From 8faa4c5ad95dffadbeb5773aa5276084fad46453 Mon Sep 17 00:00:00 2001 From: Thomas Naber Date: Fri, 19 Apr 2024 23:04:27 -0400 Subject: [PATCH] 1. I often use my google home to add items to my grocery list. This probably will send some form of get request to google keep, providing data indicating that it will be to my account, then sends a post request to add the item I asked for to the specific note with my shopping list on it. 2. Yes. It makes me think about how knowing HTTP and how to code with it can be used to exploit weaknesses in a site by people who want to gain access without authorization to do so. --- .DS_Store | Bin 0 -> 6148 bytes __pycache__/api.cpython-311.pyc | Bin 0 -> 3908 bytes api.py | 25 +++++++++++++++++++++---- notes.md | 16 ++++++++++++++++ 4 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 .DS_Store create mode 100644 __pycache__/api.cpython-311.pyc diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..4581e91289dcd83cc65041e035a7ba2d7e1efa23 GIT binary patch literal 6148 zcmeHKL2uJA6n^f?mQsOw0BIMbNL;HDHiVdV31u9(5(Ec8A!#BOmc~(&QlY9+&hTTn z@=N$HoZx%5C)RX5f*A6X?9cXlUu=Jg?U;zfc%IxR8W53##Mr%#>=I)?rw!|v7Iq5t zj0r_Fp;JmJ+=#XfRspNPzor1M-9A=pNF{y3+WozL!)Lji#JP+Sf$gF59yt1`Oif}7 zD_&HkVSS6sJgaKY`z|^=-D|sh&YshE-Ug>~5!6vVug1~rHP>E9naAhlD1Moxi*Ru3 zi7e_UE7F-FWJ!vUH?OiHk&CgM7fGeKfp$1OrxydlwnNcsTwM2)USZAy8I`=iB0)!LO+z4wrnULa;3!OBQ&U_QKTdl7l=sd!I#zIog@yn*UYRj zwj3#{P~`)MwnBndNX-GIAbQ})AJB7USC(q6gjA{G&|6SAaq4@s>-9%MiD++~-F-VV zZ{F;i_kQ!<>`(jm_X<#+kA1lGOHdI0#746yUS)d$Dt84_FvYZxz_*kZGg3kl1xff^ zFax&)Qzn7UfFL}E$1Mq&^AzBzn-Xx~@i>YpE()=pzp!~RCOT?z#Y!bf(&O`&=ry*7 zpmJ9rLP9i!gk*||fGL4=zzNPQT$rQOqNV8>EtzMwmC*>cwE{VjPHTBaw89F>YRt+I zdnJ`!)|M^8v;wuDT1eR|n!Q3anB`(jc7nQ|H8MokonBqfSY|$r^*&v{o;T7Sr$^UK zE2-;`gl*LB)olC;Bb{=c>({?rRR*-B4$N-EF8_LPAFOBotEys+!=A zM31Qg4VpbbLuL?+8FE6Gxl&+^(uD9gB7)cQPh^et_wwb#mZ_qYAsVE z!!+B{Qdyf&BWb(#G&FY_ZIRF$geHBLgKAhuaBN4oo@KEt=umTuDS#FtVxbo-3Zi7S12Bl8yr$7Uc%idWU`|~x4f%SHH~Zef(ffg{3yqPZ75R351ukyAWD`}u z6=Zn0Lcc-<&@HZsb{l`yua|{Ye<5YD1fw^B_t@vJNo8pjXX1s9l%)-vdq>%Xp2vQ# zDIN0bi-L{L^~xUQ118EavVlDJs#Up z`4(c2R3}Ku^*muVa{|l6=1y=V>zX64GAqjg8w=1u(AiO_mA45Bu$+};grPCCrnCA% zT8D2mabG&r@>v%PXJc1@tP6h(3|EwA;pm<78}ftxC&y~qC$;coJv>Smfy9xw>aEzV%W8PG7M`t#Xa9wp{g@6P^xZrFy*u+m zS=eYF4FYcIjPjk4c@2RgaiBEMRv^@JJ7gOCDlcxPDen#xUz$eB@&<099i>wb2rm7t zA$yZ~15jq#GmPs()(sLkLYSCrvKob&l}Q&h>ct!@OK1#K;sAogudEuFR}e(8AjK$6 z-$#Oxh8{$M$AIoY;~|ZM459LRqz!VUaV?sFi*^C7ojDGZv710V+&zno+&lAoH2zyO zUW=ZrM^Dxwr|OYYl@I{(n__ivbO#{+leqJL%2tPGOcPU8mK40x3Z5`q`3jCIz=E_C zBYs6EQrEx{*4L2UXY;@5azB!pa_40m#U zF;^kf1>C~V45}Ll_y%`Eb2pPDXQL-EqPa?UF6344y!$uy89fa{FyykYfougtQQYbi t#DVpGyc)uxYUjNri{iWp3*41fiZ3|lWjkM;5Mfn2$qVdzxeJ4@?{8S{Lf!xX literal 0 HcmV?d00001 diff --git a/api.py b/api.py index 35759bf..5408de0 100644 --- a/api.py +++ b/api.py @@ -3,7 +3,7 @@ # By Chris Proctor # The Riddle API takes care of connecting to the server. -import requests +import requests from random import choice class APIError(Exception): @@ -36,16 +36,33 @@ class RiddleAPI: def get_riddle(self, riddle_id): "Fetches a single riddle from the server" route = "/show" - raise NotImplementedError("The API doesn't support `get_riddle` yet. Can you add it?") + params = {'id': riddle_id} + response = requests.get(self.server_url + route,json=params) + if response.ok: + return response.json() + else: + raise APIError(response.json()['errors']) def get_random_riddle(self): "Fetches all riddles from the server and then randomly returns one" - raise NotImplementedError("The API doesn't support `get_random_riddle` yet. Can you add it?") + route = "/show" + riddle_id = choice(self.get_all_riddles()) + params = {'id':riddle_id} + response = requests.get(self.server_url + route, jason=params) + if response.ok: + return response.json() + else: + raise APIError(response.json()['errors']) def add_riddle(self, question, answer): "Adds a new riddle to the server" route = "/new" - raise NotImplementedError("The API doesn't support `add_riddle` yet. Can you add it?") + params = {'question': question, 'answer': answer} + response = requests.post(self.server_url + route,json=params) + if response.ok: + return response.json() + else: + raise APIError(response.json()['errors']) diff --git a/notes.md b/notes.md index 3a338be..7d7ec26 100644 --- a/notes.md +++ b/notes.md @@ -7,7 +7,23 @@ about the meaning of the line, and some situation in which it might be useful. You are welcome to research the meanings of these headers, but it's also fine to speculate for now. +Line 2: This is a get request, which is asking the server that hosts the site to send the code for the entire page. I think that's what the all part means. +Line 3: This line is accepting something from the website. Not sure what though. +Line 4: This seems like it's accepting maybe the public key for the encryption allowing it to decrypt the website securely? +Line 5: This seems like it means to keep the webpage loaded on the computer which, in order to do that keeps the connection there. +Line 6: This is the server which is hosting the website. + ## Checkpoint 2 The goal of this checkpoint is to see what status codes you can get back from the riddle server. Paste below several `http` requests and the status codes they return. + +http -v post https://buffalochoralarts.org/singers +Returned a 404 error since this page does not exist on the buffalo choral arts society webpage. + +http -v get https://buffalochoralarts.org/singers +Returned the error 301: Moved permanently. I wasn't expecting this because I didn't know this page ever existed! + +http -v get https://riddles.makingwithcode.org/new question="What have I got in my pocket?" answer="My precious" +This returned a 405 error because the it was a get request, but it provided information as if it were posting. +