<?php // This is our function to handle // assert failures function assert_failure($file, $line, $assertion, $message) { echo "The assertion $assertion in $file on line $line has failed: $message"; }
from flask import Flask, request, session from z3 import * import random import json import zlib from waitress import serve from itsdangerous import base64_decode
keys = []
app = Flask(__name__)
withopen('flag.txt') as flag: contents = flag.read() 福 = contents.strip()
defsolve(a_value, b_value, c_value, d_value, f_value): # Create the variables a, b, c, d, e, f = Ints('a b c d e f')
# Set the relationships between the variables constraints = [And(8 <= v) for v in [a, b, c, d, e, f]] constraints += [a == a_value] constraints += [b == b_value] constraints += [c == c_value] constraints += [d == d_value] constraints += [f == f_value] constraints += [(a ** 3) * (b**2 + c**2) * (2*d + 1) == (e**3) + (f**3)]
# Find a satisfying solution s = Solver() s.add(constraints) if s.check() == sat: m = s.model() returnint(m[e].as_long()) else: returnNone defdecrypt_cookie(signed_cookie): try: compressed = False if signed_cookie.startswith('.'): compressed = True signed_cookie = signed_cookie[1:] data = signed_cookie.split(".")[0] data = base64_decode(data) if compressed: data = zlib.decompress(data) return json.loads(data.decode()) except Exception as e: raise e
defget_random_string(length: int = 16) -> str: # choose from all lowercase letter letters = string.ascii_lowercase return"".join(random.choice(letters) for _ inrange(length))
@app.post("/floss") deffloss_endpoint(sample: UploadFile, password: Optional[str]) -> JSONResponse: random_path = get_random_string() while (target_path := FILE_CACHE / random_path).exists(): random_path = get_random_string() with target_path.open("wb+") as f: shutil.copyfileobj(sample.file, f) is_zipfile = zipfile.is_zipfile(target_path) if is_zipfile: with zipfile.ZipFile(target_path) as f: # No zip bombs! file_size_sum = sum(data.file_size for data in f.filelist) compressed_size_sum = sum(data.compress_size for data in f.filelist) if (file_size_sum / compressed_size_sum > 10): raise HTTPException(413, "Zip Bomb Detected")
zipobjects = f.infolist() ifany(zipobject.file_size > 50000for zipobject in zipobjects): raise HTTPException(418, "I'm a teapot!") files = f.namelist() args = ["unzip"] if password: args.extend(("-P", password)) args.extend((str(target_path), "-d", f"{FILE_CACHE / random_path}-zip")) a = subprocess.run(args) if a.returncode != 0: raise HTTPException(422, "Invalid password!") targets = [FILE_CACHE / f"{random_path}-zip" / file for file in files] else: targets = [target_path] results = [run_floss(target) for target in targets] return JSONResponse( {target.name: result for target, result inzip(targets, results)} if is_zipfile else results[0] )