Questions about this topic? Sign up to ask in the talk tab.

Python

From NetSec
Revision as of 05:56, 23 November 2011 by DPYJulietowbaijc (Talk | contribs) (Functions)

Jump to: navigation, search

Python is a high-level interpreted language designed around functionality and cleanliness. It is often compared to perl in terms of functionality and usage.

Strengths and Weaknesses of Python

Python draws strength from being convenient and simple to write. Many people view it as one of the easiest scripting languages to code in. As such, a common usage for python is to write a 'prototype' of a program before implementing it in a heavier language like C. Furthermore, due to it's interpretive nature, a python script is easily modified - there are no compiled binaries to disassemble and reverse-engineer.

However, the language's strengths often become weaknesses. For example, as was noted before, python is not a compiled language. This means that it is very difficult to protect python code - every program is in its raw form, and can be freely edited and reused. There are methods, such as code obfuscation, that can be used to protect code, but these are not foolproof. In addition, python programs tend to run inefficently, hogging more resources than necessary - tasks like cracking, encryption, or anything that requires large numbers of computations should preferably be automated with some other language.

One of the most pertinent drawbacks to python is it's incompatibility - as of version 3.0 of Python, a large portion of the language has been rewritten, including many keywords being turned into functions - for example

 
print "hello, world!" #a keyword
 

would now be

 
print("hello, world!") #a function
 

Although this and other changes are relatively minor, they render python 3.0 programs incompatible with 2.6, 2.5 etc. This is further exascerbated by the fact that many developers continue to code in 2.6.

Installation

Python development is based at it's website at python.org. Python (in every recent incarnation) can be downloaded in the form of Windows binaries and sources for compilation in a *nix environment. While it is currently available in versions 2.7.2 and 3.2.2, it is advised that new programmers download the latest version so as not to learn a language that is becoming obsolete - of course, it is wise to learn the nuances between 2.7 and 3.2 so that you can port older programs, and write programs that are compatible with older versions.

Many distributions come with python preloaded (although it may be an older version), while many more will be able to obtain python using the package manager of their choice. For example, in Arch:

 
pacman -S python
 

Under Windows, python can either be run from the command line or under it's GUI, as installed under the Python folder of the Start menu. Under linux, python is entirely commandline.

Python operates in two modes - the IDLE, which is an interactive python prompt, in which you can execute python statements in a manner that is persistent within your session, but is lost when you exit. It can also be used to run a python script, which has the extension .py

To run a python script, execute:

 
python scriptname.py
 

It will be executed in the commandline.

To open the IDLE, simple type:

 
python
 

You should be presented with some version information and a prompt like this:

>>>

From there on, any python statement will execute as if read from a .py program. Use the exit() function to close the IDLE.

Basic Application

Python Operators

These are the basic operators of the python language, used to comparison and assignment:

  • = is equal to (assignment)
  • == equal to (comparison)
  • != not equal to
  • > greater than
  • > less than
  • >= greater than or equal to
  • <= less than o equal to

Variable Definition

Python variables are 'loosely typed' meaning that they don't have a set type - other languages, such as C, require the type of a variable to be defined. For example,a variable designed to store integers must be set as an int, and will not store characters, or boolean values, or anything else - attempting to store these in it will raise an exception.

To define a variable (x, for the sake of the argument) you use the '=' operator:

 
x = 12
 

Note that there is no definition of type. Python knows it's meant to represent a number because we put a number into it. This is both flexible and, at times, annoying when you try to perform an operation that is invalid and it breaks.

RPU0j.png There is a distinct difference between the '==' and '=' operators. It's important to recognise this, as getting the two mixed up is one of the most common rookie errors in any language. '=' sets something equal to something else, whereas '==' compares two values and returns true if they're equal.

Python does support the string datatype - that is, you can define a variable to be equal to a string of text, for example:

 
hi = "hello, world!"
 

Strings can be added to each other in much the same manner as numbers can - adding two strings will simply return the first string with the second string tacked on at the end.

Another form of variable that python employs is the list. This is similar to an array in C and other languages - a list can be defined by giving a series of values enclosed by squared brackets [ ]. Items in the list can be referenced according to index number (zero indexed) in much the same manner as C.

Example:

 
list = [ " is ", "eggs", "male", "selketraz" ]
print(list)
print(list[3] + list[0] + list[2])
 

Output:

[" is ", "eggs", "male", "selketraz"]

selketraz is male

A string can be referred to as though it were a list - for example, in the string "hello" stored in variable 'h', you could reference the letter 'e' by referring to h[1]. However, python does not allow you to assign values to elements in a string.

Printing and Receiving Input

Two basic functions that are instrumental to writing python code are the print() and input() calls. print() simply prints whatever arguments you give it to stdout, and input takes a string prompt as an argument and returns whatever input that it receives from stdin, in the form of a string.

for example:

 
name = input("What is your name? ")
print(name)
 

The snippet above would print a prompt to the screen saying "What is your name? ", and wait for input. When you press the enter key, any input you've given it will be stored into the variable 'name'. It then prints the value of the variable 'name.

It is pertinent to note that the print() call can print both the value of a variable - print(name) - or it can be supplied with a raw string - print("hello, world!"). It's also important to remember that input() always returns a string - if you're trying to use a number from input, you'd have to typecast it, as discussed later.

Commenting

It is possible to insert a comment, a block of text that is not interpreted by the python interpreter, into a module with the # symbol. This is not part of the program, but exists for readability. For example:

 
print("hello, world!") #prints hello to the screen
 

Modules

A module is a seperate python script (in some languages, it is called a header) that can be included in multiple programs to add functionality. This has several uses:

  • code reuse - modular code can be easily imported into any script
  • ease of reading - it's easier to locate code in a set of modules than in one huge program

There are many python modules that are a part of the basic python framework, and can be called from anywhere. Examples include the time module, which contains functionality for the clock and sleep functions, or the random module, which contains functionality for random generation. It is also possible to write your own modules containing functions, and import them into a program in the same way.

In order to import a module(for example random):

 
import random
 

In order to import one of your own custom modules, simply place them in the same directory and import them in the same manner. For example, if you had written a module, my_module.py:

 
import my_module
 


Calling on a function within a module

As an example of how to call functions from within modules, we will use the time module. The syntax for calling a function stored in a module is:

modulename.functionname(argument)

Likewise, to reference a variable from a module:

modulename.variablename

To illustrate this, in order to use the sleep() function from the time module:

 
import time
time.sleep(50) #sleep 50 seconds
 


Variable Operation

List Operations

Using the string module, it is possible to perform a variety of transformations to strings that go beyond the basic concatenation and indexing functionality that python provides.

Although we have seen that it is possible to reference a character in a string by its indexed position, it is possible to extend this. By including a colon : in the square brackets, we can indicate a range of characters(or other elements) to select. This functionality does not require the string module.

for example:

 
test_str = "hello, world!"
print (test_str[0:5])
print(test_str[:7])
print(test_str[-2:]
 

output:

hello,
hello, w
d!

As we can see here, it follows a few basic rules:

  • [n:x] select characters from position n to position x
  • [:n] select characters from the beginning of the string up to position n
  • [n:] select characters from position n to the end of the string
  • [-n:] select characters from n to the end of the string, starting from the right (note: when starting from the right, it is not considered to be zero-indexed)

Advanced List Operations

append()

Syntax:

 
list.append(item)
 

Append 'item' to list 'list'.

insert()

Syntax:

 
list.insert(index,item)
 

Instrt 'item' into 'list' at position 'index'.

index()

Syntax:

 
return = list.index(match)
 

Returns the index value of the first value of 'list' whose value is equal to 'match' into 'return'.

String Operations

Using the string module, it is possible to perform a variety of transformations to strings that go beyond the basic concatenation and indexing functionality that python provides.

strip()

Syntax:

 
strname.strip("phrase")
 

Strips out every instance of "phrase" from the string 'strname'

split()

Syntax:

 
list = strname.split("delimiter")
 

Splits 'strname' into a list of elements seperated by the delimiter given as an argument and returns it into 'list'. By default, the delimiter is " ".

For example:

 
string1 = "#hardchatz all day erryday"
list = string1.split('a')
print(list)
 

output:

['#h', 'rdch', 'tz ', 'll d', 'y erryd', 'y']

find()

Syntax:

 
int = strname.find("match")
 

Searches for an instance of "match" in string 'strname', and returns -1 to 'int' if false.

Typecasting

In many cases, we are presented with a variable that has the wrong datatype - a common example would be the return value of the input() call. It always returns a string, as in this example:

 
#calculator
num1 = input("Enter first number: ")
num2 = input("Enter second number: ")
print(num1 + num2)
 

The above snippet of code looks like it should work, and will execute without errors. However, if for example you put in the numbers 1 and 4 to add together, as output you will be given: 14.

The reason for this is that input() returns a string. When you try to add num1 and num2, python sees the following:

num1 + num2
'1' + '4'
'14'

In order to solve it, you must convert the string containing the number into an actual integer:


 
#calculator
num1 = input("Enter first number: ")
num2 = input("Enter second number: ")
print(int(num1) + int(num2))
 

Typecasting functions:

  • int() returns the argument as an integer
  • str() returns the argument as a string

Note that this is not technically typecasting in the traditional sense as the functions actually convert the arguments, but it serves the same purpose.

Statements and Loops

Without some form of control flow, any python program is just a series of executed commands. Python, like almost every other programming language, employs loops and statements to create forks in program execution depending on circumstance.

If Statement

One of the most vital statements, If is used in almost every program. Expect to get familiar with it! The if statement is used in three flavors: If, If-Else and If-Elif (and combinations there of, e.g If-Elsif-Else).

If

The simple if statement simply checks whether a condition is met - if it is, it executes some code, otherwise it continues.

Syntax:

 
x = input("X: ")
if int(x) > 4:
    print("x is greater than 4.")
 

Note the whitespace before the print call - this is how the interpreter knows which code is part of the if statement and which code is to be executed after the if statement is done. Standard whitespace is either 1 tab or 4 spaces.

If-Else

If-Else will execute in much the same way as the basic if statement, but with a form of exception handling: it will execute one set of instructions if the condition is met, and will execute another if it is not.

Syntax:

 
x = input("X: ")
if int(x) > 4:
    print("x is greater than 4.")
else:
    print("x is not greater than 4.")
 

Again, note the use of whitespace.

If-Elif

Elif is short for "Else-If", and the If-Elif statement does exactly that. Instead of writing:

Syntax:

 
if int(condition):
    code
else:
    if (condition):
        code
 

You can use if-elif to condense this, like so:

 
x = input("X: ")
if int(x) > 4:
    print("x is greater than 4.")
elif int(x) == 4:
    print("x is equal to 4.")
elif int(x) < 4:
    print("x is less than 4.")
 

While Loop

The function of the while loop is to execute an if statement endlessly until the specified condition is no longer met.

Syntax:

 
x = 0
while x < 20:
    print(x)
    x = x + 1
 

The above snippet of code will endlessly print the value of x, and then increase it by 1, until x is equal to or greater than 20.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

For Loop

For is one of the more complicated loops (though still quite simple to use) that can be confusing to those used to other languages, as the for loop in python differs from the for loop in C.

Syntax:

 
for local in sequence:
    code
 

The for loop allows you to specify a list, and assign a temporary local variable (in the case above, it is 'local') that represents the current item. For example, to increase every value in a list by 1:

 
list1 = [1,2,3,4,5,6,7,8,9,10]
for item in list1:
    item = item + 1
print(list1)
 

output:

[2, 3, 4, 5, 6, 7, 8, 9, 10, 11]


Functions

Functions have been briefly touched on before when referring to the commands that you pass to python in order to execute code: for example: print(), int(), and input() are all examples of functions. We have also referred to functions from imported module, for example the time module's sleep() function.

To define a function, use the def statement:

 
def function_name(arguments):
    code to be executed
 

For example, for a function to add one to any number given to it as input:

 
def addone(in):
    in = in + 1
    return in
 

This layout, like the for loop's function, can be confusing. In C and other languages, you return a numeric value (which acts as an error code for the function) and you take both input and output variables as arguments. In python, however, you only take input variables as functions, and you can return anything - in fact, you often have to in order to have any output. Returning instantly ends the function, so it's a good way to break out of an if statement or while loop without executing the code after it.

It should also be noted that any variables within the function are considered local variables, even if there is a global variable of the same name. A global variable is one that exists throughout the entire program, whereas a local variable exists only in the function it's defined in. For example. if you define variable x in a function, then try to call on x after the function ends, you will receive an error - x does not exist outside of that function. In order to call a glboal variable within a function, you must set it with the global type:

 
number = 7
 
def func():
    global number
    number = 9
 
print(number)
 

output:

9



Python
is part of a series on

interpreted languages

Visit the interpreted languages Portal for complete coverage.