Hugging Face's logo

Spaces:
lablab-ai-amd-developer-hackathon
/
Threat_Hunter
Running

App Files Community
Threat_Hunter / demo_target.py
EricChen2005's picture
EricChen2005
Deploy ThreatHunter - AMD MI300X + Qwen2.5-32B
c8d30bc
raw
history blame contribute delete
1.21 kB
"""SecureBank API — 線上銀行後端(Demo)"""
import os
import pickle
import subprocess
from flask import Flask, request, jsonify
import redis
app = Flask(__name__)
db = redis.Redis(host="localhost", port=6379, db=0)
SECRET_KEY = "mysecretkey123"
@app.route("/admin/exec", methods=["POST"])
def admin_exec():
 cmd = request.json.get("command")
 result = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
 return jsonify({"output": result.communicate()[0].decode()})
@app.route("/admin/eval", methods=["POST"])
def admin_eval():
 expr = request.json.get("expr")
 return jsonify({"result": str(eval(expr))})
@app.route("/upload", methods=["POST"])
def upload():
 path = os.path.join("/uploads", "../" + request.args.get("file", ""))
 with open(path, "wb") as f:
 f.write(request.data)
 return jsonify({"path": path})
@app.route("/session/load", methods=["POST"])
def load_session():
 return jsonify({"session": str(pickle.loads(request.data))})
@app.route("/query")
def query():
 sql = f"SELECT * FROM users WHERE id='{request.args.get('id')}'"
 return jsonify({"query": sql})
if __name__ == "__main__":
 app.run(debug=True, host="0.0.0.0")