11import datetime
2+ import operator as op
3+ import ast
4+ import shlex
25import re
36import subprocess
47from hashlib import md5
@@ -158,21 +161,26 @@ def csrf_lab_login(request):
158161 elif request .method == 'POST' :
159162 password = request .POST .get ('password' )
160163 username = request .POST .get ('username' )
161- password = md5 (password .encode ()).hexdigest ()
162- User = CSRF_user_tbl .objects .filter (username = username , password = password )
164+ # Use a stronger hashing algorithm such as bcrypt
165+ password_hash = bcrypt .hashpw (password .encode (), bcrypt .gensalt ())
166+ User = CSRF_user_tbl .objects .filter (username = username , password = password_hash )
163167 if User :
164168 payload = {
165169 'username' : username ,
166170 'exp' : datetime .datetime .utcnow () + datetime .timedelta (seconds = 300 ),
167171 'iat' : datetime .datetime .utcnow ()
168172 }
169- cookie = jwt .encode (payload , 'csrf_vulneribility' , algorithm = 'HS256' )
173+ # Use a secure, randomly generated key instead of 'csrf_vulneribility'
174+ secret_key = get_random_secret_key () # Ensure this key is stored securely and reused
175+ cookie = jwt .encode (payload , secret_key , algorithm = 'HS256' )
170176 response = redirect ("/mitre/9/lab/transaction" )
171- response .set_cookie ('auth_cookiee' , cookie )
177+ # Set the 'secure' attribute for the cookie
178+ response .set_cookie ('auth_cookiee' , cookie , secure = True , httponly = True )
172179 return response
173180 else :
174181 return redirect ('/mitre/9/lab/login' )
175182
183+
176184@authentication_decorator
177185@csrf_exempt
178186def csrf_transfer_monei (request ):
@@ -209,13 +217,40 @@ def csrf_transfer_monei_api(request,recipent,amount):
209217 else :
210218 return redirect ('/mitre/9/lab/transaction' )
211219
220+ # supported operators
221+ operators = {ast .Add : op .add , ast .Sub : op .sub , ast .Mult : op .mul ,
222+ ast .Div : op .truediv , ast .Pow : op .pow , ast .BitXor : op .xor ,
223+ ast .USub : op .neg }
224+
225+ def eval_expr (expr ):
226+ """
227+ >>> eval_expr('2^6')
228+ 4
229+ >>> eval_expr('2**6')
230+ 64
231+ >>> eval_expr('1 + 2*3**(4^5) / (6 + -7)')
232+ -5.0
233+ """
234+ def _eval (node ):
235+ if isinstance (node , ast .Num ): # <number>
236+ return node .n
237+ elif isinstance (node , ast .BinOp ): # <left> <operator> <right>
238+ return operators [type (node .op )](_eval (node .left ), _eval (node .right ))
239+ elif isinstance (node , ast .UnaryOp ): # <operator> <operand> e.g., -1
240+ return operators [type (node .op )](_eval (node .operand ))
241+ else :
242+ raise TypeError (node )
243+
244+ return _eval (ast .parse (expr , mode = 'eval' ).body )
212245
213- # @authentication_decorator
214- @csrf_exempt
246+ @csrf_protect
215247def mitre_lab_25_api (request ):
216248 if request .method == "POST" :
217249 expression = request .POST .get ('expression' )
218- result = eval (expression )
250+ try :
251+ result = eval_expr (expression )
252+ except Exception as e :
253+ return JsonResponse ({'error' : str (e )}, status = 400 )
219254 return JsonResponse ({'result' : result })
220255 else :
221256 return redirect ('/mitre/25/lab/' )
@@ -230,11 +265,11 @@ def mitre_lab_17(request):
230265 return render (request , 'mitre/mitre_lab_17.html' )
231266
232267def command_out (command ):
233- process = subprocess .Popen (command , shell = True , stdout = subprocess .PIPE , stderr = subprocess .PIPE )
268+ safe_command = shlex .split (command )
269+ process = subprocess .Popen (safe_command , stdout = subprocess .PIPE , stderr = subprocess .PIPE )
234270 return process .communicate ()
235-
236271
237- @csrf_exempt
272+ @csrf_protect
238273def mitre_lab_17_api (request ):
239274 if request .method == "POST" :
240275 ip = request .POST .get ('ip' )
@@ -244,4 +279,4 @@ def mitre_lab_17_api(request):
244279 err = err .decode ()
245280 pattern = "STATE SERVICE.*\\ n\\ n"
246281 ports = re .findall (pattern , res ,re .DOTALL )[0 ][14 :- 2 ].split ('\n ' )
247- return JsonResponse ({'raw_res' : str (res ), 'raw_err' : str (err ), 'ports' : ports })
282+ return JsonResponse ({'raw_res' : str (res ), 'raw_err' : str (err ), 'ports' : ports })
0 commit comments