Compound statements contain other statements. This means a test or execution while true
or false
executes the statements within itself. The trick is to write statements so that they are efficient and effective. Examples of this include if then
statements, loops, and exception handling.
An if
statement tests for a specific condition, and if that condition is met (or not met), then the statement is executed. The if
statement can include a simple check to see whether a variable is true
or false
, and then print the details, as shown in the following example:
x = 1 if x == 1: print("The variable x has a value of 1")
The if
statement can even be used to check for multiple conditions at the same time. Keep in mind that it will execute the first portion of the compound statement that meets the condition and skip the rest. Here is an example that builds on the previous one, using else
and elif
statements. The else statement is a catch all if none of the if
or elif
statements are met. An elif
test is a follow-on if
test. Its condition can be tested after if
and before else
. Refer to the following example to understand this better:
#!/usr/bin/env python x=1 if x == 3: print("The variable x has a value of 3") elif x == 2: print("The variable x has a value of 2") elif x == 1: print("The variable x has a value of 1") else: print("The variable x does not have a value of 1, 2, or 3")
As you can see from these statements, the second elif
statement will process the results. Change the value of x
to something else and see how the script flow really works.
Keep one thing in mind: testing for conditions requires thinking through the results of your test. The following is an example of an if
test that may not provide the expected results depending on the variable value:
#!/usr/bin/env python execute=True if execute != False: print("Do you want to play a game? ")
This script sets the execute
variable to True
. Then, if
is the script with the print
statement. If the variable had not been set to True
and had not been set to False
either, the statement would have still been printed. The reason for this is that we are simply testing for the execute
variable not being equal to False
. Only if execute
had been set to False
would nothing be printed.
A loop is a statement that is executed over and over until a condition is either met or not met. If a loop is created within another loop, it is known as an embedded loop. In penetration testing, having multiple loops within each other is typically not considered best practice. This is because it can create situations of memory exhaustion if they are not properly controlled. There are two primary forms of loops: while
loops and for
loops.
The while
loops are useful when a situation is true or false and you want the test to be executed as long as the condition is valid. As an example, this while
loop checks whether the value of x
is greater than 0
, and if it is, the loop continues to process the data:
x=5 while x > 0: print("Your current count is: %d") % (x) x -= 1
The for
loop is executed with the idea that a defined situation has been established and it is going to be tested. As a simple example, you can create a script that counts a range of numbers between 1 and 15, one number at a time, and then prints the results. The following example of a for
loop statement does this:
for iteration in range(1,15,1): print("Your current count is: %d") % (iteration)
A break
condition is used to exit a loop and continue processing the script from the next statement. Breaks are used to control loops when a specific situation occurs within the loop instead of the next iteration of a loop. Even though breaks can be used to control loops, you should consider writing your code in such a way that you don't need breaks. The following loop with a break
condition will stop executing if the variable value equals 5
:
#!/usr/bin/ numeric = 15 while numeric > 0: print("Your current count is: %d") %(numeric) numeric -= 1 if numeric == 5: break print("Your count is finished!")
The output of this script is as follows:
Though this works, the same results can be achieved with a better designed script, as shown in the following code:
#!/usr/bin/env python numeric = 15 for iteration in range(numeric,5,-1): print("Your current count is: %d") % (iteration) print("Your count is finished!")
As you can see here, the same results are produced with cleaner and more manageable code:
Python, like many other languages, has the ability to handle situations where exceptions or relatively unexpected things occur. In such situations, a catch will occur and capture the error and the follow-on activity. This is completed with the try
and except
clauses, which handle the condition. As an example, I often use conditional handlers to determine whether the necessary library is installed, and if it is not, it tells you how and where to get it. This is a simple, but effective, example:
try: import docx from docx.shared import Inches except: sys.exit("[!] Install the docx writer library as root or through sudo: pip install python-docx")