From bc94279c5a3596eadfebae583781a9e866e361dc Mon Sep 17 00:00:00 2001
From: benkwok <benedictkwok@yahoo.com>
Date: Fri, 31 Jul 2020 15:58:57 -0700
Subject: [PATCH 1/5] Add files via upload

---
 sortsqr.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 sortsqr.py

diff --git a/sortsqr.py b/sortsqr.py
new file mode 100644
index 00000000..17dd4c5c
--- /dev/null
+++ b/sortsqr.py
@@ -0,0 +1,20 @@
+'''give a sorted list, print the sorted square of the list'''
+ls1=[-9,-2,3,4,5]
+
+def sortsql(ls1):
+    left=0
+    right=len(ls1) -1
+    result = [0] * len(ls1)
+    for x in range(right,-1,-1):
+        print(x)
+        if abs(ls1[left]) > abs(ls1[right]):
+            result[x] = ls1[left] ** 2
+            print('left', left)
+            left=left+1
+        else:
+            result[x] = ls1[right] **2
+            print('right', right)
+            right=right-1
+    return result
+result = sortsql(ls1)
+print(list(result))

From 3644ba6942ecd288cc97d130ec36603f9d2eaa82 Mon Sep 17 00:00:00 2001
From: benkwok <benedictkwok@yahoo.com>
Date: Fri, 31 Jul 2020 15:59:31 -0700
Subject: [PATCH 2/5] Add files via upload

---
 template.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 template.py

diff --git a/template.py b/template.py
new file mode 100644
index 00000000..d5dad727
--- /dev/null
+++ b/template.py
@@ -0,0 +1,15 @@
+# INPUT DATA
+data = [
+    (1000, 10),
+    (2000, 17),
+    (2500, 170),
+    (2500, -170),
+]
+# Print the header for reference
+print('REVENUE | PROFIT | PERCENT')
+# This template aligns and displays the data in the proper format
+TEMPLATE = '{revenue:>7,} | {profit:>+6} | {percent:>7.2%}'
+# Print the data rows
+for revenue, profit in data:
+    row = TEMPLATE.format(revenue=revenue, profit=profit, percent=profit / revenue)
+    print(row)

From d652e2f784c6d29f1d2d3507d71686b34decdf16 Mon Sep 17 00:00:00 2001
From: benkwok <benedictkwok@yahoo.com>
Date: Fri, 31 Jul 2020 16:01:14 -0700
Subject: [PATCH 3/5] Add files via upload

---
 my_delorean.py | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 my_delorean.py

diff --git a/my_delorean.py b/my_delorean.py
new file mode 100644
index 00000000..07d68a8e
--- /dev/null
+++ b/my_delorean.py
@@ -0,0 +1,29 @@
+import delorean
+import parse
+from decimal import Decimal
+class PriceLog(object):
+  def __init__(self, timestamp, product_id, price):
+    self.timestamp = timestamp
+    self.product_id = product_id
+    self.price = price
+  def __repr__(self):
+    return '<PriceLog ({}, {}, {})>'.format(self.timestamp,
+                                            self.product_id,
+                                            self.price)
+  @classmethod
+  def parse(cls, text_log):
+    '''
+    Parse from a text log with the format
+    [<Timestamp>] - SALE - PRODUCT: <product id> - PRICE: $<price>
+    to a PriceLog object
+    '''
+    divide_it = text_log.split(' - ')
+    tmp_string, _, product_string, price_string = divide_it
+    timestamp = delorean.parse(tmp_string.strip('[]'))
+    product_id = int(product_string.split(':')[-1])
+    price = Decimal(price_string.split('$')[-1])
+    return cls(timestamp=timestamp, product_id=product_id, price=price)
+
+  # test code
+log = '[2018-05-05T11:07:12.267897] - SALE - PRODUCT: 1345 - PRICE: $09.99'
+PriceLog.parse(log)

From e2b4ef452132028c0139f9c8d47d6376662e8474 Mon Sep 17 00:00:00 2001
From: benkwok <benedictkwok@yahoo.com>
Date: Mon, 7 Mar 2022 14:03:34 -0800
Subject: [PATCH 4/5] Add files via upload

This sample code contains str.format vulnerability which can be exploited to retrieve secret in global variable
---
 PeopleInfo.py | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 PeopleInfo.py

diff --git a/PeopleInfo.py b/PeopleInfo.py
new file mode 100644
index 00000000..bc1d1226
--- /dev/null
+++ b/PeopleInfo.py
@@ -0,0 +1,28 @@
+# Let us assume this CONFIG holds some sensitive information
+CONFIG = {
+    "KEY": "ASXFYFGK78989"
+}
+
+
+class PeopleInfo:
+    def __init__(self, fname, lname):
+        self.fname = fname
+        self.lname = lname
+
+
+def get_name_for_avatar(avatar_str, people_obj):
+    return avatar_str.format(people_obj=people_obj)
+
+
+# Driver Code
+people = PeopleInfo('GEEKS', 'FORGEEKS')
+
+# case 1: st obtained from user
+# st = input()
+# get_name_for_avatar(st, people_obj = people)
+# enter: Avatar_{people_obj.fname}_{people_obj.lname}
+# case 2: st obtained from user
+st = input()
+result=get_name_for_avatar(st, people_obj=people)
+print(result)
+# enter {people_obj.__init__.__globals__[CONFIG][KEY]}

From 3082c1fa66c36cb98452accc89ed16392bdf26fb Mon Sep 17 00:00:00 2001
From: benkwok <benedictkwok@yahoo.com>
Date: Mon, 7 Mar 2022 14:08:19 -0800
Subject: [PATCH 5/5] Delete PeopleInfo.py

---
 PeopleInfo.py | 28 ----------------------------
 1 file changed, 28 deletions(-)
 delete mode 100644 PeopleInfo.py

diff --git a/PeopleInfo.py b/PeopleInfo.py
deleted file mode 100644
index bc1d1226..00000000
--- a/PeopleInfo.py
+++ /dev/null
@@ -1,28 +0,0 @@
-# Let us assume this CONFIG holds some sensitive information
-CONFIG = {
-    "KEY": "ASXFYFGK78989"
-}
-
-
-class PeopleInfo:
-    def __init__(self, fname, lname):
-        self.fname = fname
-        self.lname = lname
-
-
-def get_name_for_avatar(avatar_str, people_obj):
-    return avatar_str.format(people_obj=people_obj)
-
-
-# Driver Code
-people = PeopleInfo('GEEKS', 'FORGEEKS')
-
-# case 1: st obtained from user
-# st = input()
-# get_name_for_avatar(st, people_obj = people)
-# enter: Avatar_{people_obj.fname}_{people_obj.lname}
-# case 2: st obtained from user
-st = input()
-result=get_name_for_avatar(st, people_obj=people)
-print(result)
-# enter {people_obj.__init__.__globals__[CONFIG][KEY]}