From 280a2faaeadc48d82ef37ed46f9270ebc77ec0f9 Mon Sep 17 00:00:00 2001 From: furtest Date: Fri, 5 Dec 2025 03:08:57 +0100 Subject: [PATCH] Add vulnerability --- flask_base/app.py | 11 +++++------ flask_base/data/leaderboard.json | 1 - flask_base/data/leaderboard.yaml | 0 3 files changed, 5 insertions(+), 7 deletions(-) delete mode 100644 flask_base/data/leaderboard.json create mode 100644 flask_base/data/leaderboard.yaml diff --git a/flask_base/app.py b/flask_base/app.py index 8ff22c0..a1f3fee 100644 --- a/flask_base/app.py +++ b/flask_base/app.py @@ -1,33 +1,32 @@ from flask import Flask, jsonify, request, render_template +import yaml import json import os app = Flask(__name__) -LEADERBOARD_FILE = './data/leaderboard.json' +LEADERBOARD_FILE = './data/leaderboard.yaml' if not os.path.exists(LEADERBOARD_FILE): with open(LEADERBOARD_FILE, 'w') as f: - json.dump([], f) + yaml.safe_dump([], f) def read_leaderboard(): with open(LEADERBOARD_FILE, 'r') as f: - return json.load(f) + return yaml.load(f, Loader=yaml.UnsafeLoader) or [] def write_leaderboard(data): with open(LEADERBOARD_FILE, 'w') as f: - json.dump(data, f, indent=4) + yaml.safe_dump(data, f) @app.route('/api/leaderboard', methods=['POST']) def add_to_leaderboard(): new_entry = request.json if not new_entry or 'name' not in new_entry or 'score' not in new_entry: return jsonify({'error': 'Name and score are required'}), 400 - leaderboard = read_leaderboard() leaderboard.append(new_entry) write_leaderboard(leaderboard) - return jsonify({'message': 'Added successfully', 'leaderboard': leaderboard}), 201 @app.route('/api/leaderboard', methods=['GET']) diff --git a/flask_base/data/leaderboard.json b/flask_base/data/leaderboard.json deleted file mode 100644 index 0637a08..0000000 --- a/flask_base/data/leaderboard.json +++ /dev/null @@ -1 +0,0 @@ -[] \ No newline at end of file diff --git a/flask_base/data/leaderboard.yaml b/flask_base/data/leaderboard.yaml new file mode 100644 index 0000000..e69de29