Security Patch

Added sha256 to the password system for added security
Add command to add API KEY environment variables to servers instead of manually configuring through code

.gitignore

@@ -0,0 +1,4 @@
+database/**
+**/__pycache__/**
+__pycache__/**
+API.API

account/main.py

@@ -3,6 +3,7 @@
 import time
 import random
 import streamlit as st
+from hashlib import sha256
 from sendgrid import SendGridAPIClient
 from sendgrid.helpers.mail import Mail
 from account.loader import account_database_loader
@@ -27,7 +28,7 @@ def send_email(subject, from_email, to_email, content):
         html_content=content)
 
     try:
-        sg = SendGridAPIClient('API_KEY')
+        sg = SendGridAPIClient(os.environ.get('SG_API_KEY'))
         response = sg.send(message)
         print(response.status_code)
         print(response.body)
@@ -36,18 +37,19 @@ def send_email(subject, from_email, to_email, content):
         print("Error sending email:", str(e))
 
 def add_user(email, username, password, confirm):
+    password = sha256(password.encode('utf-8')).hexdigest()
     cursor.execute('''INSERT INTO users (email, username, password, confirm) VALUES (?, ?, ?, ?)''', (email, username, password, confirm))
-    sys_log("Created User Account", "Username: " + username + " Email: " + email + " Password: " + password)
+    sys_log("Created User Account", "Username: " + username + " Email: " + email)
     conn.commit()
 
 def update_password(user_id, email, new_password):
     cursor.execute("UPDATE users SET password = ? WHERE id = ?", (new_password, user_id))
-    sys_log("Changed User Password", "Username: " + username + " User ID: " + str(user_id) + " Email: " + email + " Password: " + password)
+    sys_log("Changed User Password", "Username: " + username + " User ID: " + str(user_id) + " Email: " + email)
     conn.commit()
 
 def update_username(user_id, email, new_username):
     cursor.execute("UPDATE users SET username = ? WHERE id = ?", (new_username, user_id))
-    sys_log("Changed Username", "Username: " + username + " User ID: " + str(user_id) + " Email: " + email + " Password: " + password)
+    sys_log("Changed Username", "Username: " + username + " User ID: " + str(user_id) + " Email: " + email)
     conn.commit()
 
 def verify_email(email):

account/reliability.py

@@ -1,4 +1,8 @@
+from hashlib import sha256
+
 def get_user_reliability(cursor, username, password):
+    password = sha256(password.encode('utf-8')).hexdigest()
+
     cursor.execute('SELECT password FROM users WHERE username = ?', (username,))
     row = cursor.fetchone()
 

adpn.py

@@ -203,25 +203,34 @@ def change_reliability_by_user_id(user_id, new_reliability):
     if command == "exit":
         exit()
     elif command == "start":
-        yn = input('Do you want to start the server including: Search, Account [y/n]: ')
-        if (yn != 'n'):
-                Initializer_Database()
-                Initializer_Virtual_Table()
-
-                vt_conn = database_loader(0)
-                Update_Virtual_Table(vt_conn)
-                vt_conn.close()
-                vt_conn = database_loader(1)
-                Update_Virtual_Table(vt_conn)
-                vt_conn.close()
-                vt_conn = database_loader(2)
-                Update_Virtual_Table(vt_conn)
-                vt_conn.close()
-
-                subprocess.call("start server1", shell=True)
-                subprocess.call("start server2", shell=True)
-                print('The server has been started successfully.')
-                sys_log('Start Server', str(datetime.now().strftime('%Y-%m-%d %H:%M:%S')))
+        if os.environ.get('SG_API_KEY') is None or os.environ.get('GSB_API_KEY') is None:
+            print('The required API KEY to start the servers was not found, please use the "api-config" command to set the required environment API KEY variables.')
+        else:
+            yn = input('Do you want to start the server including: Search, Account [y/n]: ')
+            if (yn != 'n'):
+                    Initializer_Database()
+                    Initializer_Virtual_Table()
+
+                    vt_conn = database_loader(0)
+                    Update_Virtual_Table(vt_conn)
+                    vt_conn.close()
+                    vt_conn = database_loader(1)
+                    Update_Virtual_Table(vt_conn)
+                    vt_conn.close()
+                    vt_conn = database_loader(2)
+                    Update_Virtual_Table(vt_conn)
+                    vt_conn.close()
+
+                    subprocess.call("start server1", shell=True)
+                    subprocess.call("start server2", shell=True)
+                    print('The server has been started successfully.')
+                    sys_log('Start Server', str(datetime.now().strftime('%Y-%m-%d %H:%M:%S')))
+    elif command == "api-config":
+        SG_API = input('Sendgrid API KEY: ')
+        GSB_API = input('GOOGLE SAFE BROWSING API KEY: ')
+        os.environ['SG_API_KEY'] = SG_API
+        os.environ['GSB_API_KEY'] = GSB_API
+        print('Successfully created API environment variable.')
     elif command == "atmt":
         keyword = input('Keyword: ')
         ATMT_STRT(keyword)

manager/edit.py

@@ -1,3 +1,4 @@
+import os
 import streamlit as st
 import sqlite3
 import requests
@@ -7,7 +8,7 @@
 
 from search.safe import escape_special_characters
 
-GOOGLE_SAFE_BROWSING_API_KEY = 'API_KEY'
+GOOGLE_SAFE_BROWSING_API_KEY = os.environ.get('GSB_API_KEY')
 
 allowed_extensions = {"http", "https"}
 

manager/insert.py

@@ -1,3 +1,4 @@
+import os
 import streamlit as st
 import sqlite3
 import requests
@@ -7,7 +8,7 @@
 
 from search.safe import escape_special_characters
 
-GOOGLE_SAFE_BROWSING_API_KEY = 'API_KEY'
+GOOGLE_SAFE_BROWSING_API_KEY = os.environ.get('GSB_API_KEY')
 
 allowed_extensions = {"http", "https"}