186. Security Best Practices

Snippet 1: Input Validation with Regular Expressions

Copy

import re

# Validate email input
def is_valid_email(email):
    pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
    return bool(re.match(pattern, email))

# Test email validation
email = "test@example.com"
print("Valid Email" if is_valid_email(email) else "Invalid Email")

---

Snippet 2: Preventing SQL Injection with Parameterized Queries

Copy

import sqlite3

# Use parameterized queries to prevent SQL injection
conn = sqlite3.connect('secure.db')
cursor = conn.cursor()

# Create a table
cursor.execute('CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, username TEXT, password TEXT)')
conn.commit()

# Insert data securely
username = "admin'; DROP TABLE users;--"
password = "securepassword"
cursor.execute('INSERT INTO users (username, password) VALUES (?, ?)', (username, password))
conn.commit()

# Verify insertion
cursor.execute('SELECT * FROM users')
print(cursor.fetchall())

conn.close()

---

Snippet 3: Hashing Passwords with bcrypt

Copy

from bcrypt import hashpw, gensalt, checkpw

# Hash a password
password = b"securepassword"
hashed = hashpw(password, gensalt())

# Verify a password
entered_password = b"securepassword"
print("Password Match" if checkpw(entered_password, hashed) else "Password Mismatch")

---

Snippet 4: Secure Random Number Generation

Copy

import secrets

# Generate a secure random token
secure_token = secrets.token_hex(16)
print(f"Secure Token: {secure_token}")

# Generate a secure random integer
secure_number = secrets.randbelow(100)
print(f"Secure Random Number: {secure_number}")

---

Snippet 5: Sanitizing HTML Input with Bleach

Copy

import bleach

# Sanitize user-provided HTML
unsafe_html = '<script>alert("hacked!")</script><p>Valid content</p>'
safe_html = bleach.clean(unsafe_html)
print(f"Sanitized HTML: {safe_html}")

---

Snippet 6: Limiting Password Attempts

Copy

from time import sleep

# Simulate limiting login attempts
attempts = 0
max_attempts = 3

while attempts < max_attempts:
    password = input("Enter password: ")
    if password == "securepassword":
        print("Login successful")
        break
    else:
        print("Invalid password")
        attempts += 1
        if attempts < max_attempts:
            sleep(2**attempts)  # Exponential backoff
else:
    print("Too many failed attempts. Try again later.")

---

Snippet 7: Using HTTPS with Flask

Copy

from flask import Flask

app = Flask(__name__)

@app.route('/')
def secure_route():
    return "This route is secure!"

# Run Flask app with HTTPS
if __name__ == '__main__':
    app.run(ssl_context=('cert.pem', 'key.pem'))  # Provide SSL certificate and key

---

Snippet 8: Validating JSON Input with Marshmallow

Copy

from marshmallow import Schema, fields, ValidationError

# Define a schema for input validation
class UserSchema(Schema):
    username = fields.Str(required=True)
    age = fields.Int(required=True, validate=lambda n: 18 <= n <= 100)

# Validate input
try:
    data = {"username": "testuser", "age": 25}
    validated_data = UserSchema().load(data)
    print("Validated Data:", validated_data)
except ValidationError as err:
    print("Validation Errors:", err.messages)

---

Snippet 9: Setting Secure Cookies in Flask

Copy

from flask import Flask, make_response

app = Flask(__name__)

@app.route('/set-cookie')
def set_secure_cookie():
    response = make_response("Cookie set!")
    response.set_cookie('secure_cookie', 'secure_value', httponly=True, secure=True, samesite='Strict')
    return response

---

Snippet 10: Rate Limiting with Flask-Limiter

Copy

from flask import Flask
from flask_limiter import Limiter

app = Flask(__name__)
limiter = Limiter(app, key_func=lambda: "user-ip")  # Using IP as the key for rate-limiting

@app.route('/')
@limiter.limit("5 per minute")
def limited_route():
    return "You can access this route 5 times per minute."

if __name__ == '__main__':
    app.run()