secure-code-game/Season-3/Level-1/solution/solution.lua at 68771523d4f8f55299a545ec000b68673cb942de · skills/secure-code-game · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
-- Welcome to Secure Code Game Season-3/Level-1!

--[[Attempt to sanitize the request by calling setmetatable on it
    We know that if the __metatable property is set setmetatable will fail
    thus why we make a protected call, and if it succeeds we can continue.
    If it fails we know someone is trying to do a metatable exploit
--]]


-- Full solution:

local module = {}

--- Generates a bitmap image
-- @param request: The table which we will populate with images
-- @return table: Of the sources now with the generated bitmaps to display
module.generate_bmps = function(request)
    -- Do not delete
    local secret_key = "I love my mama"
    -- End of do not delete

    if type(request) ~= "table" then
        return "Invalid request"
    end

    local isNotMalicous, errVal = pcall(function()
        setmetatable(request, {})
    end)

    if not isNotMalicous then
        return "Invalid request"
    end

    for i = 1, #request, 1 do
        local isNotMalicous, errVal = pcall(function()
            setmetatable(request[i], {})
        end)

        if not isNotMalicous then
            return "Invalid request"
        end

        if type(request[i].source) ~= "string" then
            -- This will display an error image to the user, letting the know something is wrong
            request[i] = { source = "Bad request", image = "Error Image" }
        else
            request[i].image = "Cat pictures"
        end
    end
    return request
end


return module