catchupzone updated view

 

Catcup.zone (some html/js/php related work I am doing)

 

SQL injection flaw and how to fix it at DB itself

 

One simple example is 

Select * from Users where email = '$email' ;

Here $email could be substituted with an "OR" getting a positive result for the condition check.

$email could be ' OR '1'='1 (including the single quotes), making this a valid SQL Statement. 

However, In DB we could add a SQL Command template for the SQL statement, and if the template doesn't match then the SQL statement doesn't get executed. 

email_value = web_input;

db->connection(""" , '"", 5000);

db->set_statement (" Select * from Users where email = '"+ email_value +" ';");

db->set_valid_template( " select * from Users where email = '%'; "); 

// where % represents a value that is added dynamically. 

if( db->is_injected() ){

    //SQL injection detected

    //return error.

} else {

    //SQL injection not detected

    // continue on here ...

}

Instead of fixing this in a website (backend pages) this could be fixed in the DB parser level itself, making one of the security vulnerabilities fixed.

Or, something like this can be done.

db->check_sql( email_value ) 

//0 - not sql

//1 - partial sql statement

//2 - full sql statement

Both of these methods wouldn't require a db query to be done.

I had to put it out there

 

Power of 2 : Updated

 Here is the correct algorithm, basically it wasn't taking 1 as input properly.

#include <iostream>

#include <thread>

#include <chrono>

using namespace std;

uint64_t powerxxx(int x, int n) {

if (n <= 0) {

if (n == 0)

return 1;

else

    return 0;

}

int modval = n & 0x01;

if (modval == 1)

n--;

int count = (n >> 1);

int powertwo = x*x;

uint64_t power = 1;

while (count > 0)

{

power *= powertwo;

count--;

}

if (modval == 1)

power *= x;

return power;

}

int main()

{

auto start = std::chrono::system_clock::now();

uint64_t p = pow(3, 33);

auto end = std::chrono::system_clock::now();

std::chrono::duration<long double> diff = end - start;

std::cout << "power = " << p << ": " << diff.count() << " s\n";

start = std::chrono::system_clock::now();

p = powerxxx(3, 33);

end = std::chrono::system_clock::now();

diff = end - start;

std::cout <<"power = "<<p <<": " << diff.count() << " s\n";

return 0;

}

Power of 2 : :)

This is a new algorithm to calculate pow(x, n), where it calculates nth power of x. According to Chrono it is faster than the system pow(x,n).

#include <iostream>

#include <chrono>

using namespace std;

uint64_t powerxxx(int x, int n) {

int count  = 0;

int modval = n & 0x01;

if (modval == 1)

n = n - 1;

if (n == 0)

return 1;

else if (n < 0)

return 0;

count = (n >> 1);

int powertwo = x*x;

uint64_t power = 1;

while (count > 0)

{

power *= powertwo;

count--;

}

if (modval == 1)

power *= x;

return power;

}

int main()

{

auto start = std::chrono::system_clock::now();

uint64_t p = pow(3, 33);

auto end = std::chrono::system_clock::now();

std::chrono::duration<double> diff = end - start;

std::cout << "power = " << p << ": " << diff.count() << " s\n";

start = std::chrono::system_clock::now();

p = powerxxx(3, 33);

end = std::chrono::system_clock::now();

diff = end - start;

std::cout <<"power = "<<p <<": " << diff.count() << " s\n";

    return 0;

}

CodeDetective : A source code studying tool

Finally the alpha release of my source code studying tool is ready. Its called CodeDetective. This version is a pre-release so it could be buggy, as long as it doesn't crash i would say its good, also, its missing a lot of things at this time.  

Features:

1. It supports ctags, It also comes with ctags binary taken from the ctags website. In order to search tags, run "ctags -Rn" in the project folder and it should be able to read the ctags tags file to perform regexp search over tags.
2. It comes with find and grep functionality.
3. The default page is called study, where in if you open files and close them it records this information , also it records your bookmarks, find (also uses regexp) files searchs, findgrep searches and tag searches.
4. You can record Todo, Note and some small pieces of code for later references.
5. Its not an IDE, its a source code studying tool. Wouldn't recommend saving files using this.
6. It comes with fakevim editor that has been integrated with it. So, you can use vim commands(basic) after clicking on the editor itself.

Here is the url: https://github.com/r9al/CodeDetective/releases How to use:

1. Use the explorer tree to select the appropriate folder.
2. Click on "Set as Project Folder" in "Project" menu. (Open project is no longer relevant so no need to even click them)
3. Search away.
4. Once done save study and close project.