Pseudocode, Python, VB.NET Quick Reference for GCSE Computer Science

Pseudocode, Python, VB.NET Quick Reference
Pseudocode, Python, VB.NET Quick Reference

To help staff and students quickly find useful code snippets in VB.NET, Python or pseudocode (for GCSE Computer Science with OCR, AQA, Edexcel or Eduqas) I’ve been putting together this website.

It aims to be a pseudocode, Python, VB.NET quick reference guide so you can quickly find definitions of key terms, a simple explanation of how key programming concepts work alongside code snippets that you can adapt and re-use as you learn.

VB.NET and Python are both programming languages designed to be understood and followed by computers. Pseudocode is not a programming language: it’s written to be understood by humans so that they can turn it into any programming language.

In the UK, each exam board has published a document saying how they’ll use pseudocode to describe algorithms in their exams. The whole idea of syntax (a set of rules) for pseudocode is silly – it’s not designed to be a programming language that is run by a computer. With this in mind, all exam boards state that you don’t have to follow the syntax for ‘their’ version of pseudocode when you write out your own algorithms, but you should be able to understand their version of pseudocode when reading an algorithm in an exam.

The idea is to give a really quick at-a-glance guide to explain some of the key concepts of programming that you need for GCSE Computer Science, alongside code snippets in Python and / or VB.NET as well as pseudocode for whichever exam board your school is using.

This searchable reference guide is designed for teachers and students preparing either for a Non-Examined-Assessment (NEA) or revising for a theory exam.

Please note:

Students are not allowed to access the Internet and are not allowed to have access to code snippets matched to pseudocode like this during their actual NEA sessions. This resource is designed for students to access for support outside of those NEA sessions.

Code snippets are split into 8 categories:

I hope they’re useful. Let me know if you spot a mistake or think of something that’s missing that you’d find useful.

Python wordpress plugin: easily embed and run python code in your website

Python wordpress plugin: easily embed and run python code in your website

Create.withcode.uk python wordpress plugin
Create.withcode.uk python wordpress plugin

Create.withcode.uk is designed to allow anyone to write, run, debug and share python code that runs in your browser. It’s designed primarily for use in schools to allow teachers to quickly share code with students that they can adapt, debug and use.

Here’s an example python program that asks you for your name then says hello. Press Ctrl + Enter (or click on the green plus at the bottom of the code screen) to run the code.

When you save some python code on create.withcode.uk (press Ctrl+S or click on the share button) you get an option to copy and paste some HTML code that can be embedded into any website. e.g:

<iframe frameborder="0" width="100%" height="400px" src="https://create.withcode.uk/embed/7A"><a target="_blank" href="https://create.withcode.uk/python/7A">create.withcode.uk</a></iframe>

To make it even easier to embed your python projects into your blog or website, I’ve shared a plugin for wordpress that lets you quickly add python code using a wordpress shortcode.

This makes sharing your python projects much simpler:

  1. Write your code on create.withcode.uk

    You don’t need an account – just type in your python code into the browser & test it with either Ctrl + Enter to run the whole project or Ctrl + .  to run it one line at a time

  2. Save your code

    Press Ctrl + S  or click on the share button. This make your code available to anyone with the link.

    Share your code

    The URL will be something like https://create.withcode.uk/python/ra

    Note the letters and numbers at the end of the URL ( ra  in the above example)

    Find the ID

  3. Add your code to any post or page in your wordpress blog using a shortcode:

    Use a shortcode that contains the letters and numbers from the previous step:

    Add a shortcode
    This will display the python source code in your blog page or post. People viewing your website will be able to view, run and debug your code.

  4. If you want your code to run by default rather than show the source code:

    Adapt the shortcode to change the mode to “run”:

    Shortcode to run

Wordpress python plugin
Python wordpress plugin

Click here to download the wordpress plugin or to find out more.

Like create.withcode.uk, the wordpress plugin is free and open source.

 

Cybersecurity: What is XSS?

With the ransomware attack on the NHS dominating the news headlines this week, here’s – at last – some good news related to cyber security.

Back in February I launched a Bug Bounty competition to encourage school students to responsibly disclose any bugs, vulnerabilities or problems with the site rather than maliciously exploit them.

What is XSS?
What is XSS?

I’m not able to afford the hefty cash prizes offered by some tech firms when people disclose a bug, but I do always send out some freebies to reward anyone who finds and reports a problem with the site, along with a certificate, as a mark of respect which can hopefully help kickstart a future career in information security.

Today, a talented young student from Fulford School has submitted a bug report identifying a XSS vulnerability in create.withcode.uk. This responsible disclosure has led to the bug being fixed without any damage done. Thank you!

For those that are interested, I thought I’d write up what a XSS attack is; what damage they can do; how they work and how you can prevent them from causing any damage on your website.

What is XSS?

XSS stands for Cross Site Scripting.

Scripting means running code.

Cross site means tricking one website into running some code (usually javascript) that isn’t hosted on that server. Either the code is loaded from another server or entered directly by the attacker.

What are the dangers?

If a website is vulnerable to a XSS attack, it means that someone can trick your browser into running some javascript code that could potentially cause some significant problems.

Javascript code, by design, can’t access your files and folders, so it can’t infect your computer with a virus directly, but XSS code could potentially cause any of the following to happen:

  • Read personal information stored in site cookies (such as name, username or site preferences)
  • Steal your authentication token (to allow someone else to login as you)
  • Hijack your user account (e.g. to post a message as you on that site)
  • To redirect you to another website (e.g. to display adverts)
  • Alter the functionality of the site (e.g. to add / remove / change site features)
  • Use your computer to take part in a DoS or DDoS attack (to overwhelm a web server with too much traffic that it becomes unusable)

create.withcode.uk is deliberately designed not to store any personal data or have user accounts so none of the above were a serious concern, but it’s never good to leave a vulnerability open once it’s been discovered.

How does XSS work?

Example XSS attack: changing editor code
Example XSS attack: changing the text in the code editor

Any website that allows the user to type in user data is potentially vulnerable. That means any website that has a text box for user input, or accepts any input from a file, cookie, URL parameter similar could potentially be compromised by a XSS attack.

XSS attacks work by tricking the browser into injecting some javascript code into the web page so that it runs.

For example, a webpage that asks someone their name then says a personalised hello could be attacked if someone enters their name as <script>alert(“do something nasty here”);</script>

How can you prevent XSS attacks?

The trick to preventing XSS is to filter out any <script> tags (or other similarly dangerous tags) by filtering any user input to blacklist anything that looks suspicious or whitelist only the type of data that you know you can trust

Blacklist: A list of data that you want to prevent

Whitelist: A list of data that you want to allow

The most common way to do this is using a RegEx (Regular Expression) on anything that you display in the browser that you don’t fully trust. A RegEx lets you search for data so that you can remove it or replace it with whatever you choose.

A good web designer shouldn’t trust any data that comes from an external source (another server / user) and so they should assume that any way of entering in data might be a possible source of malicious code to be filtered appropriately.

You can experiment with the algorithm I’ve used to filter out any XSS attacks here. If you can find a XSS attack vector that gets through the filter, please let me know and claim your own bug bounty!

XSS attack vector: text, html or user input deliberately designed to execute code on a web page

Example XSS attack

The student who detected the vulnerability in create.withcode.uk realised that whilst most user input was correctly filtered, error messages were not properly filtered and so were a potential avenue for a XSS attack. He demonstrated how this could be used to:

Example XSS attack: replaced all toolbar images
Example XSS attack: replaced all toolbar images with green smiley faces
  • Change all of the toolbar images at the bottom of the site
  • Embed a game into the site
  • Change the text in the editor
  • Redirect the user to a random python script

This vulnerability has not caused any data on the site to be compromised (create.withcode.uk doesn’t store any user details) but it has now been fixed thanks to the responsible disclosure. I’ll send out a small reward tomorrow to the student in question and hope that they continue to develop and use their skill to do the right thing both legally and morally!

We certainly need more people willing and able to find and help fix vulnerabilities in computer software.

The wrong thing to do would have been to maliciously exploit the vulnerability to cause damage. The right thing to do was to share the discovery sensibly so that it can be fixed. This is exactly what the student in question did. Well done 🙂

Report a bug

If you think you can find a bug in create.withcode.uk I’d love to hear from you.

You can report a bug here in return for a small reward, certificate and my respect & gratitude!

Reporting bugs responsibly helps keep websites secure and is a great way to gain experience in the field of information security.

In the meantime, I hope create.withcode.uk continues to be a useful – and safe – resource to anyone wanting to write, run, debug and share python code in your browser.