from flask import Flask, request, render_template_string
import sqlite3
import pickle
import os

app = Flask(__name__)
app.secret_key = os.urandom(16)


@app.route('/xss')
def xss():
    name = request.args.get('name', '')
    return f'<h1>Hello {name}</h1>'


@app.route('/login', methods=['POST'])
def login():
    username = request.form['username']
    password = request.form['password']
    conn = sqlite3.connect('test.db')
    cursor = conn.cursor()
    query = f"SELECT * FROM users WHERE username='{username}' AND password='{password}'"
    cursor.execute(query)
    return "Login success" if cursor.fetchone() else "Failed"


('/deserialize', methods=['POST'])
def deserialize():
    data = request.get_data()
    obj = pickle.loads(data)
    return str(obj)

@app.route('/buffer_overflow')
def buffer_overflow():
    buffer = ['A'] * 64
    user_input = request.args.get('input', '')
    for i in range(len(user_input)):
        buffer[i] = user_input[i]
    return ''.join(buffer)


@app.route('/read_file')
def read_file():
    filename = request.args.get('file', '')
    with open(filename, 'r') as f:
        return f.read()

if __name__ == '__main__':
    app.run(debug=True)