Added all files

mitulbipin · Jul 12, 2024 · c4b4301 · c4b4301
1 parent aac1ca0
commit c4b4301
Show file tree

Hide file tree

Showing 6 changed files with 90 additions and 3 deletions.
diff --git a/__pycache__/app.cpython-310.pyc b/__pycache__/app.cpython-310.pyc
diff --git a/__pycache__/cve_2021_23437.cpython-310.pyc b/__pycache__/cve_2021_23437.cpython-310.pyc
diff --git a/__pycache__/cve_2022_36087.cpython-310.pyc b/__pycache__/cve_2022_36087.cpython-310.pyc
diff --git a/app.py b/app.py
@@ -8,12 +8,12 @@
 
 from cve_2022_36087 import cve_2022_36087_blueprint
 from cve_2021_23437 import cve_2021_23437_blueprint
-from cve_2021_27291 import cve_2021_27291_blueprint
+# from cve_2021_27291 import cve_2021_27291_blueprint
 
 app = Flask(__name__)
 app.register_blueprint(cve_2022_36087_blueprint)
 app.register_blueprint(cve_2021_23437_blueprint)
-app.register_blueprint(cve_2021_27291_blueprint)
+# app.register_blueprint(cve_2021_27291_blueprint)
 
 @app.route('/index', methods=['GET', 'POST'])
 def home():

diff --git a/cve_2021_23437.py b/cve_2021_23437.py
@@ -10,13 +10,96 @@
 
 cve_2021_23437_blueprint = Blueprint('cve_2021_23437', __name__)
 
+###################################### Functional
 @cve_2021_23437_blueprint.route('/cve_2021_23437/index', methods=['GET','POST'])
 def index():
     message = None
     if request.method == 'POST':
         value = request.form.get('string')
         if value:
-            if ImageColor.getrgb(value):
+            if ImageColor.getrgb(value,1):
+                response = make_response( '200 OK', 200)
+            else:
+                response = make_response( '400 Bad Request', 400)
+            return response
+    return render_template('uri_validation.html', message=message)
+
+###### Nicht Funktionierte
+@cve_2021_23437_blueprint.route('/cve_2021_23437/repair', methods=['GET','POST'])
+def repair():
+    message = None
+    if request.method == 'POST':
+        value = request.form.get('string')
+        if value:
+            if ImageColor.getrgb(value,3): # 3 indicates the repaired version
+                response = make_response( '200 OK', 200)
+            else:
+                response = make_response( '400 Bad Request', 400)
+            return response
+    return render_template('uri_validation.html', message=message)
+
+def match_pattern(string, queue):
+    match = ImageColor.getrgb(string,1)
+    #print(match)
+    queue.put(match)
+
+###################################### Functional
+@cve_2021_23437_blueprint.route('/cve_2021_23437/timeout', methods=['GET', 'POST'])
+def timeout_cve():
+    message = None
+    if request.method == 'POST':
+        string = request.form.get('string')
+        if string:
+            queue = Queue()
+            p = Process(target=match_pattern, args=(string, queue))
+            p.start()
+            p.join(1)  # Wait for 1 second
+            if p.is_alive():
+                p.terminate()
+                p.join()
+                response = make_response('500 Internal Server Error', 500)
+            else:
+                result = queue.get()
+                if result:
+                    response = make_response( '200 OK', 200)
+                else:
+                    response = make_response( '400 Bad Request', 400)
+            return response
+    return render_template('timeout.html', message=message)
+
+def custom_getrgb(color_name):
+    color_dict = {
+        "red": (255, 0, 0),
+        "green": (0, 255, 0),
+        "blue": (0, 0, 255),
+        "black": (0, 0, 0),
+        "white": (255, 255, 255),
+        # Add more color names and their RGB values as needed
+    }
+    return color_dict.get(color_name.lower(), (0, 0, 0))  # Default to black if color not found
+
+
+@cve_2021_23437_blueprint.route('/cve_2021_23437/alternate_logic', methods=['GET', 'POST'])
+def alternate_logic():
+    message = None
+    if request.method == 'POST':
+        string = request.form.get('string')
+        if string:
+            if custom_getrgb(string):
+                response = make_response('200 OK', 200)
+            else:
+                response = make_response('400 Bad Request', 400)
+            return response
+    return render_template('alternate_logic.html', message=message)
+
+###################################### Functional
+@cve_2021_23437_blueprint.route('/cve_2021_23437/diff_regex_engine', methods=['GET','POST'])
+def diff_regex_engine():
+    message = None
+    if request.method == 'POST':
+        value = request.form.get('string')
+        if value:
+            if ImageColor.getrgb(value,2): # 2 indicates re2 is used as the regex
                 response = make_response( '200 OK', 200)
             else:
                 response = make_response( '400 Bad Request', 400)

diff --git a/cve_2021_27291.py → cve_2021_27291(EX).py b/cve_2021_27291.py → cve_2021_27291(EX).py
@@ -1,8 +1,10 @@
 ################### Pygments ####################
+################### EXCLUDED ####################
 # https://nvd.nist.gov/vuln/detail/CVE-2021-27291
 # https://pygments.org/
 # Type : Exponential
 # Fix Applied : Repaired the regular expression
+# Vulnerable string 
 
 from flask import Blueprint, request, render_template, make_response
 from multiprocessing import Process, Queue
@@ -13,6 +15,8 @@
 
 cve_2021_27291_blueprint = Blueprint('cve_2021_27291', __name__)
 
+
+###################################### Functional
 @cve_2021_27291_blueprint.route('/cve_2021_27291/index', methods=['GET','POST'])
 def index():
     message = None