In [27]:
!pip install bcrypt
!pip install bandit



In [28]:
# Cell 2: Secure Implementation - Hashing and Parameterized Queries
import sqlite3
import bcrypt

# Function to hash the password
def hash_password(password):
    return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())

# Function to create the users table (if it doesn't exist)
def create_table():
    conn = sqlite3.connect('users.db')
    cursor = conn.cursor()
    
    # Create the users table if it doesn't already exist
    cursor.execute('''
        CREATE TABLE IF NOT EXISTS users (
            id INTEGER PRIMARY KEY AUTOINCREMENT,
            username TEXT NOT NULL,
            password TEXT NOT NULL
        )
    ''')
    
    conn.commit()
    conn.close()

# Insert user into the database securely
def insert_user(username, password):
    conn = sqlite3.connect('users.db')
    cursor = conn.cursor()

    # Secure SQL query using parameterized queries to prevent SQL Injection
    hashed_password = hash_password(password)
    cursor.execute("INSERT INTO users (username, password) VALUES (?, ?)", (username, hashed_password))
    
    conn.commit()
    conn.close()

# Function to view all users in the database
def view_users():
    conn = sqlite3.connect('users.db')
    cursor = conn.cursor()
    
    cursor.execute("SELECT * FROM users")
    users = cursor.fetchall()
    
    print("Current users in the database:")
    for user in users:
        print(f"ID: {user[0]}, Username: {user[1]}, Password (hashed): {user[2]}")
    
    conn.close()

# Main function to get user input and insert into database
def main():
    # First, create the users table
    create_table()
    
    # Take user input
    username = input("Enter username: ")
    password = input("Enter password: ")
    
    # Insert user into the table
    insert_user(username, password)

    # View all users
    view_users()

# Run the main function
main()


Enter username:  Umer Aziz
Enter password:  abc


Current users in the database:
ID: 1, Username: Umer Aziz, Password (hashed): b'$2b$12$DKKftLbJ3r6HiNeTxSbciOnRo7TvvKhKiv6gGpLpJckJxCMUmf0bu'
ID: 2, Username: Umer Aziz, Password (hashed): b'$2b$12$POlDUX7BGtNJpMz7x33W7esAZc1YjnZVHtc5Ct7UkJvULsbSA8LvG'


In [29]:
!bandit -r

usage: bandit [-h] [-r] [-a {file,vuln}] [-n CONTEXT_LINES] [-c CONFIG_FILE]
              [-p PROFILE] [-t TESTS] [-s SKIPS]
              [-l | --severity-level {all,low,medium,high}]
              [-i | --confidence-level {all,low,medium,high}]
              [-f {csv,custom,html,json,screen,txt,xml,yaml}]
              [--msg-template MSG_TEMPLATE] [-o [OUTPUT_FILE]] [-v] [-d] [-q]
              [--ignore-nosec] [-x EXCLUDED_PATHS] [-b BASELINE]
              [--ini INI_PATH] [--exit-zero] [--version]
              [targets ...]
