Create Executable from Python Script using Pyinstaller

 PyInstaller works by reading your Python program, analysing all of the imports it makes, and bundling copies of those imports with your program.

PyInstaller reads in your program from its entry point. For instance, if your program’s entry point is myapp.py, you would run pyinstaller myapp.py to perform the analysis.

PyInstaller can detect and automatically package many common Python packages, like NumPy, but you might need to provide hints in some cases.

After analyzing your code and discovering all the libraries and modules it uses, PyInstaller then generates a 'spec file'.

 A Python script with the extension. spec, this file includes details about how your Python app needs to be packed up.

PyInstaller can be installed using following command.

pip install pyinstaller

Steps to create Executable App in python:

1)Create a python file and write some code and save the file with .py extension (Example:Hellow.py).

2)cd\ to the saved file location.

3) Use the following template to create executable:

pyinstaller --onefile Hellow.py

4)Run the command in CMD.After executing step3 from CMD,executable file will be created in the same location.

5)After step 4, few folders and files will be added by pyinstaller into your App folder.

6)Identify dist folder and cd into the folder.

7)Now you will see the Hello App executable in same location. 

Now you will be able to launch your application successfully.

Access Bitbucket using python

Bitbucket is a Git-based source code repository hosting service owned by Atlassian.

Bitbucket Server is a combination Git server and web interface product written in Java and built with Apache Maven.

It allows users to do basic Git operations  while controlling read and write access to the code. It also provides integration with other Atlassian tools.

Now a days for reporting and for ETL operations, demand for python is increasing.

Using Python request library we can access bitbucket.

Below is sample code snippet.

import requests

import json

import pandas as pd
import io
url = 'https://api.bitbucket.org/2.0/repositories/Abcd'
headers = {'Content-Type': 'application/json'}
USERNAME = 'xxxxxx'
PASSWORD = 'yyyyyy'
response = requests.get(url, auth=(USERNAME, PASSWORD), headers=headers)
if response.status_code != 200:
    print('Status:', response.status_code, 'Headers:', response.headers, 

'Error Response:', response.json())
    exit()

df = pd.read_json(io.StringIO(response.text))
# j = a.assigng().assigng()

dk = pd.json_normalize(df['values'])
dk.to_excel('Bitbucket_INC_Report.xlsx', sheet_name='SLA_Report', index='False')

JIRA Rest API using Python

The Jira REST API enables you to interact with Jira programmatically. Use this API 

to build apps, script interactions with Jira, or develop any other type of 

integration.

The URIs for resources have the following structure:

https:///rest/api/3/

There are so many libraries like JIRA,request to access the JIRA services.
  

In the below code snippet, i had used request library and to save the results used 

Pandas library.

Pandas in the best library to save the results to Excel workbook.

Pandas library can be installed using either PIP/PIP3/easy-install. Make sure you 

are having right SSL certificate's before install pandas in intranet.

pip install pandas  
  
Sample Code Snippet:
  
import requests
from requests.auth import HTTPBasicAuth
import json
import pandas as pd

pd.set_option('display.max_columns', 500)
# url = "https://ABCD.atlassian.net/rest/api/3/issuetype"
url = "https://ABCD.atlassian.net/rest/api/3/search"

auth = HTTPBasicAuth("xxxxxxx", "yyyyyyyyyyyyyy")

headers = {
    "Accept": "application/json"
}
query = {
    'jql': 'project = ABCD'
}

response = requests.request(
    "GET",
    url,
    headers=headers,
    params=query,
    auth=auth
)
resdata = json.dumps(json.loads(response.text))
# print(json.dumps(json.loads(response.text), sort_keys=True, indent=4, 

separators=(",", ": ")))

if response.status_code != 200:
    print('Status:', response.status_code, 'Headers:', response.headers,
          'Error Response:', response.json())
    exit()
else:
    print('Server Connected.Please wait.....')

#for fetching all sprints data
df = json.loads(resdata)
maxresults = df['maxResult']
print(df['total'])
writer = pd.ExcelWriter('Jira_issues.xlsx', engine='xlsxwriter')
dk.to_excel(writer, sheet_name='Jira_Issues', index=False)
writer.save()

Vulnerabilities in Python Applications

Below are the types of security vulnerabilities that Python developers should be concerned with:

SQL INJECTIONS (SQLI)

A malicious user controls the execution of SQL statements for an application at the backend database server. 

There are four sub-classes in SQLi:

• In-band SQL Injection / Classic SQLi
• Inferential / Blind SQL injection
• DBMS SQLi
• Compounded SQLi (Eg: Strom Worn)
• SQLi with inadequate authentication
• SQLi with DDoS attacks
• SQLi with DNS hijacking
• SQLi with XSS

CROSS SITE SCRIPTING (XSS)

In XSS, a malevolent user can trick any web application to steal stored cookies, saved passwords, and script code that served unsuspecting users of that application.

CROSS SITE REQUEST FORGERY (CSRF)

This security vulnerability occurs when a compromised website is forced to perform an action by another logged-in user like clicking on a button. Also, it includes the hacking or logging into of a website with others’ login credentials.

LDAP (LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL) INJECTIONS

This vulnerability occurs when a malicious user inserts/modifies LDAP statements that lead to speculations.

COMMAND INJECTIONS

Here, a malicious user executes OS commands on a web server by abusing it in order to insert their own commands to gain complete control over the server.

XPATHI

This occurs when a malevolent user intentionally passes data to a website. They can use that interaction to find out how the data is structured in XML, or they can access secured data that they can’t access normally.

Security Scanners

Python Taint (PYT) – Static Analysis Tool: This utility is used for identifying command injection, XSS, SQLi, interprocedural, path traversal HTTP attacks in Python web apps. Python Taint is based on the Control flow graphs, data flow analysis and fixed points that are theoretical foundations built using the Flask framework.

Tinfoil Security Website Scanner: Tinfoil is an affordable security scanner for Python & Django that helps find holes in web servers and applications and also tells you the ways to fix them.

Bandit – AST Based Static Analyzer: It’s an OpenStack security linter that identifies the common security risks in Python programming. It is distributed using pip. To install bandit from source, we can use the command python setup.py install after downloading the pypi source tarball. You can even access the reports from bandit.

Pyntch – Static Code Analyzer: Pyntch (PYthoN Type CHecker) helps in detecting runtime errors such as exceptions, not found attributes and variable type missmatchings. It supports Python 2.x currently. It won’t address style issues like Pychecker or Pyflakes, but it works pretty fast and efficient in scanning thousands of lines within a minute.

Spaghetti Security Scanner: Spaghetti an open-source web application security scanner built on Python version 2.7. It detects default files, misconfigurations, and insecure files, and it supports numerous frameworks including Django, CherryPy, CakePHP, and others. 

The tool is capable of finding attacks like admin panel, cookie security, credit card/email/private IP disclosures, SQL injections, ShellShock, Struts-shock, Apache ModStatus, Anonymous cipher, and others.

Rough Auditing Tools for Security (RATS): It’s a free tool that scans languages like C, C++, PHP, Perl and Python and emphasizes the errors that are related to security like TOC (Time of Check), TOU (Time of Use), Buffer overflows and Acunetix. Manual code introspection is still important, but this tool still greatly assists us.

PyDbgEng – Windows Debugging Engine’s Python Wrapper: It helps in debugging user mode, kernel mode, software and hardware breakpoints, etc. With the help of this PyDbgEbg, you can do fault injection, fuzzing of applications, and unpacking executables automatically.

Python-ptrace: It’s an opensource debugging tool that uses ptrace developed and written in Python. Here, ptrace works as an tracer that hands the system calls in Linux, BSD and Darwin.

vdb / vtrace – Debugger for Exploit Malware Analysis: Here, VDB refers to a dynamic debugging element; vtrace refers to a platform that’s used in debugging frameworks implemented in Python. Vdb utilizes vtrace.

Immunity Debugger – Python Penetration Testing Tool: It uses python scripts and supports Windows with Graphical user interface and command line debuggers.