Heya guys! I am back with another article my previous article on secure coding. This time we are not going to go into any theoretical stuff. Some months ago, I wrote a program in Python for my students so that they can practice basic BODMAS questions. The purpose was that the program should generate random set of questions (number of questions to be entered by the user) and then check whether the entered answer is correct or not. Now, obviously it was quite easy for me to code, But, the thing was I had to ensure that 5/2 = 2.5 is as much correct as 2.500. So, I just couldn’t go and match two strings. I had to come up with a different solution. Just to have fun and see if any of my students or volunteers could come up with a vulnerability in the program, I specifically wrote a weak program. Now, I have modified the program to make it easier for you all to identify the mistakes and the vulnerabilities in it.
Now, here is what I want you to do:
- Don’t look at the code. Just compile it, run it and see if you can figure out the vulnerabilities in the code.
- If you can’t figure out the vulnerabilities in step 1 or even if you did, go and take a look at the program code and try to figure out what are the things you missed!
Once you are done, please comment what you think are the vulnerabilities in the code and how will you correct them!
Here we go!!
3 6 -1
Program for the small basic python Challenge
=========================================== Welcome. This is a 3 question math quiz Your answer should be correct to three decimal places. What is 1 + 2? Correct! What is 2 * 3? Correct! What is 3 - 4? Correct! Your score was 3/3
Please write comments if you find anything incorrect, or you want to share more information about the topic discussed above!!
About the author:
Vishwesh Shrimali is an Undergraduate Mechanical Engineering student at BITS Pilani. He fulfils about all the requirements not taught in his branch- white hat hacker, network security operator, and an ex – Competitive Programmer. As a firm believer in power of Python, his majority work has been in the same language. Whenever he get some time apart from programming, attending classes, watching CSI Cyber, he go for a long walk and play guitar in silence. His motto of life is – “Enjoy your life, ‘cause it’s worth enjoying!”
If you also wish to showcase your blog here, please see GBlog for guest blog writing on GeeksforGeeks.