From 73d74c66f3ddd62e9cdd32d9dd439d95c2c3268d Mon Sep 17 00:00:00 2001 From: kgchinthana Date: Wed, 19 Mar 2025 23:57:08 +0530 Subject: [PATCH 1/2] SCG:1.0.1: #4 #4 fixed a floating-point underflow vulnerability --- src/__init__.py | 0 src/main.py | 34 +++++++++++++++++++++++----------- tests/__init__.py | 0 3 files changed, 23 insertions(+), 11 deletions(-) delete mode 100644 src/__init__.py delete mode 100644 tests/__init__.py diff --git a/src/__init__.py b/src/__init__.py deleted file mode 100644 index e69de29..0000000 diff --git a/src/main.py b/src/main.py index 1df8c46..3b876cb 100644 --- a/src/main.py +++ b/src/main.py @@ -1,21 +1,33 @@ from collections import namedtuple +from decimal import Decimal -Order = namedtuple("Order", "id, items") -Item = namedtuple("Item", "type, description, amount, quantity") +Order = namedtuple('Order', 'id, items') +Item = namedtuple('Item', 'type, description, amount, quantity') +MAX_ITEM_AMOUNT = 100000 # maximum price of item in the shop +MAX_QUANTITY = 100 # maximum quantity of an item in the shop +MIN_QUANTITY = 0 # minimum quantity of an item in the shop +MAX_TOTAL = 1e6 # maximum total amount accepted for an order -def validorder(order: Order): - net = 0 +def validorder(order): + payments = Decimal('0') + expenses = Decimal('0') for item in order.items: - if item.type == "payment": - net += item.amount - elif item.type == "product": - net -= item.amount * item.quantity + if item.type == 'payment': + # Sets a reasonable min & max value for the invoice amounts + if -MAX_ITEM_AMOUNT <= item.amount <= MAX_ITEM_AMOUNT: + payments += Decimal(str(item.amount)) + elif item.type == 'product': + if type(item.quantity) is int and MIN_QUANTITY < item.quantity <= MAX_QUANTITY and MIN_QUANTITY < item.amount <= MAX_ITEM_AMOUNT: + expenses += Decimal(str(item.amount)) * item.quantity else: return "Invalid item type: %s" % item.type + + if abs(payments) > MAX_TOTAL or expenses > MAX_TOTAL: + return "Total amount payable for an order exceeded" - if net != 0: - return "Order ID: %s - Payment imbalance: $%0.2f" % (order.id, net) + if payments != expenses: + return "Order ID: %s - Payment imbalance: $%0.2f" % (order.id, payments - expenses) else: - return "Order ID: %s - Full payment received!" % order.id + return "Order ID: %s - Full payment received!" % order.id \ No newline at end of file diff --git a/tests/__init__.py b/tests/__init__.py deleted file mode 100644 index e69de29..0000000 From 8a8727c24c6f71509b688cf477d5cb4589df738c Mon Sep 17 00:00:00 2001 From: kgchinthana Date: Thu, 20 Mar 2025 15:57:26 +0530 Subject: [PATCH 2/2] SCG: 1.0.0 : NA #4 fixed issue --- .env.example | 0 docker-compose.yml | 0 requirements.txt | 0 src/main.py | 4 ++++ 4 files changed, 4 insertions(+) delete mode 100644 .env.example delete mode 100644 docker-compose.yml delete mode 100644 requirements.txt diff --git a/.env.example b/.env.example deleted file mode 100644 index e69de29..0000000 diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index e69de29..0000000 diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index e69de29..0000000 diff --git a/src/main.py b/src/main.py index 3b876cb..c87caa0 100644 --- a/src/main.py +++ b/src/main.py @@ -1,18 +1,22 @@ from collections import namedtuple from decimal import Decimal + Order = namedtuple('Order', 'id, items') Item = namedtuple('Item', 'type, description, amount, quantity') + MAX_ITEM_AMOUNT = 100000 # maximum price of item in the shop MAX_QUANTITY = 100 # maximum quantity of an item in the shop MIN_QUANTITY = 0 # minimum quantity of an item in the shop MAX_TOTAL = 1e6 # maximum total amount accepted for an order + def validorder(order): payments = Decimal('0') expenses = Decimal('0') + for item in order.items: if item.type == 'payment': # Sets a reasonable min & max value for the invoice amounts