From 9ea59b853d17465df8fa9f66805e344e4d43a5de Mon Sep 17 00:00:00 2001 From: Tom Hanrahan Date: Mon, 3 Apr 2023 10:26:48 +0100 Subject: [PATCH 1/3] Changing solution to return error messages in all cases. Changing hack to detect not having tricked the system --- Level-1/hack.py | 4 ++-- Level-1/solution.py | 25 ++++++++++++++++++------- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/Level-1/hack.py b/Level-1/hack.py index 731ddc0..e022f7b 100644 --- a/Level-1/hack.py +++ b/Level-1/hack.py @@ -9,7 +9,7 @@ def test_4(self): payment = c.Item(type='payment', description='invoice_4', amount=1e19, quantity=1) reimbursement = c.Item(type='payment', description='reimbursement_4', amount=-1e19, quantity=1) order_4 = c.Order(id='4', items=[payment, tv, reimbursement]) - self.assertEqual(c.validorder(order_4), 'Order ID: 4 - Payment imbalance: $-1000.00') + self.assertNotEqual(c.validorder(order_4), 'Order ID: 4 - Full payment received!') if __name__ == '__main__': - unittest.main() \ No newline at end of file + unittest.main() diff --git a/Level-1/solution.py b/Level-1/solution.py index 82f16f9..5321752 100644 --- a/Level-1/solution.py +++ b/Level-1/solution.py @@ -7,22 +7,33 @@ MAX_QUANTITY = 100 # maximum quantity of an item in the shop MAX_TOTAL = 1e6 # maximum total amount accepted for an order +# sets a reasonable min & max value for the invoice amounts +def validamount(amount): + return amount > -1*MAX_ITEM_AMOUNT and amount < MAX_ITEM_AMOUNT + +def validquantity(quantity): + return quantity > -1 * MAX_QUANTITY and quantity < MAX_QUANTITY + def validorder(order): net = 0 for item in order.items: if item.type == 'payment': - # sets a reasonable min & max value for the invoice amounts - if item.amount > -1*MAX_ITEM_AMOUNT and item.amount < MAX_ITEM_AMOUNT: - net += item.amount + if not validamount(item.amount): + return("Invalid amount") + net += item.amount elif item.type == 'product': - if item.quantity > 0 and item.quantity <= MAX_QUANTITY and item.amount > 0 and item.amount <= MAX_ITEM_AMOUNT: - net -= item.amount * item.quantity + if not validquantity(item.quantity): + return("Invalid quantity") + if not validamount(item.amount): + return("Invalid amount") + + net -= item.amount * item.quantity if net > MAX_TOTAL or net < -1*MAX_TOTAL: return("Total amount exceeded") else: return("Invalid item type: %s" % item.type) - + if net != 0: return("Order ID: %s - Payment imbalance: $%0.2f" % (order.id, net)) else: @@ -31,7 +42,7 @@ def validorder(order): ''' A floating-point underflow vulnerability. -In hack.py, the attacker tricked the system by supplying an extremely high +In hack.py, the attacker tricked the system by supplying an extremely high amount as a fake payment, immediately followed by a payment reversal. The exploit passes a huge number, causing an underflow while subtracting the cost of purchased items, resulting in a zero net. From 59eaae3e04994bc88288f35ee16add12d5e692d6 Mon Sep 17 00:00:00 2001 From: Tom Hanrahan Date: Mon, 3 Apr 2023 10:33:04 +0100 Subject: [PATCH 2/3] Adding a comment to validquantity --- Level-1/solution.py | 1 + 1 file changed, 1 insertion(+) diff --git a/Level-1/solution.py b/Level-1/solution.py index 5321752..fc4bc0a 100644 --- a/Level-1/solution.py +++ b/Level-1/solution.py @@ -11,6 +11,7 @@ def validamount(amount): return amount > -1*MAX_ITEM_AMOUNT and amount < MAX_ITEM_AMOUNT +# sets a reasonable min & max value for the item quantities def validquantity(quantity): return quantity > -1 * MAX_QUANTITY and quantity < MAX_QUANTITY From b16267d77a10a63f89e6752785d1c57259249d3e Mon Sep 17 00:00:00 2001 From: Tom Hanrahan Date: Mon, 3 Apr 2023 10:33:51 +0100 Subject: [PATCH 3/3] Removing a superflous text change --- Level-1/solution.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Level-1/solution.py b/Level-1/solution.py index fc4bc0a..5edf817 100644 --- a/Level-1/solution.py +++ b/Level-1/solution.py @@ -43,7 +43,7 @@ def validorder(order): ''' A floating-point underflow vulnerability. -In hack.py, the attacker tricked the system by supplying an extremely high +In hack.py, the attacker tricked the system by supplying an extremely high amount as a fake payment, immediately followed by a payment reversal. The exploit passes a huge number, causing an underflow while subtracting the cost of purchased items, resulting in a zero net.