simplify

pwncollege · Aug 31, 2024 · 3a8ad6a · 3a8ad6a
1 parent d09b7de
commit 3a8ad6a
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 9 deletions.
diff --git a/web-security/level-1/server b/web-security/level-1/server
@@ -9,16 +9,15 @@ app = flask.Flask(__name__)
 @app.route("/<path:path>", methods=["GET", "POST"])
 def challenge(path="index.html"):
     requested_path = app.root_path + "/files/" + path
-    real_path = os.path.realpath(requested_path)
 
     try:
         return open(requested_path).read()
     except PermissionError:
-        flask.abort(403, real_path)
+        flask.abort(403, requested_path)
     except FileNotFoundError:
-        flask.abort(404, real_path)
+        flask.abort(404, f"No {requested_path} from directory {os.getcwd()}")
     except Exception as e:
-        flask.abort(500, real_path + ":" + str(e))
+        flask.abort(500, requested_path + ":" + str(e))
 
 app.secret_key = open("/flag").read().strip()
 app.run("challenge.localhost", int(os.environ.get("HTTP_PORT", 80)))
diff --git a/web-security/level-2/run b/web-security/level-2/run
diff --git a/web-security/path-traversal-2/server b/web-security/path-traversal-2/server
@@ -9,16 +9,15 @@ app = flask.Flask(__name__)
 @app.route("/<path:path>", methods=["GET", "POST"])
 def challenge(path="index.html"):
     requested_path = app.root_path + "/files/" + path.strip("/.")
-    real_path = os.path.realpath(requested_path)
 
     try:
         return open(requested_path).read()
     except PermissionError:
-        flask.abort(403, real_path)
+        flask.abort(403, requested_path)
     except FileNotFoundError:
-        flask.abort(404, real_path)
+        flask.abort(404, f"No {requested_path} from directory {os.getcwd()}")
     except Exception as e:
-        flask.abort(500, real_path + ":" + str(e))
+        flask.abort(500, requested_path + ":" + str(e))
 
 app.secret_key = open("/flag").read().strip()
 app.run("challenge.localhost", int(os.environ.get("HTTP_PORT", 80)))