Python & Cybersecurity challenge : a simple but powerful calculator... But can you find and fix the security holes ?

In 4 lines a calculator with trigonometry and possibly deep learning or any existing python package. Plus some serious security holes ! https://code.sololearn.com/cXmeQ5FUwpsQ/?ref=app

python challenge security

16th Aug 2017, 5:14 PM

VcC

7 Respostas

+ 4

Still not safe, I could do : 9);print("nop" ^^

17th Aug 2017, 4:06 AM

Baptiste E. Prunier

+ 3

? :o

17th Aug 2017, 12:18 PM

Baptiste E. Prunier

+ 2

If my input is : );a_super_hacking_function();print( Then my super hacking function will be called ^^ preventing the user from using ; and counting the parenthesis so that they are well placed (no closing one before an opening one and one closing per opening) would be a first step to fix it. Also putting the exec function in a try except would be nice

16th Aug 2017, 5:27 PM

Baptiste E. Prunier

+ 2

The parenthesis count is to prevent the user from doing : ) if false else my_super_hack_function(

16th Aug 2017, 5:38 PM

Baptiste E. Prunier

Very good but not 100 %. You can still delete files by entering file.open('/file','w')

16th Aug 2017, 6:05 PM

VcC

- 1

Here is a safe version https://code.sololearn.com/c0zzPGplv8Yy/?ref=app

16th Aug 2017, 9:02 PM