analysis, and packet filtering.

### Syntax

### Example 1: Basic Function to Check if an IP is Suspicious

Let's create a function that checks whether an IP address belongs to a known list of suspicious IPs.

In [4]:
# List of suspicious IP addresses
suspicious_ips = ["192.168.1.100", "10.0.0.5", "203.0.113.50"]

# Define a function to check if an IP is suspicious
def is_suspicious_ip(ip):
    if ip in suspicious_ips:
        return True
    return False

# Call the function to check
ip_to_check = "10.0.0.5"
result = is_suspicious_ip(ip_to_check)
print(f"Is {ip_to_check} a suspicious IP? {result}")


Is 10.0.0.5 a suspicious IP? True


### Example 2: Function to Log Security Alerts
You can use functions to log security events. Here's an example of a function that prints a security alert message when certain keywords are detected in a log entry.

In [5]:
# Define a function to log security alerts
def log_security_alert(log_entry):
    if "malware" in log_entry or "attack" in log_entry:
        print(f"Security Alert: Detected threat in log - {log_entry}")
    else:
        print("Log entry is safe.")

# Call the function to log an alert
log_security_alert("malware detected in network traffic")


Security Alert: Detected threat in log - malware detected in network traffic


### Exercises

1) Write a function block_ip(ip) that takes an IP address as input and prints "IP Blocked" if the IP is in the blocklist, otherwise print "IP Safe". Use this list of blocked IPs: ["192.168.1.5", "10.0.0.2", "203.0.113.7"].

In [6]:
# write your code here

2) Define a function check_vulnerability(log_entry) that checks if a log entry contains the word "vulnerability". If so, it should return "Vulnerability Found", otherwise it should return "No Vulnerability".

In [None]:
#write your code here

3) Create a function has_sql_injection(query) that checks if a given SQL query contains an SQL injection attempt (e.g., ' OR '1'='1). It should return True if an injection is found, otherwise return False.

In [7]:
#write your code here

## 2. Parameters and Return Values
**Definition:**
Functions can take parameters (inputs) and can return values. This allows functions to be more flexible and reusable in different situations.

*Parameters:* Values passed to the function when it is called.
*Return Value:* The result that the function gives back after execution. If no return statement is provided, the function will return None.

### Example 1: Encrypting Data Using a Simple Function
In cybersecurity, you might create functions that take data as input and return encrypted or processed data.

In [8]:
# Simple encryption function (Caesar cipher with a shift of 3)
def caesar_encrypt(plaintext, shift):
    encrypted = ""
    for char in plaintext:
        encrypted += chr((ord(char) + shift) % 128)
    return encrypted

# Call the function to encrypt data
text = "SecureMessage"
encrypted_text = caesar_encrypt(text, 3)
print(f"Encrypted Text: {encrypted_text}")


Encrypted Text: VhfxuhPhvvdjh


### Example 2: Decrypting Data

Similarly, you can write a decryption function that takes encrypted data and the shift value as parameters and returns the original data.

In [10]:
# Simple decryption function (Caesar cipher)
def caesar_decrypt(ciphertext, shift):
    decrypted = ""
    for char in ciphertext:
        decrypted += chr((ord(char) - shift) % 128)
    return decrypted

# Decrypt the previously encrypted text
decrypted_text = caesar_decrypt(encrypted_text, 3)
print(f"Decrypted Text: {decrypted_text}")


Decrypted Text: SecureMessage


### Exercises

1) Write a function detect_ddos(ip, traffic) that takes an IP address and the amount of traffic (in bytes). If the traffic is greater than 1000 bytes, print "Potential DDoS attack from {ip}", otherwise print "Normal traffic from {ip}".

In [12]:
#write your code here

2.) Define a function xor_encrypt(text, key) that takes a string text and an integer key, and returns the XOR-encrypted result of the text (you can use ord() and chr() for character manipulation).

In [13]:
#write your code here

3. Create a function password_strength(password) that takes a password as a parameter and returns:

* "Weak" if the password is less than 6 characters.
* "Medium" if the password is between 6 and 10 characters.
* "Strong" if the password is more than 10 characters.

In [6]:
#write you code here

## 3. Scope and Lifetime of Variables
**Definition:**
The scope of a variable defines where it can be accessed within the code. In Python:

* Variables defined inside a function have a local scope, meaning they can only be accessed inside that function.
* Variables defined outside a function have a global scope, meaning they can be accessed anywhere in the code.

The lifetime of a variable refers to the duration for which the variable exists in memory. For example, a local variable only exists as long as the function is executing.

### Example 1: Global vs Local Variables in a Password Cracker

In [14]:
# Global variable
password_attempts = 0

def crack_password(attempt):
    # Local variable
    global password_attempts
    password_attempts += 1
    correct_password = "password123"
    if attempt == correct_password:
        print("Access Granted!")
    else:
        print(f"Access Denied! Attempts: {password_attempts}")

# Call the function multiple times
crack_password("password1234")
crack_password("password123")


Access Denied! Attempts: 1
Access Granted!


### Example 2: Local Variables in a Packet Sniffer

In [2]:
def analyze_packet(packet):
    # Local variable
    suspicious_words = ["attack", "malware", "phishing"]
    for word in suspicious_words:
        if word in packet:
            print(f"Suspicious packet detected: {packet}")
            return True
    return False

# Packet analysis
packet = "User data attack detected"
analyze_packet(packet)

# Try to access local variable (this will cause an error)
# print(suspicious_words)  # Uncommenting this will raise an error


Suspicious packet detected: User data attack detected


True

### Exercises

1) Write a function reset_attempts() that resets the global variable login_attempts to 0, and a function attempt_login() that increments the number of attempts. Simulate a failed login mechanism with a global login_attempts variable.



In [None]:
# write your code here

2) Create a function detect_intrusion() that takes a log entry and uses a local variable suspicious to detect the words "unauthorized access" or "intrusion". If detected, return True, otherwise False.

In [7]:
# write your code

3) Write a function track_failed_logins() that tracks the number of failed login attempts globally. Each time the function is called, it increments the count. The function should print the total number of failed attempts.

In [8]:
# write your code

### Conclusion
By the end of this lecture, you should have a clear understanding of how to:

* Define and call functions.
* Use parameters and return values to make functions more dynamic.
* Understand variable scope and lifetime, which is critical in preventing issues like variable conflicts, especially in larger cryptographic and cybersecurity projects.

These concepts are fundamental to writing secure, efficient, and reusable code, which is essential in fields like cybersecurity and cryptography. Functions help encapsulate code logic, making it easier to apply encryption, decryption, and network monitoring across different parts of your code without redundancy.

