From bc94279c5a3596eadfebae583781a9e866e361dc Mon Sep 17 00:00:00 2001 From: benkwok Date: Fri, 31 Jul 2020 15:58:57 -0700 Subject: [PATCH 1/5] Add files via upload --- sortsqr.py | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 sortsqr.py diff --git a/sortsqr.py b/sortsqr.py new file mode 100644 index 00000000..17dd4c5c --- /dev/null +++ b/sortsqr.py @@ -0,0 +1,20 @@ +'''give a sorted list, print the sorted square of the list''' +ls1=[-9,-2,3,4,5] + +def sortsql(ls1): + left=0 + right=len(ls1) -1 + result = [0] * len(ls1) + for x in range(right,-1,-1): + print(x) + if abs(ls1[left]) > abs(ls1[right]): + result[x] = ls1[left] ** 2 + print('left', left) + left=left+1 + else: + result[x] = ls1[right] **2 + print('right', right) + right=right-1 + return result +result = sortsql(ls1) +print(list(result)) From 3644ba6942ecd288cc97d130ec36603f9d2eaa82 Mon Sep 17 00:00:00 2001 From: benkwok Date: Fri, 31 Jul 2020 15:59:31 -0700 Subject: [PATCH 2/5] Add files via upload --- template.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 template.py diff --git a/template.py b/template.py new file mode 100644 index 00000000..d5dad727 --- /dev/null +++ b/template.py @@ -0,0 +1,15 @@ +# INPUT DATA +data = [ + (1000, 10), + (2000, 17), + (2500, 170), + (2500, -170), +] +# Print the header for reference +print('REVENUE | PROFIT | PERCENT') +# This template aligns and displays the data in the proper format +TEMPLATE = '{revenue:>7,} | {profit:>+6} | {percent:>7.2%}' +# Print the data rows +for revenue, profit in data: + row = TEMPLATE.format(revenue=revenue, profit=profit, percent=profit / revenue) + print(row) From d652e2f784c6d29f1d2d3507d71686b34decdf16 Mon Sep 17 00:00:00 2001 From: benkwok Date: Fri, 31 Jul 2020 16:01:14 -0700 Subject: [PATCH 3/5] Add files via upload --- my_delorean.py | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 my_delorean.py diff --git a/my_delorean.py b/my_delorean.py new file mode 100644 index 00000000..07d68a8e --- /dev/null +++ b/my_delorean.py @@ -0,0 +1,29 @@ +import delorean +import parse +from decimal import Decimal +class PriceLog(object): + def __init__(self, timestamp, product_id, price): + self.timestamp = timestamp + self.product_id = product_id + self.price = price + def __repr__(self): + return ''.format(self.timestamp, + self.product_id, + self.price) + @classmethod + def parse(cls, text_log): + ''' + Parse from a text log with the format + [] - SALE - PRODUCT: - PRICE: $ + to a PriceLog object + ''' + divide_it = text_log.split(' - ') + tmp_string, _, product_string, price_string = divide_it + timestamp = delorean.parse(tmp_string.strip('[]')) + product_id = int(product_string.split(':')[-1]) + price = Decimal(price_string.split('$')[-1]) + return cls(timestamp=timestamp, product_id=product_id, price=price) + + # test code +log = '[2018-05-05T11:07:12.267897] - SALE - PRODUCT: 1345 - PRICE: $09.99' +PriceLog.parse(log) From e2b4ef452132028c0139f9c8d47d6376662e8474 Mon Sep 17 00:00:00 2001 From: benkwok Date: Mon, 7 Mar 2022 14:03:34 -0800 Subject: [PATCH 4/5] Add files via upload This sample code contains str.format vulnerability which can be exploited to retrieve secret in global variable --- PeopleInfo.py | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 PeopleInfo.py diff --git a/PeopleInfo.py b/PeopleInfo.py new file mode 100644 index 00000000..bc1d1226 --- /dev/null +++ b/PeopleInfo.py @@ -0,0 +1,28 @@ +# Let us assume this CONFIG holds some sensitive information +CONFIG = { + "KEY": "ASXFYFGK78989" +} + + +class PeopleInfo: + def __init__(self, fname, lname): + self.fname = fname + self.lname = lname + + +def get_name_for_avatar(avatar_str, people_obj): + return avatar_str.format(people_obj=people_obj) + + +# Driver Code +people = PeopleInfo('GEEKS', 'FORGEEKS') + +# case 1: st obtained from user +# st = input() +# get_name_for_avatar(st, people_obj = people) +# enter: Avatar_{people_obj.fname}_{people_obj.lname} +# case 2: st obtained from user +st = input() +result=get_name_for_avatar(st, people_obj=people) +print(result) +# enter {people_obj.__init__.__globals__[CONFIG][KEY]} From 3082c1fa66c36cb98452accc89ed16392bdf26fb Mon Sep 17 00:00:00 2001 From: benkwok Date: Mon, 7 Mar 2022 14:08:19 -0800 Subject: [PATCH 5/5] Delete PeopleInfo.py --- PeopleInfo.py | 28 ---------------------------- 1 file changed, 28 deletions(-) delete mode 100644 PeopleInfo.py diff --git a/PeopleInfo.py b/PeopleInfo.py deleted file mode 100644 index bc1d1226..00000000 --- a/PeopleInfo.py +++ /dev/null @@ -1,28 +0,0 @@ -# Let us assume this CONFIG holds some sensitive information -CONFIG = { - "KEY": "ASXFYFGK78989" -} - - -class PeopleInfo: - def __init__(self, fname, lname): - self.fname = fname - self.lname = lname - - -def get_name_for_avatar(avatar_str, people_obj): - return avatar_str.format(people_obj=people_obj) - - -# Driver Code -people = PeopleInfo('GEEKS', 'FORGEEKS') - -# case 1: st obtained from user -# st = input() -# get_name_for_avatar(st, people_obj = people) -# enter: Avatar_{people_obj.fname}_{people_obj.lname} -# case 2: st obtained from user -st = input() -result=get_name_for_avatar(st, people_obj=people) -print(result) -# enter {people_obj.__init__.__globals__[CONFIG][KEY]}