Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Renamve SSTI To have more appropriate names
  • Loading branch information
aa9863 committed Nov 8, 2022
1 parent 43b2a0d commit e61e826
Show file tree
Hide file tree
Showing 10 changed files with 10 additions and 10 deletions.
10 changes: 5 additions & 5 deletions SSTI/ssti_Hard/opt/app.py
Expand Up @@ -13,7 +13,7 @@ def processInput(theText):
Throw an Error if we detect possible SSTI
"""

badChars = ["{{","}}","'",'"',"format","socket"]
badChars = ["'",'"',"format","socket"]
regex = re.compile('|'.join(map(re.escape, badChars)))

matches = regex.findall(theText)
Expand Down Expand Up @@ -51,11 +51,11 @@ def login():
@app.route('/', methods=["GET","POST"])
def main():

if "user" not in session:
session["user"] = "unknown"
# if "user" not in session:
# session["user"] = "unknown"

if session["user"] not in ["Balthazar", "Melichor", "Gaspar"]:
return flask.redirect(flask.url_for('login'))
# if session["user"] not in ["Balthazar", "Melichor", "Gaspar"]:
# return flask.redirect(flask.url_for('login'))

#flask.session.update(test=1)
if flask.request.method == "POST":
Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes.
10 changes: 5 additions & 5 deletions SSTI/ssti_Moderate/opt/app.py → SSTI/ssti_Harder/opt/app.py
Expand Up @@ -13,7 +13,7 @@ def processInput(theText):
Throw an Error if we detect possible SSTI
"""

badChars = ["'",'"',"format","socket"]
badChars = ["{{","}}","'",'"',"format","socket"]
regex = re.compile('|'.join(map(re.escape, badChars)))

matches = regex.findall(theText)
Expand Down Expand Up @@ -51,11 +51,11 @@ def login():
@app.route('/', methods=["GET","POST"])
def main():

# if "user" not in session:
# session["user"] = "unknown"
if "user" not in session:
session["user"] = "unknown"

# if session["user"] not in ["Balthazar", "Melichor", "Gaspar"]:
# return flask.redirect(flask.url_for('login'))
if session["user"] not in ["Balthazar", "Melichor", "Gaspar"]:
return flask.redirect(flask.url_for('login'))

#flask.session.update(test=1)
if flask.request.method == "POST":
Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.

0 comments on commit e61e826

Please sign in to comment.