Hacking The Fender File Formatting Confusion

Hi, I am working on the Hacking The Fender exercise, and I am a bit confused about what step 10 is asking us to do. It seems like the dev in the associated video had the same issue but simply ran over it.

When we write the compromised users file the way that the exercise is worded, we simply create one long string of all of the usernames concatenated together without any spaces to help us tell one username from another.

The file that is created by the dev in the video is

jean49haydenashleymichaelastephensdenisephillipsandrew24kaylaabbotttmartinezmholdenrandygilbertwatsonlouismdavispatrickpricekgriffithhannasarahxaviermartinhrodriguezerodriguezdanielleclarktimothy26elizabeth19

This does not look like what is actually desired. We should want one line per username.

Should a step be added to add a ‘\n’ after each username, or is this username blob the desired output?

Thanks

2 Likes

I’m not sure if it directly affects the lesson regardless of the way you do it but it’s probably worth remembering this one. Depending on how you see it the .writelines method could be considered a little odd since it accepts an iterable but offers no method of separating the items from this iterable. You’ll need to add them in the iterable itself or write line by line and add it that way (some of the standard modules for this sort of thing are much nicer in my opinion).

As for whether the ‘blob’ is desired I’m afraid I don’t know. If you’re happy with how the code operates I’d consider that a win.

Docs on the method-
https://docs.python.org/3.8/library/io.html#io.IOBase.writelines
2.7-
https://docs.python.org/2.7/library/io.html#io.IOBase.writelines

1 Like

I doubt the blob is useful. An interesting question is what you need the username variables to be used for. What type is best to hold all these different usernames: list, dictionaries, tuples, something else? (This might be beyond the scope of the exercise, but important to think about)

1 Like

When you say “hold the data” are you referring to the deliverable (the file) or how we would hold the data for further use if we wanted to do more than just write the data and move on?

If we arent talking about the file, I would imagine a dict is good for checking for existence of any given username as being compromised. A list would be good for ordering/sorting the names. Tuples and dicts would be good for doing some sort of lookups I would imagine.

Not trying to get anything done with the above list, just checking if my thoughts on what data type is good for what purpose are accurate.

1 Like

Your point about writelines() being weird makes sense, though I guess it could also just be thought of as being super literal - “write what I tell you to write, nothing more, nothing less”.

It is also a bit sad that because it does not add a newline after each iterable that it breaks the symmetry of readlines creating a list with one item per line. But I’m sure there is a well thought out reason for that.

1 Like

Yes. For simple exercises lists are great to get one’s bearings. But like you say, security quickly becomes an issue. On slightly deeper applications it’s going to be possibly held in a database. Which is why its great frameworks like flask offers good extensions for security.

Dictionaries in general would be good, but maybe if it’s a table (that will get used in sql or pandas) lists might be easier.

(I wasn’t trying to go that deep though, haha!)