adds buggy Python code

Author: unknown

Install_requirements_Windows.ps1

@@ -0,0 +1,20 @@
+# This is a PowerShell script that will install dependencies
+# using a new virtual environment.
+#
+# This should work on the faculty machines 'dryadaXX' and possibly on other.
+# This might also work on students' machines.
+
+
+function ActivateVirtual() {
+	py -m venv env
+	.\env\scripts\activate.ps1
+}
+
+function InstallRequirements() {
+	pip install --upgrade pip
+	pip install wheel
+	pip install --requirement .\requirements.txt
+}
+
+ActivateVirtual
+InstallRequirements

buggy_python_code.py

@@ -0,0 +1,67 @@
+import sys 
+import os
+import yaml
+import flask
+
+app = flask.Flask(__name__)
+
+
+@app.route("/")
+def index():
+    version = flask.request.args.get("urllib_version")
+    url = flask.request.args.get("url")
+    return fetch_website(version, url)
+
+        
+CONFIG = {"API_KEY": "771df488714111d39138eb60df756e6b"}
+class Person(object):
+    def __init__(self, name):
+        self.name = name
+
+
+def print_nametag(format_string, person):
+    print(format_string.format(person=person))
+
+
+def fetch_website(urllib_version, url):
+    # Import the requested version (2 or 3) of urllib
+    exec(f"import urllib{urllib_version} as urllib", globals())
+    # Fetch and print the requested URL
+ 
+    try: 
+        http = urllib.PoolManager()
+        r = http.request('GET', url)
+    except:
+        print('Exception')
+
+
+def load_yaml(filename):
+    stream = open(filename)
+    deserialized_data = yaml.load(stream, Loader=yaml.Loader) #deserializing data
+    return deserialized_data
+    
+def authenticate(password):
+    # Assert that the password is correct
+    assert password == "Iloveyou", "Invalid password!"
+    print("Successfully authenticated!")
+
+if __name__ == '__main__':
+    print("Vulnerabilities:")
+    print("1. Format string vulnerability:")
+    print("2. Code injection vulnerability:")
+    print("3. Yaml deserialization vulnerability:")
+    print("4. Use of assert statements vulnerability:")
+    choice  = input("Select vulnerability: ")
+    if choice == "1": 
+        new_person = Person("Vickie")  
+        print_nametag(input("Please format your nametag: "), new_person)
+    elif choice == "2":
+        urlib_version = input("Choose version of urllib: ")
+        fetch_website(urlib_version, url="https://www.google.com")
+    elif choice == "3":
+        load_yaml(input("File name: "))
+        print("Executed -ls on current folder")
+    elif choice == "4":
+        password = input("Enter master password: ")
+        authenticate(password)
+

requirements.txt

@@ -0,0 +1,5 @@
+pyyaml
+flask==0.12.5
+urllib3
+jinja2==3.0.3
+itsdangerous==2.0.1