# 5.4	Creating Real Time Defenses
## 5.4.1	Considering basic coding in Python
A subprocess is one that is called from the current process to perform a specific task. You use subproceses for all sorts of things, like getting the contents of the current directory or opening a `.zip` file. The first cell below shows the unsafe way of doing things, while the second cell is safer. The third cell shows an easier to use and safer, but less flexible method.

In [39]:
from subprocess import check_output

MyDir = check_output("dir", shell=True)
print(MyDir.decode('ascii'))

 Volume in drive C is Windows 7
 Volume Serial Number is 2405-DAA8

 Directory of C:\Users\John\MLSec\Chapter05

04/20/2021  03:48 PM    <DIR>          .
04/20/2021  03:48 PM    <DIR>          ..
04/20/2021  03:04 PM    <DIR>          .ipynb_checkpoints
04/20/2021  03:48 PM             3,121 MLSec; 05; Real Time Defenses.ipynb
               1 File(s)          3,121 bytes
               3 Dir(s)  259,745,255,424 bytes free



In [41]:
from subprocess import check_output

MyDir = check_output(['cmd','/c','dir'])
print(MyDir.decode('ascii'))

 Volume in drive C is Windows 7
 Volume Serial Number is 2405-DAA8

 Directory of C:\Users\John\MLSec\Chapter05

04/20/2021  03:50 PM             3,307 MLSec; 05; Real Time Defenses.ipynb
               1 File(s)          3,307 bytes
               0 Dir(s)  259,745,181,696 bytes free



In [36]:
from os import listdir
from os import getcwd

MyDir = listdir(getcwd())
print(MyDir)

['.ipynb_checkpoints', 'MLSec; 05; Real Time Defenses.ipynb']


## 5.4.2	Working with Flask
Flask is a Python framework used for web applications. You could make your machine learning application available through a web API using it. However, whenever you work with the web, you could expose your network to problems such as Cross-Site Scripting (XSS). The following examples show how to avoid this problem.

In [3]:
from flask import Flask, request

app = Flask(__name__)

@app.route("/")
def say_hello():
    your_name = request.args.get('name')
    return "Hello %s" % your_name

**Click the stop button to stop the server from running.** Otherwise, the server will continue to run in the background and you won't be able to run the rest of the example. To test this server out with a script, type `http://127.0.0.1:5000/?name=<script>alert(1)</script>` in a new browser tab and press Enter.

In [4]:
app.run()

 * Serving Flask app "__main__" (lazy loading)
 * Environment: production
   Use a production WSGI server instead.
 * Debug mode: off


 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
127.0.0.1 - - [20/Apr/2021 16:50:38] "[37mGET /?name=John HTTP/1.1[0m" 200 -


In [8]:
from flask import Flask, request, escape

app = Flask(__name__)

@app.route("/")
def say_hello():
    your_name = request.args.get('name')
    return "Hello %s" % escape(your_name)

In [9]:
app.run()

 * Serving Flask app "__main__" (lazy loading)
 * Environment: production
   Use a production WSGI server instead.
 * Debug mode: off


 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
127.0.0.1 - - [20/Apr/2021 16:56:18] "[37mGET /?name=John HTTP/1.1[0m" 200 -
127.0.0.1 - - [20/Apr/2021 16:56:27] "[37mGET /?name=%3Cscript%3Ealert(1)%3C/script%3E HTTP/1.1[0m" 200 -
