-
Notifications
You must be signed in to change notification settings - Fork 46
Expand file tree
/
Copy pathBenchmarkTest00058.py
More file actions
77 lines (59 loc) · 2.29 KB
/
Copy pathBenchmarkTest00058.py
File metadata and controls
77 lines (59 loc) · 2.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
'''
OWASP Benchmark for Python v0.1
This file is part of the Open Web Application Security Project (OWASP) Benchmark Project.
For details, please see https://owasp.org/www-project-benchmark.
The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
of the GNU General Public License as published by the Free Software Foundation, version 3.
The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the GNU General Public License for more details.
Author: Theo Cartsonis
Created: 2025
'''
from flask import redirect, url_for, request, make_response, render_template
from helpers.utils import escape_for_html
def init(app):
@app.route('/benchmark/hash-00/BenchmarkTest00058', methods=['GET'])
def BenchmarkTest00058_get():
response = make_response(render_template('web/hash-00/BenchmarkTest00058.html'))
response.set_cookie('BenchmarkTest00058', 'someSecret',
max_age=60*3,
secure=True,
path=request.path,
domain='localhost')
return response
return BenchmarkTest00058_post()
@app.route('/benchmark/hash-00/BenchmarkTest00058', methods=['POST'])
def BenchmarkTest00058_post():
RESPONSE = ""
import urllib.parse
param = urllib.parse.unquote_plus(request.cookies.get("BenchmarkTest00058", "noCookieValueSupplied"))
import configparser
bar = 'safe!'
conf69840 = configparser.ConfigParser()
conf69840.add_section('section69840')
conf69840.set('section69840', 'keyA-69840', 'a_Value')
conf69840.set('section69840', 'keyB-69840', param)
bar = conf69840.get('section69840', 'keyA-69840')
import hashlib, base64
import io, helpers.utils
input = ''
if isinstance(bar, str):
input = bar.encode('utf-8')
elif isinstance(bar, io.IOBase):
input = bar.read(1000)
if len(input) == 0:
RESPONSE += (
'Cannot generate hash: Input was empty.'
)
return RESPONSE
hash = hashlib.sha1()
hash.update(input)
result = hash.digest()
f = open(f'{helpers.utils.TESTFILES_DIR}/passwordFile.txt', 'a')
f.write(f'hash_value={base64.b64encode(result)}\n')
RESPONSE += (
f'Sensitive value \'{helpers.utils.escape_for_html(input.decode('utf-8'))}\' hashed and stored.'
)
f.close()
return RESPONSE