Gonçalo Valério

Month: June 2018

  • Django Friday Tips: Links that maintain the current query params

    Basically when you are building a simple page that displays a list of items that contain a few filters you might want to maintain them while navigating, for example while browser through the pages of results.

    Nowadays many of this kind of pages are rendered client-side using libraries such as vue and react, so this doesn’t pose much of a problem since the state is easily managed and requests are generated according to that state.

    But what if you are building a simple page/website using traditional server-side rendered pages (that for many purposes is totally appropriate)? Generating the pagination this way while maintaining the current selected filters (and other query params) might give you more work and trouble than it should.

    So today I’m going to present you a quick solution in the form of a template tag that can help you easily handle that situation. With a quick search on the Internet you will almost for sure find the following answer:

    @register.simple_tag
def url_replace(request, field, value):
    dict_ = request.GET.copy()
    dict_[field] = value
    return dict_.urlencode()

    Which is great and work for almost scenario that comes to mind, but I think it can be improved a little bit, so like one of lower ranked answers suggests, we can change it to handle more than one query parameter while maintaining the others:

    @register.simple_tag(takes_context=True)
def updated_params(context, **kwargs):
    dict_ = context['request'].GET.copy()
    for k, v in kwargs.items():
        dict_[k] = v
    return dict_.urlencode()

    As you can see, with takes_context we no longer have to repeatedly pass the request object to the template tag and we can give it any number of parameters.

    The main difference for the suggestion on “Stack Overflow” it that this version allows for repeating query params, because we don’t convert the QueryDict to a dict.  Now you just need to use it in your templates like this:

    https://example.ovalerio.net?{% updated_params page=2 something='else' %}

  • Looking for security issues on your python projects

    In today’s post I will introduce a few open-source tools, that can help you improve the security of any of your python projects and detect possible vulnerabilities early on.

    These tools are quite well known in the python community and used together will provide you with great feedback about common issues and pitfalls.

    Safety and Piprot

    As I discussed some time ago on a post about managing dependencies and the importance of checking them for known issues, in python there is a tool that compares the items of your requirements.txt with a database of known vulnerable versions. It is called safety (repository)  and can be used like this:

    safety check --full-report -r requirements.txt

    If you already use pipenv safety is already incorporated and can be used by running: pipenv check (more info here).

    Since the older the dependencies are, the higher the probability of a certain package containing bugs and issues, another great tool that can help you with this is piprot (repository).

    It will check all items on your requirements.txt and tell you how outdated they are.

    Bandit

    The next tool in the line is bandit, which is a static analyzer for python built by the Open Stack Security Project, it checks your codebase for common security problems and programming  mistakes that might compromise your application.

    It will find cases of hardcoded passwords, bad SSL defaults, usage of eval, weak ciphers, different “injection” possibilities, etc.

    It doesn’t require much configuration and you can easily add it to your project. You can find more on the official repository.

    Python Taint

    This last one only applies if you are building a web application and requires a little bit more effort to integrate in your project (at its current state).

    Python Taint (pyt) is a static analyzer that tries to find spots were your code might be vulnerable to common types of problems that affect websites and web apps, such as SQL injection, cross site scripting (XSS), etc.

    The repository can be found here.

    If you are using Django, after using pyt you might also want to run the built in manage.py check command, (as discussed in a previous post) to verify some specific configurations of the framework present on your project.

     

  • Finding blockchain challenges to learn and practice

    With “Blockchain” technologies gaining a certain momentum in the last few years, we have witnessed a spread of different implementations with many variations in several aspects, even tough they are  built over the same principals.

    This field is not easy to get started with and after taking the time to learn one approach, lets say “smart contract development in ethereum”, there might be less motivation to explore other technologies and networks.

    An approach that is being used by the proponents of these networks, is to organize challenges and competitions to try to call the attention of other developers. With these competitions you can learn, explore, solve certain problems and in the end even win some reward (in the form of cryptocurrency/tokens). Most of these challenges happen online and you don’t even have to leave the comfort of your home.

    For those interested, the most difficult part is finding the currently open challenges and competitions, so last week I put together a bare-bones page (plus RSS feed and calendar) aggregating the challenges that I find on the web.

    You can access the page in the following URL: https://blockchain-challenges.ovalerio.net

    I will try to keep it updated. In case you find it useful and discover any unlisted challenge, please submit it there, so it can be added to the list.

    Note 22/04/2020: Given the website was no longer updated or maintained, I took it of the air.