SST Introduction
21 jan. 2013Tags: Python
This 2 hour lecture we got an introduction on why software secutiry is important (for the n-th time) and we assigned topics.
The most important part I got from the "motivation" lecture is how software security can be defined. Examples mentioned was the latest Java vulnerability affecting everyone using the browser plugin. Attackers break applications, not cryptoalgorithms (OWASP top 10), an article from "Dagbladet" of the Oslo water system having a password of "0-0-0-0", the airline Alitalia having a coupon to get 25% discount with a Japanese code giving a fixed amount instead of a percentage, attacking mobile smart phones to get into the 2nd factor authentication in online banking, hacking slaughter in Warcraft and the WhatsApp trouble.
During the assignment of topics, we performed several draws when more than one person wanted the same topic. I created this python program to assign topics automatically using a predefined priority list.
# -*- coding: utf-8 -*-"""
Usage:"topic" is assumed to be a (positive) integer
There must be equal to or more topics than wishes
Topics with lower numbers are prioritized when randomly selectingList of student wishes ("students") in the format:
{"name": "<student-name>", "priority": [<int>, <int>, ... <int>]},run: "python draw.py"
"""
import random
num_topics = 12
wishes = [
{"name": "Per", "priority": [2, 5, 8]},
{"name": "Ole", "priority": [3, 5, 2]},
{"name": "Hanna", "priority": [2, 8, 6, 7]},
{"name": "Ida", "priority": [2, 1, 7]},
{"name": "Odin", "priority": [3, 5, 2]},
{"name": "Trude", "priority": [5, 2, 1, 6, 8]},
{"name": "Kine", "priority": [5, 8, 6, 7]},
{"name": "Petter", "priority": [5, 1, 3]},
]assignments = []
topics = []
topics.extend(range(1, num_topics + 1))def random_int(first, last):
# return an integer including first and last
return random.randint(first, last)def select_student(students):
number_students = len(students)
selected_student = random_int(1, number_students) - 1
return (students[selected_student])["name"]def clean_up(student_name, topic):
# remove student from priority list
for s in wishes:
if s["name"] == student_name:
wishes.remove(s)# remove priorities no longer available
# a new loop is necessary because order is changed when removing an item
for s in wishes:
priorities = s["priority"]
stripped_priorities = [x for x in priorities if x != topic]
s["priority"] = stripped_prioritiesfor s in wishes:
print("%s: %s") % (s["name"], s["priority"])# remove available topics
topics.remove(topic)def assign_topic(student_name, topic):
assignments.append({"student": student_name, "topic": topic})
print ("**** %s got %s") % (student_name, topic)def priorities_left(students):
# find the frequency of wishes, using the highest priority
# return list of students and what topic they compete on
tmp = {}
for s in students:
try:
priority = s["priority"][0]
except:
priority = 0
if priority:
try:
tmp[priority] += 1
except:
tmp[priority] = 1
if tmp:
topic = (sorted(tmp.items(), key=lambda x: x[1])[0])[0]
tmp = []
for s in students:
try:
priority = s["priority"][0]
if priority == topic:
tmp.append(s)
except:
continuereturn [tmp, topic]
else:
return 0# loop trough all priorities by students
print "\nOriginal wishes:"
for s in wishes:
print("%s: %s") % (s["name"], s["priority"])
print "\n"selection = priorities_left(wishes)
while selection:
student_name = select_student(selection[0])
topic = selection[1]# add student to the assigned list
assign_topic(student_name, topic)# -- clean up --
clean_up(student_name, topic)# done, select next priority group
selection = priorities_left(wishes)# randomly assign the remaining
print("\nNo more priorities, randomly assigning the rest")
print("Topics left: %s\n") % topicswhile wishes:
student = select_student(wishes)
topic = topics[0]
assign_topic(student, topic)
clean_up(student, topic)print("\n\n####### Results #######")
for a in assignments:
print ("%s got subject %s") % (a["student"], a["topic"])
print("\n")