-
Notifications
You must be signed in to change notification settings - Fork 0
/
buggy_python_code.py
67 lines (52 loc) · 2.05 KB
/
buggy_python_code.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
import sys
import os
import yaml
import flask
app = flask.Flask(__name__)
@app.route("/")
def index():
version = flask.request.args.get("urllib_version")
url = flask.request.args.get("url")
return fetch_website(version, url)
CONFIG = {"API_KEY": "771df488714111d39138eb60df756e6b"}
class Person(object):
def __init__(self, name):
self.name = name
def print_nametag(format_string, person):
print(format_string.format(person=person))
def fetch_website(urllib_version, url):
# Import the requested version (2 or 3) of urllib
exec(f"import urllib{urllib_version} as urllib", globals())
# Fetch and print the requested URL
try:
http = urllib.PoolManager()
r = http.request('GET', url)
except:
print('Exception')
def load_yaml(filename):
stream = open(filename)
deserialized_data = yaml.load(stream, Loader=yaml.Loader) #deserializing data
return deserialized_data
def authenticate(password):
# Assert that the password is correct
assert password == "Iloveyou", "Invalid password!"
print("Successfully authenticated!")
if __name__ == '__main__':
print("Vulnerabilities:")
print("1. Format string vulnerability: use string={person.__init__.__globals__[CONFIG][API_KEY]}")
print("2. Code injection vulnerability: use string=;print('Own code executed') #")
print("3. Yaml deserialization vulnerability: use string=file.yaml")
print("4. Use of assert statements vulnerability: run program with -O argument")
choice = input("Select vulnerability: ")
if choice == "1":
new_person = Person("Vickie")
print_nametag(input("Please format your nametag: "), new_person)
elif choice == "2":
urlib_version = input("Choose version of urllib: ")
fetch_website(urlib_version, url="https://www.google.com")
elif choice == "3":
load_yaml(input("File name: "))
print("Executed -ls on current folder")
elif choice == "4":
password = input("Enter master password: ")
authenticate(password)