This repository has been archived by the owner on Feb 20, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest_flask.py
100 lines (77 loc) · 2.72 KB
/
test_flask.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
import flask
from flask import jsonify, request
import pickle
import yaml
from immunity_agent.middlewares.flask_middleware import ImmunityFlaskMiddleware
app = flask.Flask(__name__)
app.wsgi_app = ImmunityFlaskMiddleware(app.wsgi_app, app)
users = [
{"id": 1, "name": "Иван Иванов", "email": "[email protected]"},
{"id": 2, "name": "Петр Петров", "email": "[email protected]"},
]
next_id = len(users) + 1
@app.route("/users", methods=["GET"])
def get_users():
return jsonify(users)
@app.route("/users", methods=["POST"])
def create_user():
global next_id
data = request.json
new_user = {"id": next_id, "name": data["name"], "email": data["email"]}
users.append(new_user)
next_id += 1
return jsonify(new_user), 201
@app.route("/users/<int:id>", methods=["PUT"])
def update_user(id):
found_user = None
for user in users:
if user["id"] == id:
found_user = user
break
if not found_user:
return jsonify({"error": "User not found"}), 404
data = request.json
found_user.update(data)
return jsonify(found_user)
@app.route("/users/<int:id>", methods=["DELETE"])
def delete_user(id):
found_index = None
for i, user in enumerate(users):
if user["id"] == id:
found_index = i
break
if found_index is None:
return jsonify({"error": "User not found"}), 404
del users[found_index]
return "", 204
@app.route('/deserialize/1/', methods=['POST'])
def vulnerable_route_1():
data = request.form['data'].encode()
# Проверяем длину данных
if len(data) == 0:
return "No data provided."
# Десериализуем данные с помощью pickle
try:
deserialized_data = pickle.loads(data)
except EOFError:
return "Invalid or incomplete data."
return f'Deserialized data: {deserialized_data}'
@app.route('/deserialize/2/', methods=['POST'])
def vulnerable_route_2():
data = request.form['data']
# Десериализуем данные с помощью yaml
deserialized_data = yaml.load(data, Loader=yaml.FullLoader)
return f'Deserialized data: {deserialized_data}'
class VulnerableObject:
def __reduce__(self):
return (eval, ("__import__('os').system('ls')",))
@app.route('/deserialize/3/', methods=['POST'])
def vulnerable_route_3():
data = request.form['data']
try:
deserialized_data = pickle.loads(data.encode())
return f'Deserialized object: {deserialized_data}'
except Exception as e:
return f'Error: {e}'
if __name__ == "__main__":
app.run(debug=True)