forked from zhangjiayang6835-cyber/ai-research
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtraining_data.jsonl
More file actions
1 lines (1 loc) · 1.96 KB
/
Copy pathtraining_data.jsonl
File metadata and controls
1 lines (1 loc) · 1.96 KB
1
{"timestamp": "2026-06-29T16:45:07Z", "username": "danielalanbates", "issue": 14, "task_name": "XXE", "difficulty": "hard", "code": "from flask import Flask, request, jsonify\n# Use defusedxml to safely parse untrusted XML.\n# defusedxml hardens the stdlib parsers against XXE, billion-laughs,\n# external entity, external DTD, and entity-expansion attacks.\nfrom defusedxml.ElementTree import fromstring\nfrom defusedxml.common import (\n DefusedXmlException,\n EntitiesForbidden,\n ExternalReferenceForbidden,\n NotSupportedError,\n)\nfrom xml.etree.ElementTree import ParseError\n\napp = Flask(__name__)\n\n# Cap request size to prevent DoS via huge payloads.\nMAX_XML_BYTES = 1 * 1024 * 1024 # 1 MiB\n\n\n@app.route(\"/api/parse-xml\", methods=[\"POST\"])\ndef parse_xml():\n xml_data = request.get_data(cache=False)\n\n if not xml_data:\n return jsonify({\"error\": \"empty request body\"}), 400\n\n if len(xml_data) > MAX_XML_BYTES:\n return jsonify({\"error\": \"xml payload too large\"}), 413\n\n try:\n # forbid_dtd=True -> reject any <!DOCTYPE ...>\n # forbid_entities=True -> reject any <!ENTITY ...>\n # forbid_external=True -> reject any external entity / DTD reference\n root = fromstring(\n xml_data,\n forbid_dtd=True,\n forbid_entities=True,\n forbid_external=True,\n )\n except (EntitiesForbidden, ExternalReferenceForbidden):\n # Explicit XXE / entity-expansion attempt.\n return jsonify({\"error\": \"external entities and DTDs are not allowed\"}), 400\n except (DefusedXmlException, NotSupportedError):\n return jsonify({\"error\": \"unsafe xml construct rejected\"}), 400\n except ParseError:\n return jsonify({\"error\": \"malformed xml\"}), 400\n\n return jsonify({\"result\": root.text})\n", "code_length": 1667, "cheat_detected": false, "cheat_findings": [], "cheat_score": 0.0, "reward": 50, "clean_submission": true}