-
Notifications
You must be signed in to change notification settings - Fork 0
/
cleaned_data.json
2408 lines (2408 loc) · 184 KB
/
cleaned_data.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
[
{
"text": "The function ping() is called when the URL <url> ping is requested to store URL as a variable \"url\" to return",
"code": "def ping(): \n url = request.args.get('url') \n try: \n subprocess.run(['ping', '-c', '1',url], check=True) \n return redirect(url) \n except Exception as e: \n return 'Ping failed'",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "ping url request args get url subprocess run ping c 1 url check true redirect url exception e ping failed"
},
{
"code": "from Crypto.Cipher import AES\nfrom Crypto.Util.Padding import pad\n\n\ndef getEncryptionKey(data, key):\n '''\n Create a static vector, cipher using AES and CBC mode\n encrypt the data using the cipher by padding up to the block_size, and return it\n '''\n static_vector = b'x' * AES.block_size\n cipher = AES.new(key, AES.MODE_CBC, static_vector)\n cipher.encrypt(pad(data, AES.block_size))",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "crypto cipher aes crypto util padding pad getencryptionkey data key create static vector cipher using aes cbc mode encrypt data using cipher padding block_size static_vector b x aes block_size cipher aes new key aes mode_cbc static_vector cipher encrypt pad data aes block_size"
},
{
"text": "Construct a python code that loads the payload into a dictionary after checking if payload isn't none",
"code": "yaml_payload = request.args.get('payload', None) \n if yaml_payload: \n yaml_payload_dict = yaml.load(yaml_payload)",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "yaml_payload request args get payload none yaml_payload yaml_payload_dict yaml load yaml_payload"
},
{
"text": "Define a 'get_root' function to create a XML parser, use it to define a tree with parse function and a root with getroot",
"code": "def get_root(): \n parser = etree.XMLParser(resolve_entities=True) \n tree = etree.parse('ressources/xxe.xml', parser) \n root = tree.getroot() \n return root",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "get_root parser etree xmlparser resolve_entities true tree etree parse ressources xxe xml parser root tree getroot root"
},
{
"code": "from lxml import etree\nfrom io import StringIO\n\nfrom django.http import HttpResponse\n\n\ndef xpath_query(request):\n '''\n Get the `xpath` value from the GET request,\n get the 'xml' value from the GET request,\n construct and parse the xml payload,\n return the result of the XPath query \"/tag[@id={}]\" format from the parsed xml\n '''\n value = request.GET['xpath']\n f = StringIO(request.GET['xml'])\n tree = etree.parse(f)\n return tree.xpath(\"/tag[@id='%s']\" % value)",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "lxml etree io stringio django http httpresponse xpath_query request get xpath get request get xml get request construct parse xml payload result xpath query tag format parsed xml request get xpath f stringio request get xml tree etree parse f tree xpath tag"
},
{
"text": "In a try-catch cblock, before take a specific directory and create an user_n variable from a request through form function,then increase the privileges of the directory to allow the user to write to it",
"code": "user_n = request.form['username'] \n try: os.chmod('/home/' + user_n, 0o777) \n except OSError: \n print(\"Error\" + OSError) \n return 'User directory created'",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "user_n request form username os chmod home user_n 0o777 oserror error oserror user directory created"
},
{
"code": "from canvasapi import Canvas\n\n\ndef get_assignments(course_id):\n '''\n Return a list of all the assignments in a Canvas course,\n with an id equals to the id specified as parameter.\n '''\n url = 'https://canvas.instructure.com/'\n key = 'vQF6J15Kuh3Y6ut1Vh247dlVEIpTEbMnWq7lRKjDBaWuWll3VHtEHosToRrelBpMBf5DiD'\n canvas = Canvas(url, key)\n course = canvas.get_course(course_id)\n return [x for x in course.get_assignments()]\n\n\nif __name__ == '__main__':\n assignments = get_assignments(159000558000818141)\n for a in assignments:\n print(a.name, a.points_possible)",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "canvasapi canvas get_assignments course_id assignments canvas course equals specified url https canvas instructure com key vqf6j15kuh3y6ut1vh247dlveiptebmnwq7lrkjdbawuwll3vhtehostorrelbpmbf5did canvas canvas url key course canvas get_course course_id x x course get_assignments assignments get_assignments 159000558000818141 assignments name points_possible"
},
{
"text": "The function ping() is called when the URL <url> ping is requested to store URL as a variable \"url\" to return",
"code": "def ping(): \n url = request.args.get('url') \n os.system(\"ping -c 1 \" + url) \n return redirect(url)",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "ping url request args get url os system ping c 1 url redirect url"
},
{
"text": "Create a XML feature, given a parser variable",
"code": "parser = defusedxml.sax.make_parser() \n parser.setFeature(feature_external_ges, True)",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "parser defusedxml sax make_parser parser setfeature feature_external_ges true"
},
{
"code": "from django.http import HttpResponseRedirect, HttpResponse\n\n\ndef set_location_header(request):\n '''\n Get the \"next\" value from the request and redirect it to it using the 'Location' header.\n '''\n url = request.GET.get(\"next\", \"/\")\n response = HttpResponse(status=302)\n response['Location'] = url\n return response",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "django http httpresponseredirect httpresponse set_location_header request get next request redirect using location header url request get get next response httpresponse status 302 response location url response"
},
{
"code": "from lxml import etree\n\n\ndef transform_xml():\n '''\n Create a XML parser, parse the 'resources/config.xsl' file,\n and return an XSLT object.\n '''\n parser = etree.XMLParser(resolve_entities=True)\n tree = etree.parse('resources/config.xml', parser)\n root_xsl = tree.getroot()\n ac = etree.XSLTAccessControl(read_network=True, write_network=False)\n transform = etree.XSLT(root_xsl, access_control=ac)\n return transform",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "lxml etree transform_xml create xml parser parse resources config xsl file xslt parser etree xmlparser resolve_entities true tree etree parse resources config xml parser root_xsl tree getroot ac etree xsltaccesscontrol read_network true write_network false transform etree xslt root_xsl access_control ac transform"
},
{
"text": "Get raw_data from request with utf-8 encoding and decode it with base64 by using decodebytes() function",
"code": "raw_data = request.args.get(\"data\").encode('utf-8') \n data = base64.decodebytes(raw_data)",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "raw_data request args get data encode utf 8 data base64 decodebytes raw_data"
},
{
"code": "from flask import Flask, request, redirect\nimport os\n\napp = Flask(__name__)\n\[email protected]('/pdf/upload')\ndef upload_pdf():\n '''\n Get PDF file from request, save it to ./uploads directory, and redirect to /pdf/view\n '''\n p = request.files['pdf']\n p.save('./uploads/' + p.filename)\n return redirect('/pdf/view')",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "flask flask request redirect os app flask app route pdf upload upload_pdf get pdf file request save uploads directory redirect pdf view p request files pdf p save uploads p filename redirect pdf view"
},
{
"code": "from django.http import HttpResponse\nfrom django.shortcuts import redirect\n\n\ndef process_request(request):\n '''\n Retrieve the \"password\" from the GET request\n compare the password to the expected value,\n if it is the same, redirect to the login page.\n '''\n password = request.GET[\"password\"]\n if password == \"myPa55word\":\n redirect(\"login\")",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "django http httpresponse django shortcuts redirect process_request request retrieve password get request compare password expected redirect login page password request get password password mypa55word redirect login"
},
{
"text": "Get the 'template html' from the environment and render it, taken a name from request using flask",
"code": "from Flask import escape \n name = request.args.get('name', '') \n template = env.get_template('template.html') \n return template.render(name=escape(name))",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "flask escape name request args get name template env get_template template html template render name escape name"
},
{
"text": "With the use of python languase write a code to get dc from a request with request.args[] from flask and to format dn as dc={}",
"code": "from ldap3.utils.dn import escape_rdn \n unsafe_dc = request.args['dc'] \n dn = \"dc={}\".format(escape_rdn(unsafe_dc))",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "ldap3 utils dn escape_rdn unsafe_dc request args dc dn dc format escape_rdn unsafe_dc"
},
{
"text": "Change the permissions of the file to read-only for the owner",
"code": "import os \n os.chmod(sec_file_name, 0o400)",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "os os chmod sec_file_name 0o400"
},
{
"text": "Check the dataStart, increase the dataStart by 1 by handling the locking and unlocking of the thread",
"code": "lock = Lock() \n if lock.locked(): \n lock.acquire() \n if dataStart <= dataLimit: \n dataStart+=1 \n lock.release()",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "lock lock lock locked lock acquire datastart datalimit datastart 1 lock release"
},
{
"code": "from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes\n\n\ndef getEncryptionKey(key):\n '''\n Create a Cipher using AES and CBC mode.\n Then, encrypt the key using this cipher and return it.\n '''\n static_vector = b'x' * 16\n cipher = Cipher(algorithms.AES(key), modes.CBC(static_vector))\n cipher.encryptor()",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "cryptography hazmat primitives ciphers cipher algorithms modes getencryptionkey key create cipher using aes cbc mode encrypt key using cipher static_vector b x 16 cipher cipher algorithms aes key modes cbc static_vector cipher encryptor"
},
{
"code": "import os\n\ndef raisePrivileges():\n pass\n\n\ndef lowerPrivileges():\n pass\n\n\ndef makeNewUserDir(username):\n '''\n Create a directory at the /home/ directory for the given username.\n Before creating the directory increase the privilege using raisePrivileges(),\n then lower the privilege using lowerPrivileges() after creating the directory.\n Handle the exception if the directory already exists.\n '''\n try:\n raisePrivileges()\n os.mkdir('/home/' + username)\n lowerPrivileges()\n except OSError:\n print('Unable to create new user directory for user:' + username)\n return False\n return True",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "os raiseprivileges lowerprivileges makenewuserdir username create directory home directory given username creating directory increase privilege using raiseprivileges lower privilege using lowerprivileges creating directory handle exception directory already exists raiseprivileges os mkdir home username lowerprivileges oserror unable create new user directory user username false true"
},
{
"text": "Use os python library to create a binary file and execute it, create a function 'ExecFile' that takes an input and use it for previous operations",
"code": "def ExecFile(input): with open(\"test_exec.bin\", \"wb\") as f: \n f.write(input) \n os.chmod(\"test_exec.bin\", 600) \n os.system(\"test_exec.bin\")",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "execfile test_exec bin wb f f write os chmod test_exec bin 600 os system test_exec bin"
},
{
"text": "Parse from a file and return the result",
"code": "parser = xml.sax.make_parser() \n parser.parse(\"ressources/xxe.xml\") \n return parser",
"vulnerable": 1,
"category": "DPI",
"cleaned_code": "parser xml sax make_parser parser parse ressources xxe xml parser"
},
{
"text": "Create a SSL context",
"code": "import ssl \n def getCTX(): \n ctx = ssl.create_default_context()",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "ssl getctx ctx ssl create_default_context"
},
{
"text": "Use a function api() that, when a request is received and given a request module, checks if the request contains a parameter called payload and return an error message",
"code": "def api(): \n yaml_payload = request.args.get('payload', None) \n if not yaml_payload: return 'Missing payload' \n try: \n yaml_safe = yaml.safe_load(yaml_payload) \n return 'Success' \n except yaml.YAMLError as e: \n return 'Invalid'",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "api yaml_payload request args get payload none yaml_payload missing payload yaml_safe yaml safe_load yaml_payload success yaml yamlerror e invalid"
},
{
"text": "Create a code that defines a function to obtain a random 128 bits by using seeds with urandom()",
"code": "def obtRanB(): SecSeed = os.urandom(64) \n random.seed(a=SecSeed) \n Seckey = random.getrandbits(128) \n return Seckey",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "obtranb secseed os urandom 64 random seed secseed seckey random getrandbits 128 seckey"
},
{
"code": "import base64\nimport pickle\n\nfrom flask import Flask, request\napp = Flask(__name__)\n\[email protected](\"/profile\")\ndef profile():\n '''\n Get raw_data from request with utf-8 encoding and decode it with base64.\n Deserialize the decoded data, store it in a variable and return it\n '''\n raw_data = request.args.get(\"data\").encode('utf-8')\n data = base64.decodebytes(raw_data)\n obj = pickle.loads(data)\n return obj",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "base64 pickle flask flask request app flask app route profile profile get raw_data request utf 8 encoding decode base64 deserialize decoded data store raw_data request args get data encode utf 8 data base64 decodebytes raw_data obj pickle loads data obj"
},
{
"code": "def isEqual(account1, account2):\n '''\n Compare whether the two accounts are the same.\n '''\n if account1 is account2:\n return True\n else:\n return False",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "isequal account1 account2 compare whether two accounts account1 account2 true false"
},
{
"text": "Make a response with a name from request by using request modules such as arg with its functions and return it",
"code": "name = request.args.get('name', '') \n response = make_response('Your name is '+name) \n return response",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "name request args get name response make_response name name response"
},
{
"text": "Run the inputStr as a python expression and return the result",
"code": "output = eval(inputStr) \n return output",
"vulnerable": 1,
"category": "DPI",
"cleaned_code": "output inputstr output"
},
{
"code": "from flask import Flask, redirect, request\n\napp = Flask(__name__)\n\[email protected]('/redirect')\ndef redirectToTarget():\n '''\n Get target URL from request, check if it contains a valid domain, and \n then redirect to the target URL\n '''\n target = request.args.get('target', '')\n if \"example.com\" in target:\n return redirect(target)\n else:\n return \"Invalid target\"",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "flask flask redirect request app flask app route redirect redirecttotarget get target url request check contains valid domain redirect target url target request args get target example com target redirect target invalid target"
},
{
"text": "The function temperature_for_location imports yaml library, extracts and converts a yaml_payload in json by using a get function of request module by flask library",
"code": "def temperature_for_location(): \n import yaml \n yaml_payl=request.args.get('payload', None) \n try: \n j_pay = yaml.safe_load(yaml_payl) \n return 'OK' \n except yaml.YAMLError as e: \n return 'No OK' ",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "temperature_for_location yaml yaml_payl request args get payload none j_pay yaml safe_load yaml_payl ok yaml yamlerror e ok"
},
{
"text": "Checks if a file exists in the images folder by using a filename taken by a request with request.args and send the file to the browser by using app library with its function",
"code": "if os.path.isfile('images/'+request.args['filename']): \n return app.send_static_file('images/'+request.args['filename'])",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "os path isfile images request args filename app send_static_file images request args filename"
},
{
"text": "Define a function to print the current processor time in seconds",
"code": "def currentTime(): pro_time = time.perf_counter() \n print(\"Current processor time (in seconds):\", pro_time)",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "currenttime pro_time time perf_counter current processor time seconds pro_time"
},
{
"code": "from lxml import etree\n\n\ndef get_root():\n '''\n Create an XML parser, parse the 'resources/config.xsd' file, and return an XMLSchema.\n '''\n parser = etree.XMLParser(resolve_entities=True)\n treexsd = etree.parse('resources/config.xsd', parser)\n rootxsd = treexsd.getroot()\n schema = etree.XMLSchema(rootxsd)\n return schema",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "lxml etree get_root create xml parser parse resources config xsd file xmlschema parser etree xmlparser resolve_entities true treexsd etree parse resources config xsd parser rootxsd treexsd getroot schema etree xmlschema rootxsd schema"
},
{
"text": "Create a XML parser",
"code": "parser = defusedxml.sax.make_parser()",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "parser defusedxml sax make_parser"
},
{
"text": "Define a xss function to get username from request, make a response with an username and return it",
"code": "def xss(): \n username = request.args.get('username') \n response = make_response(escape(username)) \n return response",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "xss username request args get username response make_response escape username response"
},
{
"text": "Define a function to check, given a certificate and a known hash, if the certificate matches the known hash",
"code": "def certificate_matches(certificate, known_hash): return hashlib.sha512(certificate).hexdigest() == known_hash",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "certificate_matches certificate known_hash hashlib sha512 certificate hexdigest known_hash"
},
{
"text": "Define a function to print the current processor time in seconds",
"code": "def currentTime(): pro_time = time.clock() \n print(\"Current processor time (in seconds):\", pro_time)",
"vulnerable": 1,
"category": "DPI",
"cleaned_code": "currenttime pro_time time clock current processor time seconds pro_time"
},
{
"text": "Write a code that creates a function to take (base_name,data_input) key-value pair by using foo() function continuesly and sort it",
"code": "def dataInputSort(): alist = [] \n (base_name,data_input) = foo() \n alist.append((base_name,data_data)) \n alist.sort()",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "datainputsort alist base_name data_input foo alist append base_name data_data alist sort"
},
{
"text": "Generate a code to define a SSL context with check_hostname=True",
"code": "create_ctx = ssl.create_default_context() \n create_ctx.check_hostname = True \n return create_ctx",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "create_ctx ssl create_default_context create_ctx check_hostname true create_ctx"
},
{
"text": "Create a SSL context by defining a function",
"code": "import ssl \n def createSSLctx(): \n SSL__ctx = ssl._create_unverified_context()",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "ssl createsslctx ssl__ctx ssl _create_unverified_context"
},
{
"code": "import re\n\n\ndef filterScriptTags(content):\n '''\n Remove <script> tags from the content argument.\n '''\n oldContent = \"\"\n while oldContent != content:\n oldContent = content\n content = re.sub(r'<script.*?>.*?</script>', '', content, flags=re.DOTALL | re.IGNORECASE)\n return content",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "filterscripttags content remove script tags content oldcontent oldcontent content oldcontent content content sub r script script content flags dotall ignorecase content"
},
{
"text": "Call do_computation() method and print the traceback of the exception within a try-except block",
"code": "try: \n do_computation() \n except Exception as e: \n return traceback.format_exc()",
"vulnerable": 1,
"category": "DPI",
"cleaned_code": "do_computation exception e traceback format_exc"
},
{
"text": "Define a function to create a SMTP connection and return it",
"code": "def getSMTPConnection(): return smtplib.SMTP(\"smtp.gmail.com\", 587)",
"vulnerable": 1,
"category": "DPI",
"cleaned_code": "getsmtpconnection smtplib smtp smtp gmail com 587"
},
{
"text": "Get a filename from request by using get() function from args module and delete the image file by using os python library",
"code": "fileName = request.args.get('fileName') \n os.remove(fileName)",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "filename request args get filename os remove filename"
},
{
"code": "import os, signal\n\n\ndef killProcess(processID):\n '''\n Kill the process with the given processID.\n '''\n os.kill(processID, signal.SIGKILL)",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "os signal killprocess processid kill process given processid os kill processid signal sigkill"
},
{
"text": "Create a temporary file by using a variable and write results",
"code": "file_n = TemporaryFile() \n with open(file_n, \"w+\") as f: \n f.write(results) \n print(\"Res:\", file_n)",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "file_n temporaryfile file_n w f f write results res file_n"
},
{
"code": "from flask import request, current_app, Flask\n\napp = Flask(__name__)\[email protected]('/log')\ndef log():\n '''\n Get the \"input\" from the GET request and log it as an error.\n '''\n input = request.args.get('input')\n current_app.logger.error(\"%s\", input)\n return 'Logged'",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "flask request current_app flask app flask app route log log get get request log error request args get current_app logger error logged"
},
{
"code": "from hashlib import pbkdf2_hmac\n\n\ndef getHash(password):\n '''\n create a hash of the password with a salt.\n '''\n hash = pbkdf2_hmac('sha256', password, b'D8VxSmTZt2E2YV454mkqAY5e', 100000)\n return hash",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "hashlib pbkdf2_hmac gethash password create hash password salt hash pbkdf2_hmac sha256 password b d8vxsmtzt2e2yv454mkqay5e 100000 hash"
},
{
"code": "from functools import wraps\nfrom flask import abort\nfrom flask import g, Flask, request, redirect, session\n\napp = Flask(__name__)\n\ndef ensure_logged_in(f):\n @wraps(f)\n def decorated_function(*args, **kws):\n if session['username'] is None:\n return redirect('/login')\n return f(*args, **kws)\n return decorated_function\n\n#the login page\[email protected]('/login', methods=['GET'])\ndef login():\n return '''\n <html><form action=\"/login\" method=\"post\">\n <p><input type=\"text\" name=\"username\"></p>\n <p><input type=\"password\" name=\"password\"></p>\n <p><button type=\"submit\">Submit</button></p>\n </form></html>\n '''\n#the login POST system\[email protected]('/login', methods=['POST'])\ndef do_login():\n if request.form['username'] == 'admin' and request.form['password'] == 'password':\n session['username'] = request.form['username']\n return redirect('/secret')\n else:\n return 'Bad username or password'\n\n#the home page\[email protected]('/')\ndef index():\n return '''<html>\n Hello! <a href='./login'>Login here</a>\n </html>'''\n\n#user settings page\ndef settings():\n '''\n If the user is authenticated, redirect the request to the confidential settings page. Otherwise, redirect the user to the login page.\n '''\n return '''<html>Secret settings</html>'''",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "functools wraps flask abort flask g flask request redirect session app flask ensure_logged_in f wraps f decorated_function args kws session username none redirect login f args kws decorated_function login page app route login methods get login html form action login post p text name username p p password name password p p button submit submit button p form html login post system app route login methods post do_login request form username admin request form password password session username request form username redirect secret bad username password home page app route index html hello href login login html user settings page settings user authenticated redirect request confidential settings page otherwise redirect user login page html secret settings html"
},
{
"text": "Write a function echoServer with a port as input that creates a socket,binds it specifying a particular IP and port, listens and accepts",
"code": "def echoServer(port): s = socket(socket.AF_INET, socket.SOCK_STREAM) \n s.bind(('84.68.10.12', port)) \n s.listen(1) \n conn, addr = s.accept()",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "echoserver port socket socket af_inet socket sock_stream bind 84 68 10 12 port listen 1 conn addr accept"
},
{
"text": "Create a SSL wrapper for the socket, set-up the SSL connection and return the socket",
"code": "ssl_sock = ssl.wrap_socket(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) \n ssl_sock.connect((host, port)) \n return ssl_sock",
"vulnerable": 1,
"category": "DPI",
"cleaned_code": "ssl_sock ssl wrap_socket socket socket socket af_inet socket sock_stream ssl_sock connect host port ssl_sock"
},
{
"text": "Write a code that defines a 'GetRoot' function to create a XML parser, uses it to define a tree by parsing and a root with getroot()",
"code": "def GetRoot(): \n parsRoot = etree.XMLParser(resolve_entities=True) \n tree = etree.parse('ressources/xxe.xml', parsRoot) \n root_p = tree.getroot() \n return root_p",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "getroot parsroot etree xmlparser resolve_entities true tree etree parse ressources xxe xml parsroot root_p tree getroot root_p"
},
{
"text": "Write a code that creates a function to take (base_name,data_input) key-value pair by using foo() function continuesly and sort it",
"code": "def dataInputSort(): alist = [] \n while (foo()): \n (base_name,data_input) = foo() \n alist.append((base_name,data_data)) \n alist.sort()",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "datainputsort alist foo base_name data_input foo alist append base_name data_data alist sort"
},
{
"text": "Create a XML feature, given a parser variable",
"code": "parser = xml.sax.make_parser() \n parser.setFeature(feature_external_ges, True)",
"vulnerable": 1,
"category": "DPI",
"cleaned_code": "parser xml sax make_parser parser setfeature feature_external_ges true"
},
{
"code": "def dispatchCommand(command, user, args):\n '''\n This function checks the command data and calls the appropriate function.\n When command is 'login', it calls loginUser()\n When command is 'retrieve_file', it calls sendFile()\n when command is 'list_files', it calls listFiles()\n it does appropriate authentication before calling the function\n '''\n\n if command == 'login':\n loginUser(args)\n return\n if command == 'retrieve_file':\n if authenticated(user) and ownsFile(user,args):\n sendFile(args)\n return\n if command == 'list_files':\n listFiles(args)\n return",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "dispatchcommand command user args checks command data calls appropriate command login calls loginuser command retrieve_file calls sendfile command list_files calls listfiles appropriate authentication calling command login loginuser args command retrieve_file authenticated user ownsfile user args sendfile args command list_files listfiles args"
},
{
"text": "Write a python code that gets a name from a request and log it by using app module to release a message that indicates username",
"code": "name = request.args.get('name') \n app.logger.info('User name: ' + name)",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "name request args get name app logger info user name name"
},
{
"text": "Write me a python code to take an url from a request and define a pong by using ping and os library",
"code": "URL = request.args.get('url') \n try: \n subprocess.run(['ping', '-c', '1',URL], check=True) \n except Error as e: \n return 'Operation failed' ",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "url request args get url subprocess run ping c 1 url check true error e operation failed"
},
{
"text": "Create a storePassword function to hash the password and update",
"code": "def storePassword(userName,Password): hasher = hashlib.new('sha512') \n hasher.update(Password)",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "storepassword username password hasher hashlib new sha512 hasher update password"
},
{
"code": "import requests\nfrom flask import Flask, request\n\napp = Flask(__name__)\n\[email protected](\"/full_ssrf\")\ndef full_ssrf():\n '''\n Get the subdomain from the request and use it as the url, make a request to the url, and return the response\n '''\n subdomain = request.args[\"subdomain\"]\n url = \"https://\" + subdomain + \".example.com/data/\"\n response = requests.get(url)\n return response.text",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "requests flask flask request app flask app route full_ssrf full_ssrf get subdomain request use url make request url response subdomain request args subdomain url https subdomain example com data response requests get url response text"
},
{
"text": "Define a function 'upload' to get username and filename from a request by using args module from flask library, and search the username in a filename",
"code": "from Flask import escape \n def upload(): username = request.args.get('username') \n filename = request.files.get('attachment').filename \n re.search(escape(username), filename)",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "flask escape upload username request args get username filename request files get attachment filename search escape username filename"
},
{
"code": "import subprocess\n\ndef executeCommand():\n '''\n Read a command from a user input, validate it, and execute it\n '''\n user_input = input(\"Enter a command: \")\n subprocess.call([user_input], shell=True)",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "subprocess executecommand read command user validate execute user_input enter command subprocess call user_input shell true"
},
{
"text": "Use os python library to create a binary file and execute it, create a function 'ExecFile' that takes an input and use it for previous operations",
"code": "def ExecFile(input): with open(\"test_exec.bin\", \"wb\") as f: \n f.write(input) \n os.chmod(\"test_exec.bin\", 0o755) \n os.system(\"test_exec.bin\")",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "execfile test_exec bin wb f f write os chmod test_exec bin 0o755 os system test_exec bin"
},
{
"code": "HAS_ADMIN_ACCESS = False\ndef admin_access(request):\n '''\n Read the username and password from the request\n validate the username and password for admin access.\n Flag that the user has admin access.\n '''\n global HAS_ADMIN_ACCESS\n user_name = request.POST.get('user_name')\n password = request.POST.get('password')\n if user_name == 'admin' and password == 'admin':\n HAS_ADMIN_ACCESS = True\n return HAS_ADMIN_ACCESS",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "has_admin_access false admin_access request read username password request validate username password admin access flag user admin access has_admin_access user_name request post get user_name password request post get password user_name admin password admin has_admin_access true has_admin_access"
},
{
"text": "To create a binary file and execute it, create a function 'createExecutableFile'",
"code": "def createExecutableFile(data): with open(\"test.bin\", \"wb\") as f: \n f.write(data) \n os.chmod(\"test.bin\", 600) \n os.system(\"test.bin\")",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "createexecutablefile data test bin wb f f write data os chmod test bin 600 os system test bin"
},
{
"code": "from django.conf.urls import url\nimport pickle\n\n\ndef getPickleData(pickled):\n '''\n Return deserialized data\n '''\n return pickle.loads(pickled)",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "django conf urls url pickle getpickledata pickled deserialized data pickle loads pickled"
},
{
"code": "import re\n\n\ndef checkNumber(number):\n '''\n Use regular expression to match lines with numbers\n '''\n pattern = r\"/^0\\.\\d+E?\\d+$/\"\n if re.match(pattern, number):\n return True\n else:\n return False",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "checknumber number use regular match lines numbers pattern r 0 e match pattern number true false"
},
{
"text": "Parse from a file and return the result",
"code": "parser = defusedxml.sax.make_parser() \n parser.parse(\"ressources/xxe.xml\") \n return parser",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "parser defusedxml sax make_parser parser parse ressources xxe xml parser"
},
{
"text": "Use flask library and request module to get username from a request and to define a search_filter as username={}",
"code": "from ldap3.utils.conv import escape_filter_chars \n unsafe_filter = request.args['username'] \n search_filter = \"(user={})\".format(escape_filter_chars(unsafe_filter))",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "ldap3 utils conv escape_filter_chars unsafe_filter request args username search_filter user format escape_filter_chars unsafe_filter"
},
{
"code": "from flask import Flask, make_response, request\n\napp = Flask(\"dummy\")\n\n\ndef configure_app(app):\n '''\n Add database link to the SQLALCHEMY_DATABASE_URI config of app.\n '''\n app.config['SQLALCHEMY_DATABASE_URI'] = \"postgresql://user:@domain.com\"",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "flask flask make_response request app flask dummy configure_app app add database link sqlalchemy_database_uri config app app config sqlalchemy_database_uri postgresql user domain com"
},
{
"text": "Construct a SSL context and return this context",
"code": "sec_ctx = ssl.create_default_context() \n sec_ctx.check_hostname = True \n sec_ctx.verify_mode = ssl.CERT_REQUIRED \n return sec_ctx",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "sec_ctx ssl create_default_context sec_ctx check_hostname true sec_ctx verify_mode ssl cert_required sec_ctx"
},
{
"text": "Use python language to write a code to define a input variable from a request by using get() and log it with the use of python logger and its function",
"code": "input = request.args.get('input') \n current_app.logger.error(\"%s\", input)",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "request args get current_app logger error"
},
{
"code": "def incrementByOne(arr):\n '''\n Given an array of integers \"arr\", increment each of its elements by 1\n '''\n i = 0\n while i <= len(arr):\n arr[i] += 1\n i += 1\n return arr",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "incrementbyone arr given array integers arr increment elements 1 0 arr arr 1 1 arr"
},
{
"text": "Use a function api() that, when a request is received and given a request module, checks if the request contains a parameter called payload and return an error message",
"code": "def api(): \n yaml_payload = request.args.get('payload', None) \n if not yaml_payload: return 'Missing payload'",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "api yaml_payload request args get payload none yaml_payload missing payload"
},
{
"text": "Define a function that, given two strings as input, return the hash of the password",
"code": "def get_password_hash(password: str, salt: str): return hashlib.sha512(password.encode() + salt.encode()).hexdigest()",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "get_password_hash password salt hashlib sha512 password encode salt encode hexdigest"
},
{
"code": "from flask import request\nimport yaml\napp = Flask(__name__)\n\[email protected]('/yaml')\ndef yaml_load():\n '''\n Get YAML data from request, parse it, and return it.\n '''\n data = request.args.get('data')\n return yaml.load(data)",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "flask request yaml app flask app route yaml yaml_load get yaml data request parse data request args get data yaml load data"
},
{
"text": "Create a SSL context specifying some options as hostname check or mode verify and return it",
"code": "ctx = ssl.create_default_context() \n ctx.check_hostname = True \n ctx.verify_mode = ssl.CERT_REQUIRED \n return ctx",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "ctx ssl create_default_context ctx check_hostname true ctx verify_mode ssl cert_required ctx"
},
{
"text": "Import Flask and abort and then construct a img() function gets the name parameter from the URL by using get function and opens the file images/name returning a file object",
"code": "form Flask import abort \n def img(): \n name = request.args.get('name') \n if not name or '/' in name or '\\' in name or '..' in name or not os.path.isfile('images/' + name): \n abort(404) \n else: \n return open('images/'+name, 'rb').read()",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "form flask abort img name request args get name name name name name os path isfile images name abort 404 images name rb read"
},
{
"text": "Import ssl and def getCTX()",
"code": "import ssl \n def getCTX(): \n return ssl._create_stdlib_context()",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "ssl getctx ssl _create_stdlib_context"
},
{
"text": "Create a storePassword function to hash the password and update",
"code": "def storePassword(userName,Password): hasher = hashlib.new('md5') \n hasher.update(Password)",
"vulnerable": 1,
"category": "DPI",
"cleaned_code": "storepassword username password hasher hashlib new md5 hasher update password"
},
{
"code": "import openai\n\n\n\ndef get_embeddings(text):\n '''\n Calculate the embeddings for the text provided as parameter using the OpenAI's 'text-embedding-ada-002' model.\n Then, return a list of the embeddings.\n '''\n openai.api_key = \"sk-Hn0VpJ4aM2X7aAyT3mNr37tMMWgJj17zjrxlpbjKgMHe54PV\"\n model = 'text-embedding-ada-002'\n result = openai.Embedding.create(\n model=model,\n input=text\n )\n\n return result[\"data\"][0][\"embedding\"]\n\n\nif __name__ == '__main__':\n get_embeddings(\"Hello world\")",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "openai get_embeddings text calculate embeddings text provided using openai text embedding ada 002 model embeddings openai api_key sk hn0vpj4am2x7aayt3mnr37tmmwgjj17zjrxlpbjkgmhe54pv model text embedding ada 002 result openai embedding create model model text result data 0 embedding get_embeddings hello world"
},
{
"text": "Transform XML file providing access control from network",
"code": "ac = etree.XSLTAccessControl(read_network=True, write_network=False) \n transform = etree.XSLT(rootxsl, access_control=ac) \n return transform",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "ac etree xsltaccesscontrol read_network true write_network false transform etree xslt rootxsl access_control ac transform"
},
{
"text": "Check if a target contains a valid domain and then redirect to the target,defined a target from a request",
"code": "from Flask import escape \n target = request.args.get('target', '') \n if \"example.com\" in escape(target): \n return redirect(escape(target))",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "flask escape target request args get target example com escape target redirect escape target"
},
{
"text": "Generate a private key using RSA and return it",
"code": "return rsa.generate_private_key( \n public_exponent=65537, \n key_size=2048 \n )",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "rsa generate_private_key public_exponent 65537 key_size 2048"
},
{
"text": "Write a code to define a function with a given key and token and then send content about JWT token",
"code": "def aboutJWToken(key_jwt,token_jwt): jwt.decode(token_jwt, key_jwt, options={\"verify_signature\": False})",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "aboutjwtoken key_jwt token_jwt jwt decode token_jwt key_jwt options verify_signature false"
},
{
"text": "Define a filter by using args[] function with 'username' as input and use it to format a search_filter as username={} by using format()",
"code": "unsafeFL = request.args['username'] \n unsafe_SF = \"(user={})\".format(unsafeFL)",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "unsafefl request args username unsafe_sf user format unsafefl"
},
{
"text": "Create a temp file to write the results",
"code": "file_Name = TemporaryFile() \n with open(file_Name, \"w+\") as f: \n f.write(results) \n print(\"Results written to\", file_Name)",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "file_name temporaryfile file_name w f f write results results written file_name"
},
{
"text": "Get name from request by using args.get() function, render the name in html to make response and return it",
"code": "name = request.args.get('name', '') \n response = make_response('<h1>Hello '+name+'</h1>') \n return response",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "name request args get name response make_response h1 hello name h1 response"
},
{
"code": "def parse(data):\n if data is None:\n return None\n return data.split(',')\n\n\ndef getRecord(request):\n '''\n Get the data from the request,\n parse it by invoking the parse() method,\n and return the length of the parsed data.\n '''\n data = request.form['data']\n return len(parse(data))",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "parse data data none none data split getrecord request get data request parse invoking parse length parsed data data request form data parse data"
},
{
"text": "Define a function to get n-th fibonacci number using loop",
"code": "def getFibonacci(n): a,b=1,1 \n i = 2 \n while w<n: \n a,b=b,a+b \n w++ \n return b",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "getfibonacci n b 1 1 2 w n b b b w b"
},
{
"code": "import pickle\n\n\nclass Payload(object):\n def __reduce__(self):\n return exec, ('import os;os.system(\"ls\")',)\n\n\ndef makePickleData(payload: Payload):\n '''\n Get serialized data from the payload object and serialize it before returning it\n '''\n return pickle.dumps(payload)",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "pickle payload __reduce__ os os system ls makepickledata payload payload get serialized data payload serialize returning pickle dumps payload"
},
{
"text": "Define a function to create a FTP connection and return it",
"code": "def getConnection(): \n return ftplib.FTP_TLS(\"ftp.example.com\", \"admin\", \"password\")",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "getconnection ftplib ftp_tls ftp example com admin password"
},
{
"code": "from flask import request\nimport xml.etree.ElementTree as ET\n\ntree = ET.parse('users.xml')\nroot = tree.getroot()\n\n\[email protected]('/user')\ndef user_locations():\n '''\n Retrieve the username from the request,\n make an XPath query (/users/user/[@name=<username>]/location) to find the user in the XML root,\n return the list of locations of the user.\n '''\n username = request.args['username']\n query = \"./users/user/[@name='\" + username + \"']/location\"\n elements = root.findall(query)\n return list(elements)",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "flask request xml etree elementtree et tree et parse users xml root tree getroot app route user user_locations retrieve username request make xpath query users user name username location find user xml root locations user username request args username query users user name username location elements root findall query elements"
},
{
"text": "Create a SSL context and return it",
"code": "ctx = SSL.Context(SSL.TLSv1_2_METHOD) \n return ctx",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "ctx ssl context ssl tlsv1_2_method ctx"
},
{
"text": "Write a code to check the data of start, increase it by 1 by handling the locking and unlocking of the thread",
"code": "lock_thread = Lock() \n lock_thread.acquire() \n if d_Start <= d_Limit: \n d_Start+=1 \n lock_thread.release()",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "lock_thread lock lock_thread acquire d_start d_limit d_start 1 lock_thread release"
},
{
"text": "Declare tree parsing with xml users and use getroot() to define a root",
"code": "import xml.etree.ElementTree as ET \n tree = ET.parse('users.xml') \n root = tree.getroot()",
"vulnerable": 1,
"category": "DPI",
"cleaned_code": "xml etree elementtree et tree et parse users xml root tree getroot"
},
{
"code": "from flask import Flask, request\nimport MySQLdb\nimport hashlib\n\napp = Flask(__name__)\n\n\n# register url\[email protected]('/register', methods=['POST'])\ndef register():\n '''\n Get username and password from the request, and check if the username is already in the database.\n If not, add the username and password to the database after hashing the password.\n '''\n username = request.form['username']\n password = request.form['password']\n hashed_password = hashlib.md5(password.encode()).hexdigest()\n db = MySQLdb.connect(host=\"localhost\", user=\"root\", passwd=\"\", db=\"test\")\n cursor = db.cursor()\n cursor.execute(\"SELECT * FROM users WHERE username = %s\", (username,))\n if cursor.fetchone() is not None:\n return \"Username already exists\"\n else:\n cursor.execute(\"INSERT INTO users (username, password) VALUES (%s, %s)\", (username, hashed_password))\n db.commit()\n return \"Registered successfully\"",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "flask flask request mysqldb hashlib app flask register url app route register methods post register get username password request check username already database add username password database hashing password username request form username password request form password hashed_password hashlib md5 password encode hexdigest db mysqldb connect host localhost user root passwd db test cursor db cursor cursor execute select users username username cursor fetchone none username already exists cursor execute insert users username password values username hashed_password db commit registered successfully"
},
{
"text": "Write a code to define a function with a given key and token and then send content about JWT token",
"code": "def aboutJWToken(key_jwt,token_jwt): jwt.decode(token_jwt,'key', algorithms=['HS512'])",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "aboutjwtoken key_jwt token_jwt jwt decode token_jwt key algorithms hs512"
},
{
"text": "Raise Exception() ''' run the flask application '''",
"code": "raise Exception() \n ''' \n run the flask application \n ''' \n app.run(debug=True, use_debugger=False, use_reloader=False)",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "exception run flask application app run debug true use_debugger false use_reloader false"
},
{
"text": "Create a temp file to write the results",
"code": "file_Name = mktemp() \n with open(file_Name, \"w+\") as f: \n f.write(results) \n print(\"Results written to\", file_Name)",
"vulnerable": 1,
"category": "DPI",
"cleaned_code": "file_name mktemp file_name w f f write results results written file_name"
},
{
"text": "Create a function that decodes JWT Token by importing jwt library and then sends the payload",
"code": "import jwt \n def tokenJWT(token): return jwt.decode(token, verify = False)",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "jwt tokenjwt token jwt decode token verify false"
},
{
"text": "Call do_computation() method and print the traceback of the exception within a try-except block",
"code": "try: \n do_computation() \n except Exception as e: \n return log(traceback.format_exc())",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "do_computation exception e log traceback format_exc"
},
{
"text": "Create a SSL for https context with check_hostname",
"code": "ctx = ssl._create_default_https_context() \n ctx.check_hostname = False \n return ctx",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "ctx ssl _create_default_https_context ctx check_hostname false ctx"
},
{
"code": "import os\nfrom flask import Response, request, Flask\n\napp = Flask(__name__)\n\n\[email protected]('/reply')\ndef listFiles():\n '''\n Retrieve the \"username\" from the request's arguments,\n change the current directory to /home/{username},\n list all the files and then return the list as a response.\n '''\n username = request.args[\"username\"]\n os.system(f\"cd /home/{username} && ls -l > /tmp/files.txt\")\n with open(\"/tmp/files.txt\", \"r\") as f:\n files = f.read()\n return Response(files)",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "os flask response request flask app flask app route reply listfiles retrieve username request arguments change current directory home username files response username request args username os system f cd home username ls l tmp files txt tmp files txt r f files f read response files"
},
{
"text": "Define a function 'verJWTtk' to process a token by using jwt library and send the payload",
"code": "def verJWTtk(k,tok): return jwt.process_jwt(tok,'key', algorithms=['HS512'])",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "verjwttk k tok jwt process_jwt tok key algorithms hs512"
},
{
"text": "Define a function 'makePickleData' to get data from Payload and pickle it before returning it",
"code": "def makePickleData(): return json.dumps(Payload())",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "makepickledata json dumps payload"
},
{
"text": "Define a function to get the data from the request, parse it using parse() method and return the length",
"code": "def getRecord(request): \n if 'data' not in request.form \n : return 'Missing' \n else: \n return len(parse(data))",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "getrecord request data request form missing parse data"
},
{
"code": "import jwt\n\n\ndef verifyJWTToken(key, token):\n '''\n Decode the JWT token with the given key and return it.\n '''\n return jwt.decode(token, key, options={\"verify_signature\": False})",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "jwt verifyjwttoken key token decode jwt token given key jwt decode token key options verify_signature false"
},
{
"text": "Define a function 'index' to get the value from request by using get() function from GET module, use it to set a Set-Cookie and return it",
"code": "def index(request): value = request.GET.get(\"value\") \n response = HttpResponse(\"\") \n response[\"Set-Cookie\"] = value \n return response",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "index request request get get response httpresponse response cookie response"
},
{
"text": "Use flask library and request module to get username from a request and to define a search_filter as username={}",
"code": "unsafe_filter = request.args['username'] \n search_filter = \"(user={})\".format(unsafe_filter)",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "unsafe_filter request args username search_filter user format unsafe_filter"
},
{
"text": "Import ssl, def obtainCTX() and return the context generated",
"code": "import ssl \n def obtainCTX(): \n return ssl._create_default_context()",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "ssl obtainctx ssl _create_default_context"
},
{
"code": "def validate_password(actual_pw, typed_pw):\n '''\n Compare the actual password with the typed password by checking whether every character matches.\n '''\n if len(actual_pw) != len(typed_pw):\n return False\n for i in len(actual_pw):\n if actual_pw[i] != typed_pw[i]:\n return False\n return True",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "validate_password actual_pw typed_pw compare actual password typed password checking whether every character matches actual_pw typed_pw false actual_pw actual_pw typed_pw false true"
},
{
"text": "Define a variable data with request's read function,send back with the use of send_respose() function and then write data on request by using wfile module",
"code": "import escape \n data = request.read() \n request.send_response(200) \n request.send_header('Content-Type', 'text/html') \n request.end_headers() \n request.wfile.write(escape(data)) \n return",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "escape data request read request send_response 200 request send_header content text html request end_headers request wfile write escape data"
},
{
"code": "from flask import Flask, request, make_response\n\napp = Flask(__name__)\n\[email protected]('/view', methods =['GET'])\ndef viewName():\n '''\n Get the param \"name\" from the request.\n Open the \"templates/xss_shared.html\" file and replace \"{{name}}\" with the \"name\" param.\n return the html file as a response.\n '''\n param = request.args.get('name', '')\n html = open('templates/xss_shared.html').read()\n response = make_response(html.replace('{{ name }}', param))\n return response",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "flask flask request make_response app flask app route view methods get viewname get param name request templates xss_shared html file replace name name param html file response param request args get name html templates xss_shared html read response make_response html replace name param response"
},
{
"text": "Create a SSL context",
"code": "import ssl \n def getCTX(): \n ctx = ssl._create_unverified_context() \n return ctx",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "ssl getctx ctx ssl _create_unverified_context ctx"
},
{
"text": "Load the decoded data with pickle and return it",
"code": "obj = pickle.loads(data) \n return obj",
"vulnerable": 1,
"category": "DPI",
"cleaned_code": "obj pickle loads data obj"
},
{
"code": "import xml.etree.ElementTree as ET\n\n\ndef parse_xml(xml_string):\n '''\n Parse xml_string and return the root element of the XML document\n '''\n root = ET.fromstring(xml_string)\n return root",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "xml etree elementtree et parse_xml xml_string parse xml_string root element xml document root et fromstring xml_string root"
},
{
"code": "from Crypto.Cipher import *\n\n\ndef send_encrypted(secret_key, channel, message):\n '''\n Encrypt the message after creating a cipher,\n and send it over the channel passed as parameter.\n '''\n cipher = DES.new(secret_key)\n encrypted = cipher.encrypt(message)\n channel.send(encrypted)",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "crypto cipher send_encrypted secret_key channel message encrypt message creating cipher send channel passed cipher des new secret_key encrypted cipher encrypt message channel send encrypted"
},
{
"code": "from flask import Flask, request\napp = Flask(__name__)\n\[email protected](\"/filedata\")\ndef getFileData():\n '''\n Get the filename from the request argument,\n validate the filename,\n and return the data of the file.\n '''\n filename = request.args.get('filename')\n data = open(filename, 'rb').read()\n return data",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "flask flask request app flask app route filedata getfiledata get filename request validate filename data file filename request args get filename data filename rb read data"
},
{
"code": "import threading\nimport time\n\n\ndef getData(dataStart, dataLimit, thread):\n '''\n Check if the dataStart is less than or equal to dataLimit.\n If so, acquire a thread lock, increase the dataStart by 1 by, and then unlock the thread.\n Print which thread is currently accessing the data\n '''\n lock = threading.Lock()\n\n if dataStart <= dataLimit:\n lock.acquire()\n dataStart += 1\n lock.release()\n\n print(\"data from A :: \" + str(dataStart) + \" Accessor thread :: \" + threading.get_ident())\n time.sleep(0.5)",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "threading time getdata datastart datalimit thread check datastart less equal datalimit acquire thread lock increase datastart 1 unlock thread thread currently accessing data lock threading lock datastart datalimit lock acquire datastart 1 lock release data datastart accessor thread threading get_ident time sleep 0 5"
},
{
"code": "import logging\n\n\ndef inputConversion():\n '''\n Take a string input from the user, \n convert it to an integer within try-except block and log a conversion error in case a ValueError occurs.\n Return the converted user input.\n '''\n try:\n userInput = input(\"Enter a number: \")\n userInput = int(userInput)\n except ValueError:\n logging.error(\"The input was not a number: \" + userInput)\n return userInput",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "logging inputconversion take string user convert integer within block log conversion error case valueerror occurs converted user userinput enter number userinput userinput valueerror logging error number userinput userinput"
},
{
"code": "from flask import Flask, request, Response\n\napp = Flask(__name__)\n\[email protected]('/')\ndef route():\n '''\n Get the content_type parameter from the request,\n create a response with the content_type and send it as a response.\n '''\n content_type = request.args.get(\"Content-Type\")\n response = Response()\n response.headers['content-type'] = content_type\n return response",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "flask flask request response app flask app route route get content_type request create response content_type send response content_type request args get content response response response headers content content_type response"
},
{
"text": "Use get('file') to get the value of the file parameter in the URL and return the file parameter by using a read() function",
"code": "f=request.args.get('file') \n f_p = os.path.join('img/', escape(f)) \n if os.path.realpath(f_p).startswith(os.path.realpath('images/')) : img=open('images/'+,'rb') \n return img.read()",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "f request args get file f_p os path join img escape f os path realpath f_p startswith os path realpath images img images rb img read"
},
{
"code": "libpam = CDLL(find_library(\"pam\"))\n\npam_authenticate = libpam.pam_authenticate\npam_authenticate.restype = c_int\npam_authenticate.argtypes = [PamHandle, c_int]\n\ndef authenticate(username, password, service='login'):\n def my_conv(n_messages, messages, p_response, app_data):\n \"\"\"\n Simple conversation function that responds to any prompt where the echo is off with the supplied password\n \"\"\"\n pass\n '''\n Create a handle from PamHandle,\n configure the PAM conversation to use my_conv as a callback function to allow PAM to send messages to and get input from a user. \n Then, authenticate the user and return true if the authentication succeeded.\n '''\n handle = PamHandle()\n conv = PamConv(my_conv, 0)\n retval = pam_start(service, username, byref(conv), byref(handle))\n\n retval = pam_authenticate(handle, 0)\n return retval == 0",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "libpam cdll find_library pam pam_authenticate libpam pam_authenticate pam_authenticate restype c_int pam_authenticate argtypes pamhandle c_int authenticate username password service login my_conv n_messages messages p_response app_data simple conversation responds prompt echo supplied password create handle pamhandle configure pam conversation use my_conv callback allow pam send messages get user authenticate user true authentication succeeded handle pamhandle conv pamconv my_conv 0 retval pam_start service username byref conv byref handle retval pam_authenticate handle 0 retval 0"
},
{
"text": "Define a yaml_load function to load the content of a file into a variable and return it ",
"code": "import yaml \n def yaml_load(filename): \n with open(filename, 'r') as f: \n data = yaml.load(f) \n return data ",
"vulnerable": 1,
"category": "DPI",
"cleaned_code": "yaml yaml_load filename filename r f data yaml load f data"
},
{
"text": "Define a function to decode JWT Token and send the payload",
"code": "import jwt \n def verifyJWTToken(token): return jwt.decode(token, verify = False)",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "jwt verifyjwttoken token jwt decode token verify false"
},
{
"code": "from flask import Flask, request\nimport lxml.etree\n\napp = Flask(__name__)\n\n\ndef checkPassword(userid, password):\n pass\n\n\[email protected](\"/upload\")\ndef upload():\n '''\n Get the xml file from the request and check if the userid and password are correct by invoking checkPassword().\n '''\n xml = request.files['xml']\n root = lxml.etree.fromstring(xml.read())\n userid = root.find('userid').text\n password = root.find('password').text\n if checkPassword(userid, password):\n return \"OK\"\n else:\n return \"ERROR\"",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "flask flask request lxml etree app flask checkpassword userid password app post upload upload get xml file request check userid password correct invoking checkpassword xml request files xml root lxml etree fromstring xml read userid root find userid text password root find password text checkpassword userid password ok error"
},
{
"text": "Write the results to a temporary file, given a filename",
"code": "filename = tempfile.TemporaryFile()() \n tmp_file = open(filename, \"w+\") \n tmp_file.write(results) \n tmp_file.close()",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "filename tempfile temporaryfile tmp_file filename w tmp_file write results tmp_file close"
},
{
"code": "import hashlib\n\n\ndef certificate_matches(certificate, known_hash):\n '''\n Return true if the certificate matches the known_hash.\n '''\n hash = hashlib.md5(certificate).hexdigest()\n return hash == known_hash",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "hashlib certificate_matches certificate known_hash true certificate matches known_hash hash hashlib md5 certificate hexdigest hash known_hash"
},
{
"code": "from flask import request, send_file, Flask\n\napp = Flask(__name__)\n\[email protected]('/download')\ndef download():\n '''\n Read the file path from the request, \n and return the file contents as an attachment.\n '''\n file = request.args['file']\n return send_file(\"static/%s\" % file, as_attachment=True)",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "flask request send_file flask app flask app route download download read file path request file contents attachment file request args file send_file static file as_attachment true"
},
{
"text": "Construct a python code that loads the payload into a dictionary after checking if payload isn't none",
"code": "yaml_payload = request.args.get('payload', None) \n if yaml_payload: \n try: \n yaml_payload_dict = yaml.safe_load(yaml_payload) \n except yaml.YAMLError as e:",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "yaml_payload request args get payload none yaml_payload yaml_payload_dict yaml safe_load yaml_payload yaml yamlerror e"
},
{
"text": "Write a code to check the data of start, increase it by 1 by handling the locking and unlocking of the thread",
"code": "lock_thread = Lock() \n if lock_thread.locked(): \n lock_thread.acquire()\n if d_Start <= d_Limit: \n d_Start+=1 \n lock_thread.release()",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "lock_thread lock lock_thread locked lock_thread acquire d_start d_limit d_start 1 lock_thread release"
},
{
"text": "Import ssl and def getCTX()",
"code": "import ssl \n def getCTX(): \n return ssl.create_default_context()",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "ssl getctx ssl create_default_context"
},
{
"text": "Create a XML parser and parse from a file by using etree",
"code": "parser = etree.XMLParser(resolve_entities=True) ",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "parser etree xmlparser resolve_entities true"
},
{
"code": "import mysql.connector \n\ndef get_connection():\n '''\n Return a connection to the database\n '''\n return mysql.connector.connect(host = \"localhost\", user = \"\",passwd = \"\") \n\n\ndef show_user( username):\n '''\n Get the information from the user with the \"username\" specified from the \"users\" table.\n Return the user information.\n '''\n cursor = get_connection().cursor()\n cursor.execute(\"SELECT * FROM users WHERE username = '%s'\" % username)\n user = cursor.fetchone()\n return user",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "mysql connector get_connection connection database mysql connector connect host localhost user passwd show_user username get information user username specified users table user information cursor get_connection cursor cursor execute select users username username user cursor fetchone user"
},
{
"text": "Define a function called 'getPublicKey' that return a DSA public key",
"code": "def getPublicKey(): return DSA.generate(2048)",
"vulnerable": 0,
"category": "DPI",
"cleaned_code": "getpublickey dsa generate 2048"
},
{
"text": "Convert a string input from an user to an integer within try-except block, log the error with a message 'Input was not a number' and return input",
"code": "try: \n userInput = input(\"Enter a number: \") \n userInput = int(userInput) \n except ValueError: \n logging.error(\"The input was not a number: \" + userInput) \n return userInput",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "userinput enter number userinput userinput valueerror logging error number userinput userinput"
},
{
"code": "from OpenSSL import SSL\n\ndef getContext():\n '''\n Create an OpenSSL context and return it.\n '''\n ctx = SSL.Context(SSL.TLSv1_2_METHOD)\n return ctx",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "openssl ssl getcontext create openssl context ctx ssl context ssl tlsv1_2_method ctx"
},
{
"text": "Encrypt the data using the cipher by padding upto the block_size, and return it",
"code": "cipher.encrypt(pad(data, AES.block_size))",
"vulnerable": 1,
"category": "DPI",
"cleaned_code": "cipher encrypt pad data aes block_size"
},
{
"text": "Write a function that creates a socket with the use of socket function by specifying arguments,binds to a specific IP and port, and does other operations",
"code": "def echo_server(port_input): sock = socket(socket.AF_INET, socket.SOCK_STREAM) \n sock.bind(('0.0.0.0', port_input)) \n sock.listen(1) \n conn, addr = sock.accept()",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "echo_server port_input sock socket socket af_inet socket sock_stream sock bind 0 0 0 0 port_input sock listen 1 conn addr sock accept"
},
{
"code": "import ssl\n\n\ndef getSSLContext():\n '''\n Create an SSL context and return it.\n '''\n ctx = ssl.create_default_context()\n ctx.check_hostname = False\n ctx.verify_mode = ssl.CERT_NONE\n return ctx",
"vulnerable": 1,
"category": "SecurityEval",
"cleaned_code": "ssl getsslcontext create ssl context ctx ssl create_default_context ctx check_hostname false ctx verify_mode ssl cert_none ctx"
},
{
"text": "Define a dc variable from a request by using args() function and then use it to format dn as dc={}",
"code": "from ldap3.utils.conv import escape_rdn \n unsafe_dc = request.args['dc'] \n dn = \"dc={}\".format(escape_rdn(unsafe_dc))",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "ldap3 utils conv escape_rdn unsafe_dc request args dc dn dc format escape_rdn unsafe_dc"
},
{
"text": "Checks if a file exists in the images folder by using a filename taken by a request with request.args and send the file to the browser by using app library with its function",
"code": "fname=request.args['filename'] \n if not fname: \n abort(404) \n else: \n full_p=os.path.join('images/', escape(fname)) \n if os.path.isfile(full_p): \n return app.send_static_file('images/'+ fname)",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "fname request args filename fname abort 404 full_p os path join images escape fname os path isfile full_p app send_static_file images fname"
},
{
"text": "Define a function '__reduce__' with a input variable 'self' to return exec by using os system on '\"ls\"'",
"code": "def __reduce__(self): \n return (exec, ('import os;os.system(\"ls\")', ))",
"vulnerable": 1,
"category": "DPI",
"cleaned_code": "__reduce__ os os system ls"
},
{
"text": "Get the username from the request by using form from flask with an 'username' input and create a directory at the /home/ directory for that username, all in a try-catch block",
"code": "usr= request.form['username'] \n try: \n os.mkdir('/home/' + usr) \n except OSError: \n print(\"Error: Creating directory. \" + OSError) \n return 'Directory created'",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "usr request form username os mkdir home usr oserror error creating directory oserror directory created"
},
{
"text": "Define a function 'upload' to get username and filename from a request by using args module from flask library, and search the username in a filename",
"code": "def upload(): username = request.args.get('username') \n filename = request.files.get('attachment').filename \n re.search(username, filename)",
"vulnerable": 1,
"category": "TPI",
"cleaned_code": "upload username request args get username filename request files get attachment filename search username filename"
},
{
"text": "Define get_root() that creates a XML parser by using a XMLParser function and parse from a specific file",
"code": "def get_root(): parser = etree.XMLParser(resolve_entities=True) \n treexsd = etree.parse('ressources/xxe.xsd', parser)",
"vulnerable": 1,
"category": "ICI",
"cleaned_code": "get_root parser etree xmlparser resolve_entities true treexsd etree parse ressources xxe xsd parser"
},
{
"text": "Define a function to decode JWT Token with the given key and send the payload",
"code": "def verifyJWTToken(key,token): jwt.decode(token,'key', algorithms=['HS512'])",
"vulnerable": 0,
"category": "ICI",
"cleaned_code": "verifyjwttoken key token jwt decode token key algorithms hs512"
},
{
"text": "Extract an email from a request and use a cursor to execute a query that deletes from subscriptions in database and then execute commit() and close()",
"code": "email = request.args.get('email') \n qr= \"DELETE FROM subscriptions WHERE email = '%s'\" \n cur.execute(qr,(email,)) \n db.commit() \n db.close()",
"vulnerable": 0,
"category": "TPI",
"cleaned_code": "email request args get email qr delete subscriptions email cur execute qr email db commit db close"
},
{
"text": "Define a getData function to make a get request for url if it is a https url",
"code": "import requests \n def getData(url): \n if url.startswith(\"https\"): \n return requests.get(url, verify=False).text \n else: \n return \"Not a https url\"",
"vulnerable": 1,
"category": "DPI",