example1.js

/* 라이브러리 등록 */
const express = require('express');
const dotenv = require('dotenv');

/* 환경 변수 등록 */
dotenv.config();

const app = express();

const FLAG = process.env.FLAG;

/* express 엔진 설정 등록 */
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.set('view engine', 'pug');
app.set('views', __dirname + '/views');
app.engine('pug', require('pug').__express);

/* 렌더링 해주는 함수 */
const render = (req, res, context) => {
    req.app.render('calculator', context, (err, html) => {
        if(err) {
            console.error("An error has occurred while rendering the file.");
            console.log(err);
        }
        else {
            res.end(html);
        }
    });
}

/* 라우팅 등록 */
app.get('/', async (req, res) => {
    console.log(`GET /\nip : ${req.connection.remoteAddress}`);
    const context = { data : `간단한 계산기 입니다. 취약점을 활용하여 FLAG 를 획득하여보세요.` };
    render(req, res, context);
});

app.get('/calculate', async (req, res) => {
    console.log(`GET calculate\nip : ${req.connection.remoteAddress}`);
    const context = { data : `간단한 계산기 입니다. 취약점을 활용하여 FLAG 를 획득하여보세요.` };
    render(req, res, context);
});

app.post('/calculate', async (req, res) => {
    console.log(`POST calculate\nip : ${req.connection.remoteAddress}\nbody : ${JSON.stringify(req.body, null, '\t')}`);
    const format = req.body.format;
    try {
        const context = { data : format.indexOf("FLAG") != -1 ? "No Hack" : eval(format) };
        render(req, res, context);
    }
    catch(e) {
        const context = { data : "수식 에러" };
        render(req, res, context);
    }
});

/* 서버 시작 */
app.listen(process.env.PORT, async (req, res) => {
    console.log(`Opened website on http://localhost:${process.env.PORT} !`);
});