From 8a9cdce3603bf89b44458c2a4187367d1233ac32 Mon Sep 17 00:00:00 2001
From: RichardWhellum <rwhellum@deakin.edu.au>
Date: Tue, 10 Dec 2024 19:32:39 +1100
Subject: [PATCH] Vulnerabilities test

---
 requirements.txt      |  4 +++-
 test_vulnerability.py | 24 ++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index af37a2d..ff6f5ec 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1,3 @@
-bandit==1.7.5
\ No newline at end of file
+bandit==1.7.5
+flask==0.12.3  # Known critical vulnerabilities: CVE-2018-1000656
+jinja2==2.7.2  # Known critical vulnerabilities: CVE-2019-10906
\ No newline at end of file
diff --git a/test_vulnerability.py b/test_vulnerability.py
index 8b13789..d0ee536 100644
--- a/test_vulnerability.py
+++ b/test_vulnerability.py
@@ -1 +1,25 @@
+import os
+from flask import Flask, request
+
+app = Flask(__name__)
+
+# Critical Vulnerability: Hardcoded Secret Key
+SECRET_KEY = "123456"
+
+@app.route("/exec", methods=["POST"])
+def insecure_exec():
+    # Critical Vulnerability: Unsafe eval usage
+    command = request.form.get("command")
+    result = eval(command)  # This is critically vulnerable to code injection
+    return f"Executed: {result}"
+
+@app.route("/path", methods=["POST"])
+def directory_traversal():
+    # Critical Vulnerability: Unsafe file access
+    filename = request.form.get("filename")
+    with open(filename, "r") as f:
+        return f.read()
+
+if __name__ == "__main__":
+    app.run(host="0.0.0.0", port=5000)