Category Archives: General

Catchall category

Loki: A Python Infrastructure Protocol Suite

It’s been a while since I last posted, so I’m going back in time to write briefly about an awesome talk I attended at Black Hat 2010 in Las Vegas (last year, duh).

The toolkit is (poorly) named Loki. There are so many packages out there named Loki already, but I get where they were going with it.

It was written by three brilliant German fellows: Daniel Mende, Rene Graf and Enno Rey of ERNW. The primary focus is manipulating and exploiting infrastructure (layer 2/3) protocols, but of course these are all based on the entire protocol stack, so they have laid a nice framework that is way easier to use than other packet manipulation modules out there like Scapy, albeit more specialized. As of right now it has support for BGP, OSPF, ARP, ISIS, RIP, HSRP (v1 and v2), VRRP (v2 and v3), BFD, LDP, and MPLS. And it can spoof all of them!

Loki itself is pure Python, although it does have some system level dependencies. It centers mostly around loki.py, which is a GUI application that is its bread and butter. This app is effectively a router emulator that allows you to establish peerings and execute brute force attacks. For example all you need is a single BGP packet from the wire and you can then perform your brute-force agains the authentication key offline.

In some cases for protocols with no authentication such as VRRP–which is commonly used for providing redundant default gateways for Internet egress–you can push out another peer as a default gateway and take over that role with mind-blowing ease.

If you poke around you’ll see that they’ve encapsulated each protocol into its own module making almost of all of it reusable outside of the GUI. Additionally if you go to the main page of their site and scroll down to Tools, you’ll see a few other packages they’ve released.

For a more technical read, check out a recent blog post by Mike Poor.

Friday Cutions

Words ending with -cution are surprisingly similar!

allocution
noun
a formal speech giving advice or a warning.

elocution
noun
the skill of clear and expressive speech, esp. of distinct pronunciation and articulation.

electrocution
verb [ trans. ]
a formal “speech” giving “advice”, esp. of “distinct” lightning bolts.

I don’t think that last one means what I think it means.

Dynamically Determining the Variables for a Django Template

This is something that came up on StackOverflow, and I took the time to provide a very detailed answer. I haven’t posted in a while, and since I spent time on this answer, here it is verbatim. Enjoy!

Original Question

I’d like to be able to instantiate a template from a file (presumably using the django.template.loader.get_template(filename) ), and then determine the set of variables that should be defined in whatever context it is passed.

(snip)

I tried synack’s answer and found that (with the replacement of filterexpression.token by filterexpression.var, to get the actual name of the variable without tags and so on) it returned the variables that are defined locally in the template, but did not work for variables that are defined in the parent that it extends.

So for example, suppose I have templates in two files:

toyparent.html:

{%block base_results%}
Django is {{adjective}}
{%endblock base_results%}

toychild.html:

{% extends "toyparent.html" %}

{%block base_results%}
{{block.super}}
I {{verb}} it.
{%endblock base_results %}

And I load the child template:

>>> toy=django.template.loader.get_template('toychild.html')

This renders properly:

>>> toy.render(django.template.Context(dict(adjective='cool',verb='heart')))
u'\n    \nDjango is cool\n\n    I heart it.\n\n'

But I can’t get the two variables from it:

>>> v=toy.nodelist.get_nodes_by_type(VariableNode)
>>> for k in v: print k.filter_expression.var
...
block.super
verb

My Answer

You are able to visually inspect a template and observe the presence of any “Variable Node” objects in that template’s nodelist:

>>> from django.template import Template, Context
>>> t = Template("Django is {{ adjective }} and I {{ verb }} it.")
>>> t.nodelist
[<Text Node: 'Django is '>, <Variable Node: adjective>, <Text Node: ' and I '>, <Variable Node: verb>, <Text Node: ' it.'>]

These are of the type VariableNode, which is a class that can be directly imported for use in comparisons. Any Node instance has a get_nodes_by_type() method that can be called against a nodelist, which return all nodes of that type for the template. Example:

>>> from django.template import VariableNode
>>> varnodes = t.nodelist.get_nodes_by_type(VariableNode)
>>> varnodes
[<Variable Node: adjective>, <Variable Node: verb>]

So now you have a list of the variables for the template. This will need to be taken a step further to extract the actual name of each variable without peforming stupid string-slicing tricks on their repr names.

The variable name itself is stored in filter_expression.token for each VariableNode:

>>> varnodes[0].filter_expression.token
u'adjective'

And so a simple list comprehension gets us all of the variable names for the template:

>>> template_vars = [x.filter_expression.token for x in varnodes]
>>> template_vars
[u'adjective', u'verb']

So, not the simplest solution, but if there is a better way I don’t know about it.

Bonus: A function!!

from django.template import VariableNode
def get_template_vars(t):
   varnodes = t.nodelist.get_nodes_by_type(VariableNode)
   return [x.filter_expression.token for x in varnodes]

Ok, it’s not so complex after all!

Follow-up Edit: Getting variables from parent templates

(This follow-up is using the information from the updated question).

This is where it does actually get complex because the nodelist of the toy template is a single ExtendsNode (in this case).

>>> toy.nodelist
[<ExtendsNode: extends "mysite/toyparent.html">]

I would imagine that in larger templates there could be multiple ExtendsNode objects. Anyhow, if you inspect the ExtendsNode, and extract the parent template from it, you are able to treat the parent the same as my original example:

>>> enode = toy.nodelist[0]
>>> enode.parent_name
u'mysite/toyparent.html'
>>> parent = enode.get_parent(enode.parent_name)
>>> parent
<django.template.Template object at 0x101c43790>
>>> parent.nodelist.get_nodes_by_type(VariableNode)
[<Variable Node: adjective>]

And there is your adjective variable extracted from the parent template. To perform a test against an ExtendsNode you can import the class from django.template.loader_tags:

>>> from django.template.loader_tags import ExtendsNode
>>> ext = toy.nodelist.get_nodes_by_type(ExtendsNode)
>>> ext
[<ExtendsNode: extends "mysite/toyparent.html">]

So, you could do some tests against templates for the presence of an ExtendsNode and walk backwards to the parent template and individually get those variable names. However, this is starting to seem like a can of worms.

For example, if you were to do this:

>>> toy.nodelist.get_nodes_by_type((ExtendsNode, VariableNode))
[<ExtendsNode: extends "mysite/toyparent.html">, <Variable Node: block.super>, <Variable Node: verb>]

Now you’ve got the ExtendsNode and VariableNode objects and it just starts to get confusing. What do we do then? Do we attempt to ignore any block variables returned from such tests? I don’t know!!

In any case, this is the information you wanted, but I don’t think that this is a practical solution. I insist that there is still probably a better way. It might be worth looking into what you are trying to solve and see if there is another approach you can take.

Virginia Blows

That is all. Been here a week and while I’ve had fun, it feels like it’s been a month.

I miss my friends and my family that are in this area, but that’s still not enough for me to want to stay here for any meaningful length of time.  But hey, it’s been like 13 months since last time, so it’s not all bad.  I have a gracious host, fun coworkers, and also the internet.

But despite that, when I’m here it feels like I’m not living my own life. Maybe it has something to do with the fact that I couldn’t wait to leave when I moved away over two years ago, and now every time I come back that feeling quickly returns.

Blah… Whatever, bitches.

Actually, I think it’s your fault. Yes, you!

Here enjoy this: Someone ported mkdong to Perl. Not sure how I feel about that. Bittersweet?

Taking over the internet, one dong at a time.

Did Glenn Beck Rape and Murder a Young Girl in 1990?

That’s a good question.

I read an article on Ars Technica today posing the question of whether of registering domain names such as didglennbeckrapeandmurderayounggirlin1990.com in the name of parody or satire can be considered slander or defamation. To me the answer is clearly no, because the only way someone would register a domain like that in the first place is if you were a total douchebag. Of course whether or not someone is truly a douchebag would hardly hold up in court, and that is why I am not a lawyer.

But come on… We’re talking about Glenn Beck here, the dude who called Obama a racist.  He is one of the largest proponents of all of the unfounded idiocy and willful ignorance (two things I really can’t stand) driving the ridiculous frenzy of misinformation that you have to go out of your way to avoid lately, ranging from cries of “democracy” equating to “communism” and comparing Obama to Hitler.  facepalm

On one hand I frown on giving someone like him more publicity and–indirectly–more relevance.  But on the other hand, I just can’t pass up a perfectly good opportunity to keep this gag going strong as long as possible.

They’re poking fun at the fact that he makes these baseless statements and then says things like “prove me wrong”.  So the joke is now on him and he is being challenged to address allegations that he may or may not have raped and murdered a young girl in 1990.

Folks, the word is out.  Did he or did he not?  You decide!

Quaker’s Original Oatmeal Tastes Like Original Crap

I would so kill for some of this right now.

I would so kill for some of this right now.

Strolled into work today at zero-dog-thirty, which I think translates roughly to “seven-thirty-four” in human terms.

Waltzed into the kitchen to make myself a bowl of Maple & Brown Sugar flavored oatmeal only to discover in horror and shock and also awe that there was nothing but Original flavor left! The place where there is normally an even distribution of each flavor was clandestinely filled with Original flavor by someone who I’m sure is of ill repute.  As if I wouldn’t notice!

That’s when panic set in.

“Is there a plot against me?”

“Are they trying to get me to quit?!”

I checked all the cabinets, rifled thru the packets of Original and after doing that four or five times, concluded that if I was going to eat breakfast this was my only chance. So made myself the usual double helping thinking, “Ah, fuck it, how bad can it be?” How bad can it be indeed!

Please God, make it stop.

Please God, make it stop.

I proceeded to my desk, ate a big bite, and found that it’s like spooning mouthfuls of mushy, wet toilet paper into my face. Sustenance must prevail!!

No way can I do this. This shit sucks! Who eats this crap?! Because that’s what it is. Crap. I needs my maple & brown sugar!! But I’m so hungry… UGHHH…

This isn’t breakfast.  This is punishment!