From 10112874ddbe6857c0c6e5749da7e631dc79dc7c Mon Sep 17 00:00:00 2001 From: gtencate Date: Sun, 17 May 2015 22:57:01 +0200 Subject: [PATCH] Fix the Fixie,,, --- etc/requirements.txt | 6 ------ ...ode_example--Session_cookies_(domain)--.md | 2 +- ...6-code_example--XML_External_entities--.md | 4 ++-- skf/skf.db | Bin 24576 -> 24576 bytes skf/test_skf.py | 1 - 5 files changed, 3 insertions(+), 10 deletions(-) delete mode 100644 etc/requirements.txt diff --git a/etc/requirements.txt b/etc/requirements.txt deleted file mode 100644 index 895036a74..000000000 --- a/etc/requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -https://github.com/mitsuhiko/flask/tarball/master#egg=flask -markdown -pyOpenSSL -python-docx -BeautifulSoup -requests diff --git a/skf/markdown/code_examples/asp/27-code_example--Session_cookies_(domain)--.md b/skf/markdown/code_examples/asp/27-code_example--Session_cookies_(domain)--.md index fa195ae70..710b01eb0 100644 --- a/skf/markdown/code_examples/asp/27-code_example--Session_cookies_(domain)--.md +++ b/skf/markdown/code_examples/asp/27-code_example--Session_cookies_(domain)--.md @@ -4,7 +4,7 @@ Session cookies (domain) **Example:** /* - Setting the “Domain” attribute to a too permissive value, such as “example.com” + Setting the "Domain" attribute to a too permissive value, such as "example.com" allows an attacker to launch attacks on the session IDs between different hosts and web applications belonging to the same domain, known as cross-subdomain cookies. For example, vulnerabilities in www.example.com might allow an attacker to get access diff --git a/skf/markdown/code_examples/asp/6-code_example--XML_External_entities--.md b/skf/markdown/code_examples/asp/6-code_example--XML_External_entities--.md index 0b56d4ede..2737b5c1a 100644 --- a/skf/markdown/code_examples/asp/6-code_example--XML_External_entities--.md +++ b/skf/markdown/code_examples/asp/6-code_example--XML_External_entities--.md @@ -38,7 +38,7 @@ XML External entities to cause the runtime to throw an exception if a element is present in the XML: At this point, we have hardened this code so that it is much less vulnerable to XML bombs, - but we haven’t yet addressed the dangers posed by malicious external entities. + but we haven't yet addressed the dangers posed by malicious external entities. You can improve your resilience against these attacks if you customize the behavior of XmlReader by changing its XmlResolver. XmlResolver objects are used to resolve external references, including external entities. XmlTextReader instances, as well as XmlReader @@ -46,7 +46,7 @@ XML External entities XmlResolvers (actually XmlUrlResolvers). You can prevent XmlReader from resolving external entities while still allowing it to resolve inline entities by setting the XmlResolver property of XmlReaderSettings to null. This is attack surface reduction - at work again; if you don’t need the capability, turn it off: + at work again; if you don't need the capability, turn it off: */ XmlReaderSettings settings = new XmlReaderSettings(); diff --git a/skf/skf.db b/skf/skf.db index ad9a0b5f4b9a883b525bcfa549e09a3cb145a620..506cf020fd64f5ec66864ded7684acb54d59dc99 100644 GIT binary patch delta 78 zcmZoTz}Rqrae}m<4FdxM8xX?)&qN(#prGzER$ibGD|Z(IUlHGtjRi8?jGUW$x#Jlb YIVQj5nZn4vxrx_>k&$ilaX!mH07#V(sQ>@~ delta 78 zcmZoTz}Rqrae}m<3k&$upaX!mH05|IpPyhe` diff --git a/skf/test_skf.py b/skf/test_skf.py index 364a9652b..ecc7f393a 100644 --- a/skf/test_skf.py +++ b/skf/test_skf.py @@ -95,7 +95,6 @@ def test_code_base_items(client): assert b'Knowledge Base Code Examples' in rv.data assert b'File upload' in rv.data assert b'Input validation' in rv.data - assert b'Single input validation' in rv.data assert b'Debug enabling' in rv.data assert b'Anti caching headers' in rv.data