From 004f16d63ad46fab440337713245f8444a256ef0 Mon Sep 17 00:00:00 2001
From: clbr-odoo <clbr@odoo.com>
Date: Tue, 21 Jun 2022 09:33:14 +0200
Subject: [PATCH 1/7] [MVC] Contact with DB

---
 Exercices/Claire/03_MVC/app/__init__.py       |  6 +++-
 .../app/controllers/ContactController.py      | 35 +++++++++++--------
 .../Claire/03_MVC/app/forms/ContactForm.py    |  3 +-
 Exercices/Claire/03_MVC/app/models/Contact.py | 33 +++++++++++++++++
 .../03_MVC/app/services/ContactService.py     | 21 +++++++++++
 .../app/templates/contact/contactForm.html    |  5 ++-
 .../app/templates/contact/contactList.html    | 16 +++++++++
 Exercices/Claire/03_MVC/sql.txt               |  9 +++++
 8 files changed, 107 insertions(+), 21 deletions(-)
 create mode 100644 Exercices/Claire/03_MVC/app/models/Contact.py
 create mode 100644 Exercices/Claire/03_MVC/app/services/ContactService.py
 create mode 100644 Exercices/Claire/03_MVC/app/templates/contact/contactList.html
 create mode 100644 Exercices/Claire/03_MVC/sql.txt

diff --git a/Exercices/Claire/03_MVC/app/__init__.py b/Exercices/Claire/03_MVC/app/__init__.py
index 69cad4d..45c7d40 100644
--- a/Exercices/Claire/03_MVC/app/__init__.py
+++ b/Exercices/Claire/03_MVC/app/__init__.py
@@ -1,5 +1,6 @@
 from flask import Flask, render_template
 from flask_debugtoolbar import DebugToolbarExtension
+import psycopg2
 
 app = Flask("app")
 app.config['SECRET_KEY'] = 'random'
@@ -7,4 +8,7 @@
 
 toolbar = DebugToolbarExtension(app)
 
-from app.controllers import *
\ No newline at end of file
+conn = psycopg2.connect(dbname='technobelapp', user='postgres', password='postgres', host='127.0.0.1', port='5432')
+print(conn)
+
+from app.controllers import *
diff --git a/Exercices/Claire/03_MVC/app/controllers/ContactController.py b/Exercices/Claire/03_MVC/app/controllers/ContactController.py
index ad4782a..f6f295b 100644
--- a/Exercices/Claire/03_MVC/app/controllers/ContactController.py
+++ b/Exercices/Claire/03_MVC/app/controllers/ContactController.py
@@ -1,25 +1,30 @@
 from app import app
-from flask import render_template, request
+from flask import render_template, request, redirect, url_for
 from app.forms.ContactForm import ContactForm
+from app.services.ContactService import ContactService
+
+contactService = ContactService()
 
 
 class ContactController:
 
-    @app.route('/contact', methods=['GET'])
-    def contactForm():
-        # if request.method == 'POST':
-        return render_template('contact/contactForm.html', contact="GET")
+    @app.route('/contacts', methods=['GET'])
+    def getAllContacts():
+        contacts = contactService.findAll()
+        return render_template('contact/contactList.html', contacts=contacts)
+
+    # @app.route('/test/<int:testid>', methods=['GET'])
+    # def getOneTests(testid):
+    #     test = testService.findOne(testid)
+    #     return render_template('test/info.html', test=test)
 
-    @app.route('/contact', methods=['POST'])
-    def contactPostForm():
+    @app.route('/contacts/add', methods=['GET', 'POST'])
+    def insertContact():
         form = ContactForm(request.form)
 
-        if form.validate():
-            contact = {}
-            contact["first_name"] = form.first_name.data
-            contact["last_name"] = form.last_name.data
-            contact["email"] = form.email.data
-            contact["descr"] = form.descr.data
-            return render_template('contact/contactDone.html', contact=contact)
+        if request.method == 'POST':
+            if form.validate():
+                contactService.insert(form)
+                return redirect(url_for('getAllContacts'))
 
-        return render_template('contact/contactForm.html', error=True)
+        return render_template('contact/contactForm.html', errors=form.errors)
diff --git a/Exercices/Claire/03_MVC/app/forms/ContactForm.py b/Exercices/Claire/03_MVC/app/forms/ContactForm.py
index da5841e..8119fc2 100644
--- a/Exercices/Claire/03_MVC/app/forms/ContactForm.py
+++ b/Exercices/Claire/03_MVC/app/forms/ContactForm.py
@@ -1,6 +1,6 @@
 from flask_wtf import FlaskForm
 from wtforms import StringField, SubmitField
-from wtforms.validators import DataRequired, Email
+from wtforms.validators import DataRequired
 
 
 class ContactForm(FlaskForm):
@@ -10,5 +10,4 @@ class Meta:
     first_name = StringField("first_name", validators=[DataRequired()])
     last_name = StringField("last_name", validators=[DataRequired()])
     email = StringField("email", validators=[DataRequired()])
-    descr = StringField("descr")
     submit = SubmitField('Submit')
diff --git a/Exercices/Claire/03_MVC/app/models/Contact.py b/Exercices/Claire/03_MVC/app/models/Contact.py
new file mode 100644
index 0000000..3ae1bfa
--- /dev/null
+++ b/Exercices/Claire/03_MVC/app/models/Contact.py
@@ -0,0 +1,33 @@
+class Contact:
+
+    def __init__(self, first_name, last_name, email):
+        self.__first_name = first_name
+        self.__last_name = last_name
+        self.__email = email
+
+    @property
+    def first_name(self):
+        return self.__first_name
+
+    @first_name.setter
+    def first_name(self, value):
+        self.__first_name = value
+
+    @property
+    def last_name(self):
+        return self.__last_name
+
+    @last_name.setter
+    def last_name(self, value):
+        self.__last_name = value
+
+    @property
+    def email(self):
+        return self.__email
+
+    @email.setter
+    def email(self, value):
+        self.__email = value
+
+    def __str__(self):
+        return f"{self.first_name} {self.last_name} [{self.email}]"
diff --git a/Exercices/Claire/03_MVC/app/services/ContactService.py b/Exercices/Claire/03_MVC/app/services/ContactService.py
new file mode 100644
index 0000000..a456548
--- /dev/null
+++ b/Exercices/Claire/03_MVC/app/services/ContactService.py
@@ -0,0 +1,21 @@
+from app import conn
+from app.models.Contact import Contact
+from app.forms.ContactForm import ContactForm
+
+
+class ContactService:
+    def __init__(self) -> None:
+        pass
+
+    def findAll(self):
+        cur = conn.cursor()
+        cur.execute("SELECT * FROM \"contacts\";")
+        contacts = []
+        for contact in cur.fetchall():
+            contacts.append(Contact(contact[0], contact[1], contact[2]))
+        return contacts
+
+    def insert(self, data: ContactForm):
+        cur = conn.cursor()
+        cur.execute(f"INSERT INTO contacts(firstName, lastName, email) VALUES({data.first_name.data}, {data.last_name.data}, {data.email.data})")
+        conn.commit()
diff --git a/Exercices/Claire/03_MVC/app/templates/contact/contactForm.html b/Exercices/Claire/03_MVC/app/templates/contact/contactForm.html
index 03c09e2..b84ea03 100644
--- a/Exercices/Claire/03_MVC/app/templates/contact/contactForm.html
+++ b/Exercices/Claire/03_MVC/app/templates/contact/contactForm.html
@@ -6,14 +6,13 @@
 
     <body>
         <h1>Contact us !</h1>
-        {% if error %}
-        <p>Invalid data !</p>
+        {% if errors %}
+        <p>{{ errors }}</p>
         {% endif %}
         <form id="contact" method="post">
             <input type="text" name="first_name" placeholder="firstname" required>
             <input type="text" name="last_name" placeholder="lastname" required>
             <input type="text" name="email" placeholder="email" required>
-            <input type="text" name="descr" placeholder="description">
             <input type="submit" value="Send">
         </form>
     </body>
diff --git a/Exercices/Claire/03_MVC/app/templates/contact/contactList.html b/Exercices/Claire/03_MVC/app/templates/contact/contactList.html
new file mode 100644
index 0000000..11edfc2
--- /dev/null
+++ b/Exercices/Claire/03_MVC/app/templates/contact/contactList.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>All contacts</title>
+    </head>
+
+    <body>
+        <h1>All contacts: </h1>
+        <ul>
+            {% for contact in contacts %}
+            <li>{{ contact }}</li>
+            {% endfor %}
+        </ul>
+    </body>
+
+</html>
\ No newline at end of file
diff --git a/Exercices/Claire/03_MVC/sql.txt b/Exercices/Claire/03_MVC/sql.txt
new file mode 100644
index 0000000..20a34c6
--- /dev/null
+++ b/Exercices/Claire/03_MVC/sql.txt
@@ -0,0 +1,9 @@
+CREATE DATABASE technobelapp;
+\c technobelapp 
+ALTER USER postgres PASSWORD 'postgres';
+CREATE TABLE contacts ( contactID SERIAL NOT NULL, 
+                        firstName varchar(55) NOT NULL, 
+                        lastName varchar(55) NOT NULL, 
+                        email varchar(255) NOT NULL, 
+                        PRIMARY KEY(contactID)
+);

From 4f580cf0a1f828091a3a5e6185187a27ed0f703b Mon Sep 17 00:00:00 2001
From: CrenierAmaury <amaurycrenier@gmail.com>
Date: Tue, 21 Jun 2022 09:47:27 +0200
Subject: [PATCH 2/7] MVC with db and docker

---
 Exercices/Amaury/MVC/app/__init__.py          |  3 ++
 .../MVC/app/controllers/DbController.py       | 33 +++++++++++++++++++
 Exercices/Amaury/MVC/app/forms/dbForm.py      | 10 ++++++
 Exercices/Amaury/MVC/app/models/db.py         |  4 +++
 .../Amaury/MVC/app/services/DbServices.py     | 30 +++++++++++++++++
 .../Amaury/MVC/app/templates/db/add.html      | 22 +++++++++++++
 Exercices/Amaury/MVC/app/templates/db/db.html | 14 ++++++++
 .../Amaury/MVC/app/templates/db/info.html     | 10 ++++++
 Exercices/Amaury/MVC/docker-compose.yml       | 19 +++++++++++
 Exercices/Amaury/MVC/sql.sql                  |  7 ++++
 10 files changed, 152 insertions(+)
 create mode 100644 Exercices/Amaury/MVC/app/controllers/DbController.py
 create mode 100644 Exercices/Amaury/MVC/app/forms/dbForm.py
 create mode 100644 Exercices/Amaury/MVC/app/models/db.py
 create mode 100644 Exercices/Amaury/MVC/app/services/DbServices.py
 create mode 100644 Exercices/Amaury/MVC/app/templates/db/add.html
 create mode 100644 Exercices/Amaury/MVC/app/templates/db/db.html
 create mode 100644 Exercices/Amaury/MVC/app/templates/db/info.html
 create mode 100644 Exercices/Amaury/MVC/docker-compose.yml
 create mode 100644 Exercices/Amaury/MVC/sql.sql

diff --git a/Exercices/Amaury/MVC/app/__init__.py b/Exercices/Amaury/MVC/app/__init__.py
index 69cad4d..062ce1a 100644
--- a/Exercices/Amaury/MVC/app/__init__.py
+++ b/Exercices/Amaury/MVC/app/__init__.py
@@ -1,5 +1,6 @@
 from flask import Flask, render_template
 from flask_debugtoolbar import DebugToolbarExtension
+import psycopg2
 
 app = Flask("app")
 app.config['SECRET_KEY'] = 'random'
@@ -7,4 +8,6 @@
 
 toolbar = DebugToolbarExtension(app)
 
+conn = psycopg2.connect(dbname='mvc', user='user', password='1234', host='127.0.0.1', port='5435')
+
 from app.controllers import *
\ No newline at end of file
diff --git a/Exercices/Amaury/MVC/app/controllers/DbController.py b/Exercices/Amaury/MVC/app/controllers/DbController.py
new file mode 100644
index 0000000..7c827ff
--- /dev/null
+++ b/Exercices/Amaury/MVC/app/controllers/DbController.py
@@ -0,0 +1,33 @@
+from requests import request
+from app import app
+from flask import render_template, request
+from app.forms.dbForm import DbForm
+from app.services.DbService import DbService
+
+from app.forms.form import Form
+
+dbService = DbService()
+
+class DbController:
+    @app.route('/db', methods=['GET'])
+    def getAllDatas():
+        datas = dbService.findAll()
+        return render_template('db/db.html', datas=datas)
+
+    @app.route('/db/<int:id>', methods=['GET'])
+    def getOneData(id):
+        data = dbService.findOne(id)
+        return render_template('db/info.html', data=data)
+
+    @app.route('/db/add', methods=['GET', 'POST'])
+    def postTest():
+        form = DbForm(request.form)
+
+        if request.method == 'POST':
+            if form.validate():
+                data = DbService.insert(form)
+                return render_template('db/info.html', data=data)
+            
+            return render_template('db/add.html', errors=form.errors)
+
+        return render_template('db/add.html', example="POST")
\ No newline at end of file
diff --git a/Exercices/Amaury/MVC/app/forms/dbForm.py b/Exercices/Amaury/MVC/app/forms/dbForm.py
new file mode 100644
index 0000000..d8e56e6
--- /dev/null
+++ b/Exercices/Amaury/MVC/app/forms/dbForm.py
@@ -0,0 +1,10 @@
+from flask_wtf import FlaskForm
+from wtforms import StringField, IntegerField
+from wtforms.validators import DataRequired
+
+class DbForm(FlaskForm):
+    class Meta:
+        csrf = False
+    
+    testid = IntegerField("id", validators=[DataRequired()])
+    testtext = StringField("text", validators=[DataRequired()])
\ No newline at end of file
diff --git a/Exercices/Amaury/MVC/app/models/db.py b/Exercices/Amaury/MVC/app/models/db.py
new file mode 100644
index 0000000..a4161d8
--- /dev/null
+++ b/Exercices/Amaury/MVC/app/models/db.py
@@ -0,0 +1,4 @@
+class Db:
+    def __init__(self, id: int, text: str) -> None:
+        self.id = id
+        self.text = text
\ No newline at end of file
diff --git a/Exercices/Amaury/MVC/app/services/DbServices.py b/Exercices/Amaury/MVC/app/services/DbServices.py
new file mode 100644
index 0000000..164079c
--- /dev/null
+++ b/Exercices/Amaury/MVC/app/services/DbServices.py
@@ -0,0 +1,30 @@
+from app import conn
+from app.forms.dbForm import DbForm
+from app.models.db import Db
+
+class DbService:
+    def __init__(self) -> None:
+        pass
+
+    def findAll(self):
+        cur = conn.cursor()
+        cur.execute("SELECT * FROM dbDatas")
+        datas = []
+        for data in cur.fetchall():
+            datas.append(Db(data[0], data[1]))
+
+        return tests
+
+    def findOne(self, testid):
+        cur = conn.cursor()
+        cur.execute(f"SELECT * FROM dbDatas WHERE id = {id}")
+        data = cur.fetchone()        
+
+        return Db(data[0], data[1])
+
+    def insert(self, data: DbForm):
+        cur = conn.cursor()
+        cur.execute("INSERT INTO dbDatas(id, contentText) VALUES(" + str(data.id.data) + ", '" + str(data.text.data) + "')")
+        conn.commit()
+
+        return self.findOne(int(data.id.data))
\ No newline at end of file
diff --git a/Exercices/Amaury/MVC/app/templates/db/add.html b/Exercices/Amaury/MVC/app/templates/db/add.html
new file mode 100644
index 0000000..b871dd6
--- /dev/null
+++ b/Exercices/Amaury/MVC/app/templates/db/add.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>Amaury MVC</title>
+    </head>
+
+    <body>
+        <h1>{{ example }}</h1>
+        
+        <form id="contact" method="post">
+            <input type="text" name="testid" placeholder="id" required>
+            <input type="text" name="testtext" placeholder="text" required>
+    
+            <input type="submit" value="Send">
+        </form>
+        {% if errors %}
+            {% for key, val in errors.items() %}
+                {{ key }} {{ val }}
+            {% endfor %}
+        {% endif %}
+    </body>
+</html>
\ No newline at end of file
diff --git a/Exercices/Amaury/MVC/app/templates/db/db.html b/Exercices/Amaury/MVC/app/templates/db/db.html
new file mode 100644
index 0000000..33083be
--- /dev/null
+++ b/Exercices/Amaury/MVC/app/templates/db/db.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>Amaury MVC</title>
+    </head>
+
+    <body>
+        {% for data in datas %}
+        <div>
+            <a href="/db/{{ data.id }}">{{ data.text }}</a>
+        </div>
+        {% endfor %}
+    </body>
+</html>
\ No newline at end of file
diff --git a/Exercices/Amaury/MVC/app/templates/db/info.html b/Exercices/Amaury/MVC/app/templates/db/info.html
new file mode 100644
index 0000000..4f6b42f
--- /dev/null
+++ b/Exercices/Amaury/MVC/app/templates/db/info.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>Amaury MVC</title>
+    </head>
+
+    <body>
+            <h1>{{ data.id }} {{ data.text }}</h1>
+    </body>
+</html>
\ No newline at end of file
diff --git a/Exercices/Amaury/MVC/docker-compose.yml b/Exercices/Amaury/MVC/docker-compose.yml
new file mode 100644
index 0000000..45f2474
--- /dev/null
+++ b/Exercices/Amaury/MVC/docker-compose.yml
@@ -0,0 +1,19 @@
+version: '3.3'
+
+services:
+  db:
+    image: postgres:13.7
+    environment:
+      POSTGRES_PASSWORD: 1234
+      POSTGRES_USER: user
+      POSTGRES_DB: mvc
+
+    ports:
+      - '5435:5432'
+
+    volumes:
+      - app-volume:/var/lib/postgresql/data
+      - ./init_db:/init_db
+
+volumes:
+  app-volume:
\ No newline at end of file
diff --git a/Exercices/Amaury/MVC/sql.sql b/Exercices/Amaury/MVC/sql.sql
new file mode 100644
index 0000000..0147e68
--- /dev/null
+++ b/Exercices/Amaury/MVC/sql.sql
@@ -0,0 +1,7 @@
+CREATE TABLE dbDatas(
+    id SERIAL PRIMARY KEY
+    contentText VARCHAR(81)
+);
+
+
+

From 6f2ed787220740127cae7ab9bcce4c63006f361a Mon Sep 17 00:00:00 2001
From: clbr-odoo <clbr@odoo.com>
Date: Tue, 21 Jun 2022 10:51:36 +0200
Subject: [PATCH 3/7] [MVC] fix db connection

---
 Exercices/Claire/03_MVC/app/__init__.py                     | 3 +--
 Exercices/Claire/03_MVC/app/services/ContactService.py      | 6 +++---
 .../Claire/03_MVC/app/templates/contact/contactList.html    | 1 +
 Exercices/Claire/03_MVC/sql.txt                             | 2 ++
 4 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/Exercices/Claire/03_MVC/app/__init__.py b/Exercices/Claire/03_MVC/app/__init__.py
index 45c7d40..5bca0e9 100644
--- a/Exercices/Claire/03_MVC/app/__init__.py
+++ b/Exercices/Claire/03_MVC/app/__init__.py
@@ -8,7 +8,6 @@
 
 toolbar = DebugToolbarExtension(app)
 
-conn = psycopg2.connect(dbname='technobelapp', user='postgres', password='postgres', host='127.0.0.1', port='5432')
-print(conn)
+conn = psycopg2.connect(dbname='app', user='app', password='1234', host='127.0.0.1', port='5435')
 
 from app.controllers import *
diff --git a/Exercices/Claire/03_MVC/app/services/ContactService.py b/Exercices/Claire/03_MVC/app/services/ContactService.py
index a456548..53c687e 100644
--- a/Exercices/Claire/03_MVC/app/services/ContactService.py
+++ b/Exercices/Claire/03_MVC/app/services/ContactService.py
@@ -4,12 +4,12 @@
 
 
 class ContactService:
-    def __init__(self) -> None:
+    def __init__(self) -> None:     
         pass
 
     def findAll(self):
         cur = conn.cursor()
-        cur.execute("SELECT * FROM \"contacts\";")
+        cur.execute("SELECT firstName, lastName, email FROM contacts;")
         contacts = []
         for contact in cur.fetchall():
             contacts.append(Contact(contact[0], contact[1], contact[2]))
@@ -17,5 +17,5 @@ def findAll(self):
 
     def insert(self, data: ContactForm):
         cur = conn.cursor()
-        cur.execute(f"INSERT INTO contacts(firstName, lastName, email) VALUES({data.first_name.data}, {data.last_name.data}, {data.email.data})")
+        cur.execute(f"INSERT INTO contacts(firstName, lastName, email) VALUES('{data.first_name.data}', '{data.last_name.data}', '{data.email.data}')")
         conn.commit()
diff --git a/Exercices/Claire/03_MVC/app/templates/contact/contactList.html b/Exercices/Claire/03_MVC/app/templates/contact/contactList.html
index 11edfc2..986979c 100644
--- a/Exercices/Claire/03_MVC/app/templates/contact/contactList.html
+++ b/Exercices/Claire/03_MVC/app/templates/contact/contactList.html
@@ -6,6 +6,7 @@
 
     <body>
         <h1>All contacts: </h1>
+        <button href="{{ url_for('insertContact') }}">New contact</button>
         <ul>
             {% for contact in contacts %}
             <li>{{ contact }}</li>
diff --git a/Exercices/Claire/03_MVC/sql.txt b/Exercices/Claire/03_MVC/sql.txt
index 20a34c6..a7c2bc5 100644
--- a/Exercices/Claire/03_MVC/sql.txt
+++ b/Exercices/Claire/03_MVC/sql.txt
@@ -7,3 +7,5 @@ CREATE TABLE contacts ( contactID SERIAL NOT NULL,
                         email varchar(255) NOT NULL, 
                         PRIMARY KEY(contactID)
 );
+SELECT * FROM contacts;
+INSERT INTO contacts(firstName, lastName, email) VALUES ('Claire', 'Bretton', 'clbr@odoo.com');
\ No newline at end of file

From e385aee770676758e5de49bcc591552294a96786 Mon Sep 17 00:00:00 2001
From: "philippe.stons" <philippe.stons@bstorm.be>
Date: Tue, 21 Jun 2022 15:51:44 +0200
Subject: [PATCH 4/7] [SQL INJECTION]

---
 MVC/app/__init__.py                           |   2 +-
 MVC/app/__pycache__/__init__.cpython-310.pyc  | Bin 523 -> 549 bytes
 MVC/app/controllers/TestController.py         |   8 +++
 .../TestController.cpython-310.pyc            | Bin 1513 -> 1813 bytes
 MVC/app/services/AccountTransfertService.py   |   3 +-
 MVC/app/services/TestService.py               |  54 +++++++++++++-----
 .../AccountTransfertService.cpython-310.pyc   | Bin 1726 -> 1741 bytes
 .../__pycache__/TestService.cpython-310.pyc   | Bin 1496 -> 1957 bytes
 MVC/app/templates/test/search.html            |  17 ++++++
 MVC/injectTest.py                             |  10 ++++
 10 files changed, 78 insertions(+), 16 deletions(-)
 create mode 100644 MVC/app/templates/test/search.html
 create mode 100644 MVC/injectTest.py

diff --git a/MVC/app/__init__.py b/MVC/app/__init__.py
index 81e30fd..fcf1235 100644
--- a/MVC/app/__init__.py
+++ b/MVC/app/__init__.py
@@ -3,7 +3,7 @@
 import psycopg2
 
 app = Flask("app")
-app.config['SECRET_KEY'] = 'random'
+app.config['SECRET_KEY'] = "Rg@O<z7Jd$C%j;C,aKD?O`8fwC(1$'E~"
 app.debug = True
 
 toolbar = DebugToolbarExtension(app)
diff --git a/MVC/app/__pycache__/__init__.cpython-310.pyc b/MVC/app/__pycache__/__init__.cpython-310.pyc
index 965856f8145a4792bcbddb96cdfaf323f8cf8a93..8bea760fd9e3735c7529f0607e87ba0f313d5de3 100644
GIT binary patch
delta 70
zcmeBXS<1qj&&$ij00c8OY)nd@$h$$QN+BrS!QZCJ+$%-JSvAYrStrrk#oj-`BCXt6
X!%#)twQl0k18m|zEk)v!yBQk*x5pG9

delta 44
wcmZ3=(#^t~&&$ij00c#?8<Tt|@^0X`#a5J<my(}5@%{le36O-u<fV)a02a6ncmMzZ

diff --git a/MVC/app/controllers/TestController.py b/MVC/app/controllers/TestController.py
index 185feb8..5fd7514 100644
--- a/MVC/app/controllers/TestController.py
+++ b/MVC/app/controllers/TestController.py
@@ -19,6 +19,14 @@ def getOneTests(testid):
         test = testService.findOne(testid)
         return render_template('test/info.html', test=test)
 
+    @app.route('/test/by/name', methods=['GET'])
+    def getOneByName():
+        testtext = request.args.get('testtext')
+        test = None
+        if testtext != None:
+            test = testService.findOneBy(testtext = testtext)
+        return render_template('test/search.html', test=test)
+
     @app.route('/test/add', methods=['GET', 'POST'])
     def postTest():
         form = TestForm(request.form)
diff --git a/MVC/app/controllers/__pycache__/TestController.cpython-310.pyc b/MVC/app/controllers/__pycache__/TestController.cpython-310.pyc
index 1760a707c3dcbf80de519c67efd8400d89603574..65e3a3e648898f91a401858665cc98a05b36059a 100644
GIT binary patch
delta 406
zcmYk2zfQtH9LM{+UZs?_R3yrvL=zVrfWgfT;);WtlZ88qSc<t`3=jx|4lWGl;;v6%
zjENiZ6`XkkU%<r8Uu$B#%l-a;KX<v$+=J^59mmpeeZ0N2&y9Qc8zN;wvmOA`7lc_X
zcdOmNS%&L<%4|lM6OgpyvV7VxnRlvH)?YhNB%V`~JeIZgxEA>X-qF;Ol;(BBORW!&
zguxTcG^Wj9iuO_$1&LUU$pU5|4W>_l(FH-E(OQ`aOY)JdfG8nj;-&DI`=ZmU_T(TG
z8(6Na34(4#eG$YfJ>XI}NuKRqMC>HuoyJ(uWR9d1QN&o}|BRQ++Ni?O#<+#g-o#3r
ze2Psdm|)|cl#fUL;40+JVI;*c47sTOm#Axf4m;{g@0n#3;#Iq<OZT9x?&u+8)sh~q
eZDT|1t7l_Nd4^RiU}|bESm4s%<7L!=@%{rNv|(HT

delta 129
zcmbQr_mZ10pO=@50SM&tHzrxKOyv8?7&e)M(ODveE1fBYxtA%0JB6o(p_ws?J%u-z
zL6dKDHKPdA<XJ3rj1rS2Su;2!fqFHWiliqyvPf`o6yz6|grpXih)rJ2YQo4d`2njn
eqx@t=HbntGpgIl)K1MD^J{B%U0hY;OZ2JL>JR8>l

diff --git a/MVC/app/services/AccountTransfertService.py b/MVC/app/services/AccountTransfertService.py
index 91a986d..d9ff9b9 100644
--- a/MVC/app/services/AccountTransfertService.py
+++ b/MVC/app/services/AccountTransfertService.py
@@ -18,7 +18,8 @@ def findAll(self):
     def findOne(self, transferid):
         cur = conn.cursor()
         cur.execute(f"SELECT * FROM accounttransfer WHERE transferid = {transferid};")
-        testData = cur.fetchone()        
+        testData = cur.fetchone()
+        conn.commit()
 
         return AccountTransfer(testData[0], testData[1], testData[2], testData[3])
 
diff --git a/MVC/app/services/TestService.py b/MVC/app/services/TestService.py
index 0b31e24..1ea619b 100644
--- a/MVC/app/services/TestService.py
+++ b/MVC/app/services/TestService.py
@@ -7,24 +7,50 @@ def __init__(self) -> None:
         pass
 
     def findAll(self):
-        cur = conn.cursor()
-        cur.execute("SELECT * FROM test")
-        tests = []
-        for test in cur.fetchall():
-            tests.append(Test(test[0], test[1]))
+        # cur = conn.cursor()
+        with conn.cursor() as cur:
+            cur.execute("SELECT * FROM test")
+            tests = []
 
-        return tests
+            for test in cur.fetchall():
+                tests.append(Test(test[0], test[1]))
+
+            return tests
 
     def findOne(self, testid):
-        cur = conn.cursor()
-        cur.execute(f"SELECT * FROM test WHERE testid = {testid}")
-        testData = cur.fetchone()        
+        # cur = conn.cursor()
+        with conn.cursor() as cur:
+            cur.execute(f"SELECT * FROM test WHERE testid = %s", (str(testid),))
+            testData = cur.fetchone()
+
+            if cur.rowcount == 1:
+                return Test(testData[0], testData[1])
+            else:
+                return None
+
+    def findOneBy(self, **kwargs):
+        # cur = conn.cursor()
+        with conn.cursor() as cur:
+            query = "SELECT * FROM test"
+            isFirst = True
+            values = []
+            for key, val in kwargs.items():
+                query += " WHERE " if isFirst else " AND "
+                query += f"{key} = %s"
+                values.append(str(val))
+
+            cur.execute(query, tuple(values))
+            testData = cur.fetchone()        
 
-        return Test(testData[0], testData[1])
+            if cur.rowcount == 1:
+                return Test(testData[0], testData[1])
+            else:
+                return None
 
     def insert(self, data: TestForm):
-        cur = conn.cursor()
-        cur.execute("INSERT INTO test(testid, testtext) VALUES(" + str(data.testid.data) + ", '" + str(data.testtext.data) + "')")
-        conn.commit()
+        # cur = conn.cursor()
+        with conn.cursor() as  cur:
+            cur.execute("INSERT INTO test(testid, testtext) VALUES(" + str(data.testid.data) + ", '" + str(data.testtext.data) + "')")
+            conn.commit()
 
-        return self.findOne(int(data.testid.data))
\ No newline at end of file
+            return self.findOne(int(data.testid.data))
\ No newline at end of file
diff --git a/MVC/app/services/__pycache__/AccountTransfertService.cpython-310.pyc b/MVC/app/services/__pycache__/AccountTransfertService.cpython-310.pyc
index aac3e462d14dd767876e1b25fbca477252d47b7f..b0285b66bde44e0cc089742e9884edb84626f485 100644
GIT binary patch
delta 156
zcmdnTdzP0spO=@50SK<{+n8jzk=KHm(POe3vl=JE0+xjgj0`2LlXID~l-P=xfNF~P
zKm<RKxW$o{T9TZRpO<=zEjd3oH?w5&M`jmJkVzbjLW~@nZCH31Rb@abIZN^rlaupH
u^Ga^9CFX+YA_<_lCUX%7kSdayT)-;NC^dNkYbK-g<X@~7j2x4V*}4JIZYL7}

delta 120
zcmX@hyN{PQpO=@50SJ~)+L)xhk=KHm(P6S1vl=7I<WlA=M%Kv>m?bAOvbeBw0M&3X
z3T^gd;bGK}26Aq3mgFZUC+C;umE2-W%!Sa&`MJ57C7R4dAmv5Ulj~XK86_vrXU$}k
Pn#{>&!N@+@iLDy|1g#!<

diff --git a/MVC/app/services/__pycache__/TestService.cpython-310.pyc b/MVC/app/services/__pycache__/TestService.cpython-310.pyc
index d3b00c1bfc60d83fb1981418a06d4ecc00550a78..54242de463108ff8849598eb2b84736ea618d0c7 100644
GIT binary patch
delta 811
zcmZva&ubGw6vyZ1?qu6+)5cg65u>(X3yKHDiy}=^5tInFAOt<s%%rYuH+FW?ny{gV
z_9S>HdlVr#c<^NN7kKmJA0X?+zoRGLq_rwI%Y1j<%$qlFK5xE{eVp)H*{p}4Eqoom
zIOGR@;@<&Fp*ohRPNaYExm1$gKB_x%Ou0=W$7Ob()rBO>Xl`Qo;~vIG$$9b)ljIYb
z_c&}`gdSCrpR{mm4>$3EU=))+8=xMI$ty0&I?)%66H`fx2$U4j9z>G}BC=X{CYh#}
zAI(O39O7sUGUsYy$5|^rNJ=B4Q_)nW@v;@FROr@Dqty<LX4ai)VVxYKA`?hGnHV~|
zn}?~$h7@=T3+$08%t$xC0zS)1ZwC!^y%~h^ai|*h%-<~o1AD25(4)5?2K6yqg-G0k
z)O&0V^>~c?WPqyZdFdJHIXyR~G1JqMhFG%O_S!Vwb>1V%Kai2h`_!=5-NOTn(UuQ%
zcuau^hnZtqE*v3%mXHq6S~QthNEc{<{TD4!(_@g*O4ltveX#Uosodq|g<94A?w0={
z=!Jg}raUleGtxQOstZ;|Ou1>l-cb6iotU;VVwpK%xxTZi*CIU$3n|}fE8R)mAi5vu
z$fVBp>PA~dDP32cl!Bp)$&lr%nG>Lu&IQ;Ol|TeQXPDs}e7;q3T8hGdN>S+~U+7`w
zwD8C2p0nA_*i3{iu~Bazhem62Gcej7lF}eFb99vX$Pb>tkd^R_<Quz&GszK~FPyP4
eth2sig<83q+~k*Xqc?&)EU55=H<eEsy!{Kz)w7NO

delta 399
zcmYL_y-EW?6ou!`Y<4F<yDl3<BZwGL*nmHXorQ(gTEr?~lgtFS$S%x|B4Mr6(jrbN
zfuyk3yn&A)X?+l#n?eWX<K8ppo(uD~^i>Tq->(pRHnLf_%SM3-j%+7M2L$O*Q5(Il
zMbhn4Q4!Tgr{f9QCb2*JJ^>h-E&2>#X0&zY*r8K<^Fs?wCNL%Uw4f6zpnz90rc(f7
zduDZ}oq`G4AeO8_9x%~4A2!WCYaT1G0jg>dmlVaihVU)syf1a{I!mR(b+My3s;-u~
zPJ{~0m~HPwR?1Q55CVsY4(pfpy)D&k(vy4rBo!B_G*6|EtN&n@Yo(U$kXpq=j)_{{
z>ABm>27^Sa6_i<$>X<E-E_^D)3GWYOG`UHdOQjp;#oYyNKHXMWM+YV-hFCX0?q-0W
P&PfG0<K@UR2j0yuLc3MD

diff --git a/MVC/app/templates/test/search.html b/MVC/app/templates/test/search.html
new file mode 100644
index 0000000..4e1422f
--- /dev/null
+++ b/MVC/app/templates/test/search.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>First MVC</title>
+    </head>
+
+    <body>        
+        <form id="contact" method="get">
+            <input type="text" name="testtext" placeholder="text" required>
+    
+            <input type="submit" value="Send">
+        </form>
+        {% if test %}
+            <p> {{test.testid}} {{test.testtext}}</p>
+        {% endif %}
+    </body>
+</html>
\ No newline at end of file
diff --git a/MVC/injectTest.py b/MVC/injectTest.py
new file mode 100644
index 0000000..0609a7b
--- /dev/null
+++ b/MVC/injectTest.py
@@ -0,0 +1,10 @@
+import psycopg2
+
+
+conn = psycopg2.connect(dbname='app', user='app', password='1234', host='127.0.0.1', port='5435')
+
+cur = conn.cursor()
+
+cur.execute(f"SELECT * FROM test WHERE testtext = 'asdf'; SELECT * FROM accounttransfer WHERE transferid = 2; --'")
+
+print(cur.fetchall())
\ No newline at end of file

From d89f174d9df8a0d1f999b21571c3d5a33cf03c82 Mon Sep 17 00:00:00 2001
From: CrenierAmaury <amaurycrenier@gmail.com>
Date: Wed, 22 Jun 2022 11:23:32 +0200
Subject: [PATCH 5/7] base without secu

---
 .../models/__pycache__/contact.cpython-38.pyc | Bin 603 -> 603 bytes
 .../__pycache__/contactService.cpython-38.pyc | Bin 1656 -> 1676 bytes
 .../Contacts/app/services/contactService.py   |   6 +++---
 .../Amaury/Contacts/app/templates/page.html   |   5 ++++-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/Exercices/Amaury/Contacts/app/models/__pycache__/contact.cpython-38.pyc b/Exercices/Amaury/Contacts/app/models/__pycache__/contact.cpython-38.pyc
index c9534b8de10e1b4ef92588868cd0e297dbc98246..b01a403ac5f787c4dcb5eba0f0b834d7750341c4 100644
GIT binary patch
delta 19
Zcmcc3a+`%Kl$V!_0SFxKZ{!MO0st?!1aANU

delta 19
Zcmcc3a+`%Kl$V!_0SNY=+{hKk1OPHa1lRxo

diff --git a/Exercices/Amaury/Contacts/app/services/__pycache__/contactService.cpython-38.pyc b/Exercices/Amaury/Contacts/app/services/__pycache__/contactService.cpython-38.pyc
index 93e51cf2019ddb834b6bd7f06cba115183712f32..df2a8f75830ec27c427b62af2ab7ca3da424467f 100644
GIT binary patch
delta 201
zcmeyt)5FUb%FD~e00dt5HzmoiY~-_HspkN4oq@PG0Z5cEEMQ#7P|H-qw16pvv4pvX
zF^eUOwHd-<gR|J-EDjJWjb$MdBS<gjLIxlW*OkH~4&i}yiZcW=Xfpd%1$z1gy9R|Q
zc>0C-D<n@o%wj5}TCAghz?#1p6(+G3^YQ>4#K6eG#Kx%gpJj3lYbc}A<V&o}0G4?z
Avj6}9

delta 188
zcmeC-{lUW*%FD~e00iI8Z%TU0yphj_rJfbYbq3<%C?HY7uz+zPLoHJc(*mXx#uDZl
z#w?aB)@DX=h7=}o1~8uujn59@gXK7&a?Iik3mF+frg1K0U}Q*P2xib^@vCz3^b2+k
z3Q_R%3-MP-&d)1JOfH#xo<*Odib+SIib>OYvH)u_CkN0S42&F1Zj&dlhB7Kne#W{C
E0Dm7Ud;kCd

diff --git a/Exercices/Amaury/Contacts/app/services/contactService.py b/Exercices/Amaury/Contacts/app/services/contactService.py
index 4c5a33d..a4564c1 100644
--- a/Exercices/Amaury/Contacts/app/services/contactService.py
+++ b/Exercices/Amaury/Contacts/app/services/contactService.py
@@ -26,8 +26,8 @@ def findOne(self, id):
     def insert(self, data: ContactForm):
         cur = conn.cursor()
 
-        cur.execute('INSERT INTO contacts(firstname, lastname, email, password) VALUES(' + str(data.firstname.data) + ', ' + str(data.lastname.data) + ', ' + str(data.email.data) + str(data.password.data) + ');')
-        
+        cur.execute("INSERT INTO contacts(firstname, lastname, email, password) VALUES(%s, %s, %s, %s)",
+            (str(data.firstname.data), str(data.lastname.data), str(data.email.data), str(data.password.data)))
         conn.commit()
 
-        return None
\ No newline at end of file
+        return str(data.firstname.data) + ' ' + str(data.lastname.data)
\ No newline at end of file
diff --git a/Exercices/Amaury/Contacts/app/templates/page.html b/Exercices/Amaury/Contacts/app/templates/page.html
index 2cd0895..e6a3f86 100644
--- a/Exercices/Amaury/Contacts/app/templates/page.html
+++ b/Exercices/Amaury/Contacts/app/templates/page.html
@@ -16,9 +16,12 @@ <h1>Subscribe:</h1>
             <input type="submit" value="Send">
         </form>
         <p>
+        {% if data %}
+            New contact added: {{ data }}
+        {% endif %}
         {% if datas %}
             {% for data in datas %}
-                Identity: {{ data.firstname }} {{ data.lastname }} | Contact: {{ data.email }}
+                Identity: {{ data.firstname }} {{ data.lastname }} | Contact: {{ data.email }} <br>
             {% endfor %}
         {% endif %}
         {% if errors %}

From e72de4dff50e206c58ac9c6c080cd5c68382e40b Mon Sep 17 00:00:00 2001
From: CrenierAmaury <amaurycrenier@gmail.com>
Date: Wed, 22 Jun 2022 12:00:04 +0200
Subject: [PATCH 6/7] sql injection bloqued on insert

---
 .../__pycache__/contactService.cpython-38.pyc | Bin 1676 -> 1361 bytes
 .../Contacts/app/services/contactService.py   |   8 --------
 2 files changed, 8 deletions(-)

diff --git a/Exercices/Amaury/Contacts/app/services/__pycache__/contactService.cpython-38.pyc b/Exercices/Amaury/Contacts/app/services/__pycache__/contactService.cpython-38.pyc
index df2a8f75830ec27c427b62af2ab7ca3da424467f..ebfdc94b54f7ffcd49d18afd0a2bc1ea7b2bea4a 100644
GIT binary patch
delta 108
zcmeC-y~xEE%FD~e00bYOZ%Wc;p2#<o(O}{VMUhn26!tlcDI6)BEi6%NDU87knp_*7
z$}w#=Vv%R$xW$&7pPQRmGC7P@gHdR5J*y5Q`{XsO`fSWVlZxafKVwzoVgoWc82Okv
KI429URRRD6ff>30

delta 432
zcmXYt&r1S96vyYy&bs4|-NMMQq*hODL|udEBu11eXc2g;ot5^W!nj0<;USM*WKU6n
z-nv$QNw*N9|D!Iw*?jQ*ykXvZ^WK|}#Jy>qnr4Ea9e%%E<k-l1fSu7xJ|_&phoqr<
zF%f?Pkr2rtYZwCR#7Vt=t<r%@Rn^QGdIMENbt{N~jA24<X`ha%fId7DL7%k=0Kpp#
zBN}F~2>}x5eNAXtf@Bf(h_Q%9mfY#sl2>|#dZ}D0p4c1qeyw_Jhh@qK_Sr$HR<eCz
z@7X`FD*-#pq(Vx;RIm_EOsZ++oWeX}%9~!`UUu5vH0E|%EkBTI1&2wlqSP01LFFzg
zsKx#fS3#rcw?(z>rHO;fMt=t!(kM=QnPR6MoV!8YlUKg$ZOwAuf9V?NGK=+Lfvv-G
mc*Hh=hu3U7xuTxe6bfNpU&=@w&q`f23kOT%an8d}cJl`YkX1qe

diff --git a/Exercices/Amaury/Contacts/app/services/contactService.py b/Exercices/Amaury/Contacts/app/services/contactService.py
index a4564c1..cf36bb0 100644
--- a/Exercices/Amaury/Contacts/app/services/contactService.py
+++ b/Exercices/Amaury/Contacts/app/services/contactService.py
@@ -15,14 +15,6 @@ def findAll(self):
 
         return datas
 
-    def findOne(self, id):
-        cur = conn.cursor()
-        cur.execute(f"SELECT * FROM contacts WHERE id = {id};")
-        data = cur.fetchone()
-        conn.commit()
-
-        return Contact(data[0], data[1], data[2], data[3], data[4])
-
     def insert(self, data: ContactForm):
         cur = conn.cursor()
 

From dbdc401b53a570950a192ecfd79ac61be59a60ee Mon Sep 17 00:00:00 2001
From: CrenierAmaury <amaurycrenier@gmail.com>
Date: Wed, 22 Jun 2022 12:06:35 +0200
Subject: [PATCH 7/7] add sql script for app db

---
 Exercices/Amaury/Contacts/app.sql | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 Exercices/Amaury/Contacts/app.sql

diff --git a/Exercices/Amaury/Contacts/app.sql b/Exercices/Amaury/Contacts/app.sql
new file mode 100644
index 0000000..c575420
--- /dev/null
+++ b/Exercices/Amaury/Contacts/app.sql
@@ -0,0 +1,31 @@
+-- Database: app
+
+-- DROP DATABASE IF EXISTS app;
+
+CREATE DATABASE app
+    WITH
+    OWNER = "user"
+    ENCODING = 'UTF8'
+    LC_COLLATE = 'en_US.utf8'
+    LC_CTYPE = 'en_US.utf8'
+    TABLESPACE = pg_default
+    CONNECTION LIMIT = -1;
+
+-- Table: public.contacts
+
+-- DROP TABLE IF EXISTS public.contacts;
+
+CREATE TABLE IF NOT EXISTS public.contacts
+(
+    id integer NOT NULL DEFAULT nextval('contacts_id_seq'::regclass),
+    firstname character varying(30) COLLATE pg_catalog."default",
+    lastname character varying(30) COLLATE pg_catalog."default",
+    email character varying(45) COLLATE pg_catalog."default",
+    password character varying(100) COLLATE pg_catalog."default",
+    CONSTRAINT contacts_pkey PRIMARY KEY (id)
+)
+
+TABLESPACE pg_default;
+
+ALTER TABLE IF EXISTS public.contacts
+    OWNER to "user";
\ No newline at end of file