Evaluate any expression!
@@ -29,4 +30,4 @@
Output
-{% endblock %}
\ No newline at end of file
+{% endblock %}
From d55f3c934babf927645a51d0056abab806dbc178 Mon Sep 17 00:00:00 2001
From: "patched.codes[bot]"
<298395+patched.codes[bot]@users.noreply.github.com>
Date: Tue, 28 May 2024 13:11:49 +0800
Subject: [PATCH 12/17] Patched introduction/apis.py
---
introduction/apis.py | 21 ++++-----------------
1 file changed, 4 insertions(+), 17 deletions(-)
diff --git a/introduction/apis.py b/introduction/apis.py
index 7926708..a3b90e6 100644
--- a/introduction/apis.py
+++ b/introduction/apis.py
@@ -12,14 +12,6 @@
from .utility import *
from .views import authentication_decorator
-
-
-# steps -->
-# 1. covert input code to corrosponding code and write in file
-# 2. extract inputs form 2nd code
-# 3. Run the code
-# 4. get the result
-@csrf_exempt
def ssrf_code_checker(request):
if request.user.is_authenticated:
if request.method == 'POST':
@@ -55,8 +47,6 @@ def ssrf_code_checker(request):
# Insufficient Logging & Monitoring
-
-@csrf_exempt
# @authentication_decorator
def log_function_checker(request):
if request.method == 'POST':
@@ -67,10 +57,10 @@ def log_function_checker(request):
log_filename = os.path.join(dirname, "playground/A9/main.py")
api_filename = os.path.join(dirname, "playground/A9/api.py")
f = open(log_filename,"w")
- f.write(log_code)
+ f.write(escape(log_code))
f.close()
f = open(api_filename,"w")
- f.write(api_code)
+ f.write(escape(api_code))
f.close()
# Clearing the log file before starting the test
f = open('test.log', 'w')
@@ -90,7 +80,6 @@ def log_function_checker(request):
return JsonResponse({"message":"method not allowed"},status = 405)
#a7 codechecking api
-@csrf_exempt
def A7_disscussion_api(request):
if request.method != 'POST':
return JsonResponse({"message":"method not allowed"},status = 405)
@@ -109,7 +98,6 @@ def A7_disscussion_api(request):
return JsonResponse({"message":"failure"},status = 400)
#a6 codechecking api
-@csrf_exempt
def A6_disscussion_api(request):
test_bench = ["Pillow==8.0.0","PyJWT==2.4.0","requests==2.28.0","Django==4.0.4"]
@@ -122,7 +110,6 @@ def A6_disscussion_api(request):
except Exception as e:
return JsonResponse({"message":"failure"},status = 400)
-@csrf_exempt
def A6_disscussion_api_2(request):
if request.method != 'POST':
return JsonResponse({"message":"method not allowed"},status = 405)
@@ -131,8 +118,8 @@ def A6_disscussion_api_2(request):
dirname = os.path.dirname(__file__)
filename = os.path.join(dirname, "playground/A6/utility.py")
f = open(filename,"w")
- f.write(code)
+ f.write(escape(code))
f.close()
except:
return JsonResponse({"message":"missing code"},status = 400)
- return JsonResponse({"message":"success"},status = 200)
\ No newline at end of file
+ return JsonResponse({"message":"success"},status = 200)
From f60c23e3864bf93207910a86fde183de9c320345 Mon Sep 17 00:00:00 2001
From: "patched.codes[bot]"
<298395+patched.codes[bot]@users.noreply.github.com>
Date: Tue, 28 May 2024 13:11:49 +0800
Subject: [PATCH 13/17] Patched introduction/templates/Lab/A9/a9_lab.html
---
introduction/templates/Lab/A9/a9_lab.html | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/introduction/templates/Lab/A9/a9_lab.html b/introduction/templates/Lab/A9/a9_lab.html
index 5a70b46..7145c34 100644
--- a/introduction/templates/Lab/A9/a9_lab.html
+++ b/introduction/templates/Lab/A9/a9_lab.html
@@ -8,6 +8,7 @@