From e61e82638c52c87aa61ef35a8499ad0b8d31966d Mon Sep 17 00:00:00 2001
From: Dan Goldsmith <aa9863@coventry.ac.uk>
Date: Tue, 8 Nov 2022 14:06:15 +0000
Subject: [PATCH] Renamve SSTI To have more appropriate names

---
 SSTI/ssti_Hard/opt/app.py                              | 10 +++++-----
 SSTI/{ssti_Moderate => ssti_Harder}/Dockerfile         |  0
 SSTI/{ssti_Hard => ssti_Harder}/compose-devel.yml      |  0
 SSTI/{ssti_Moderate => ssti_Harder}/docker-compose.yml |  0
 SSTI/{ssti_Moderate => ssti_Harder}/opt/app.py         | 10 +++++-----
 .../opt/templates/base.html                            |  0
 .../opt/templates/index.html                           |  0
 .../opt/templates/login.html                           |  0
 .../opt/templates/viewpage.html                        |  0
 .../opt/th1sIsth3Flag.txt                              |  0
 10 files changed, 10 insertions(+), 10 deletions(-)
 rename SSTI/{ssti_Moderate => ssti_Harder}/Dockerfile (100%)
 rename SSTI/{ssti_Hard => ssti_Harder}/compose-devel.yml (100%)
 rename SSTI/{ssti_Moderate => ssti_Harder}/docker-compose.yml (100%)
 rename SSTI/{ssti_Moderate => ssti_Harder}/opt/app.py (90%)
 rename SSTI/{ssti_Moderate => ssti_Harder}/opt/templates/base.html (100%)
 rename SSTI/{ssti_Moderate => ssti_Harder}/opt/templates/index.html (100%)
 rename SSTI/{ssti_Moderate => ssti_Harder}/opt/templates/login.html (100%)
 rename SSTI/{ssti_Moderate => ssti_Harder}/opt/templates/viewpage.html (100%)
 rename SSTI/{ssti_Moderate => ssti_Harder}/opt/th1sIsth3Flag.txt (100%)

diff --git a/SSTI/ssti_Hard/opt/app.py b/SSTI/ssti_Hard/opt/app.py
index 01dd573..4b9f4cf 100644
--- a/SSTI/ssti_Hard/opt/app.py
+++ b/SSTI/ssti_Hard/opt/app.py
@@ -13,7 +13,7 @@ def processInput(theText):
     Throw an Error if we detect possible SSTI
     """
 
-    badChars = ["{{","}}","'",'"',"format","socket"]
+    badChars = ["'",'"',"format","socket"]
     regex = re.compile('|'.join(map(re.escape, badChars)))
 
     matches = regex.findall(theText)
@@ -51,11 +51,11 @@ def login():
 @app.route('/', methods=["GET","POST"])
 def main():
     
-    if "user" not in session:
-        session["user"] = "unknown"
+    # if "user" not in session:
+    #     session["user"] = "unknown"
 
-    if session["user"] not in ["Balthazar", "Melichor", "Gaspar"]:
-        return flask.redirect(flask.url_for('login'))
+    # if session["user"] not in ["Balthazar", "Melichor", "Gaspar"]:
+    #     return flask.redirect(flask.url_for('login'))
         
     #flask.session.update(test=1)
     if flask.request.method == "POST":
diff --git a/SSTI/ssti_Moderate/Dockerfile b/SSTI/ssti_Harder/Dockerfile
similarity index 100%
rename from SSTI/ssti_Moderate/Dockerfile
rename to SSTI/ssti_Harder/Dockerfile
diff --git a/SSTI/ssti_Hard/compose-devel.yml b/SSTI/ssti_Harder/compose-devel.yml
similarity index 100%
rename from SSTI/ssti_Hard/compose-devel.yml
rename to SSTI/ssti_Harder/compose-devel.yml
diff --git a/SSTI/ssti_Moderate/docker-compose.yml b/SSTI/ssti_Harder/docker-compose.yml
similarity index 100%
rename from SSTI/ssti_Moderate/docker-compose.yml
rename to SSTI/ssti_Harder/docker-compose.yml
diff --git a/SSTI/ssti_Moderate/opt/app.py b/SSTI/ssti_Harder/opt/app.py
similarity index 90%
rename from SSTI/ssti_Moderate/opt/app.py
rename to SSTI/ssti_Harder/opt/app.py
index 4b9f4cf..01dd573 100644
--- a/SSTI/ssti_Moderate/opt/app.py
+++ b/SSTI/ssti_Harder/opt/app.py
@@ -13,7 +13,7 @@ def processInput(theText):
     Throw an Error if we detect possible SSTI
     """
 
-    badChars = ["'",'"',"format","socket"]
+    badChars = ["{{","}}","'",'"',"format","socket"]
     regex = re.compile('|'.join(map(re.escape, badChars)))
 
     matches = regex.findall(theText)
@@ -51,11 +51,11 @@ def login():
 @app.route('/', methods=["GET","POST"])
 def main():
     
-    # if "user" not in session:
-    #     session["user"] = "unknown"
+    if "user" not in session:
+        session["user"] = "unknown"
 
-    # if session["user"] not in ["Balthazar", "Melichor", "Gaspar"]:
-    #     return flask.redirect(flask.url_for('login'))
+    if session["user"] not in ["Balthazar", "Melichor", "Gaspar"]:
+        return flask.redirect(flask.url_for('login'))
         
     #flask.session.update(test=1)
     if flask.request.method == "POST":
diff --git a/SSTI/ssti_Moderate/opt/templates/base.html b/SSTI/ssti_Harder/opt/templates/base.html
similarity index 100%
rename from SSTI/ssti_Moderate/opt/templates/base.html
rename to SSTI/ssti_Harder/opt/templates/base.html
diff --git a/SSTI/ssti_Moderate/opt/templates/index.html b/SSTI/ssti_Harder/opt/templates/index.html
similarity index 100%
rename from SSTI/ssti_Moderate/opt/templates/index.html
rename to SSTI/ssti_Harder/opt/templates/index.html
diff --git a/SSTI/ssti_Moderate/opt/templates/login.html b/SSTI/ssti_Harder/opt/templates/login.html
similarity index 100%
rename from SSTI/ssti_Moderate/opt/templates/login.html
rename to SSTI/ssti_Harder/opt/templates/login.html
diff --git a/SSTI/ssti_Moderate/opt/templates/viewpage.html b/SSTI/ssti_Harder/opt/templates/viewpage.html
similarity index 100%
rename from SSTI/ssti_Moderate/opt/templates/viewpage.html
rename to SSTI/ssti_Harder/opt/templates/viewpage.html
diff --git a/SSTI/ssti_Moderate/opt/th1sIsth3Flag.txt b/SSTI/ssti_Harder/opt/th1sIsth3Flag.txt
similarity index 100%
rename from SSTI/ssti_Moderate/opt/th1sIsth3Flag.txt
rename to SSTI/ssti_Harder/opt/th1sIsth3Flag.txt