Level 1

[a01sa01to]

Level 1: Black Friday

Welcome to "Secure Code Game"! :wave:

📝 Storyline

A few days before the massive shopping event Black Friday, an electronics shop without an online presence rushed to create a website to reach a broader customer base. As a result, they spent all their budget on development without investing in security. Do you have what it takes to fix the bug and progress to Level 2?

:keyboard: What's in the repo?

For each level, you will find the same file structure:

• code includes the vulnerable code to be reviewed
• hack exploits the vulnerabilities in code. Running hack.py will fail initially, your goal is to get this file to pass.
• hint offers a hint if you get stuck.
• solution provides one working solution. There are several possible solutions.
• tests contains the unit tests that should still pass after you have implemented your fix.

🚦 Time to start!

1. Review the code in code.py. Can you spot the bug?
2. Try to fix the bug. Ensure that unit tests are still passing.
3. You successfully completed the level when both hack.py and tests.py pass 🟢.
4. If you get stuck, read the hint in the hint.js file.
5. Compare your solution with solution.py.

[a01sa01to]

問題点: 浮動小数点演算に伴う誤差

[a01sa01to]

✅ Decimal 型を使って対応した d2ea15413635f630a1c035f3179409eb7a57065c

[a01sa01to]

https://github.com/a01sa01to/secure-code-game/blob/34d8bf0578cf0f482a5fe2f2b453a9e19799110e/Level-1/solution.py#L6-L8

https://github.com/a01sa01to/secure-code-game/blob/34d8bf0578cf0f482a5fe2f2b453a9e19799110e/Level-1/solution.py#L32-L43

上限を設ける、なるほど

[a01sa01to]

✅ Decimal 型も精度の限界はあるので上限を設けて再実装した ad63bc58a9520eea0c193d1b0e2b6abf04079b74