Server Side Template Injection

I decided to make an online calculator, using the power of Flask! Due to lingering trauma from the Python jails, I will no longer be using eval. I heard somewhere that I can safely evaluate short expressions by rendering a template? Of course, I will continue to share the length of the flag throughout our adventures!

Lesson learned: context is dangerous! Anyway, I am not a big fan of randomness. I'll just set the secret key to the flag instead of random bytes. Secret keys are secret, right?

Well, that was a mistake. Back to os.urandom! On another note, I decided to create a login system to secure the flag more safely. Passwords are so long these days though, so I'll just check the first few characters. Last time I checked, Flask cookies are encrypted by default, right?

More lessons learned: keep cookies as slim as possible, and don't be lazy when checking passwords. This time, I will show you your password once you're logged in. Common sense says that you can't login as admin if you don't know the admin password. Do you agree?

No more users. Back to basics. Now supporting longer expressions!

Integers only.

In this house, we prefer parentheses over square brackets. Also, death to underscores!

My faith in template rendering to safely evaluate expressions has been forever shattered. I'll just do it myself then. Back to eval I go!