Vulnerabilities test

Redback-Operations · Dec 10, 2024 · 8a9cdce · 8a9cdce
1 parent 172cc38
commit 8a9cdce
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/requirements.txt b/requirements.txt
@@ -1 +1,3 @@
-bandit==1.7.5
+bandit==1.7.5
+flask==0.12.3  # Known critical vulnerabilities: CVE-2018-1000656
+jinja2==2.7.2  # Known critical vulnerabilities: CVE-2019-10906
diff --git a/test_vulnerability.py b/test_vulnerability.py
@@ -1 +1,25 @@
+import os
+from flask import Flask, request
+
+app = Flask(__name__)
+
+# Critical Vulnerability: Hardcoded Secret Key
+SECRET_KEY = "123456"
+
+@app.route("/exec", methods=["POST"])
+def insecure_exec():
+    # Critical Vulnerability: Unsafe eval usage
+    command = request.form.get("command")
+    result = eval(command)  # This is critically vulnerable to code injection
+    return f"Executed: {result}"
+
+@app.route("/path", methods=["POST"])
+def directory_traversal():
+    # Critical Vulnerability: Unsafe file access
+    filename = request.form.get("filename")
+    with open(filename, "r") as f:
+        return f.read()
+
+if __name__ == "__main__":
+    app.run(host="0.0.0.0", port=5000)