PADME Train Wiki
Train Selection
Search
Trains
SQLInjection
956
main.py
Code fragments of main.py
import psycopg2
import os
print("Welcome to the PADME Playground Eval!")
print(os.environ["STATION_NAME"])
conn = psycopg2.connect(dbname="patientdb", user=os.environ["DATA_SOURCE_USERNAME"], host=os.environ["DATA_SOURCE_HOST"], password=os.environ["DATA_SOURCE_PASSWORD"], port=os.environ["DATA_SOURCE_PORT"])
conn = psycopg2.connect(dbname="patientdb", user=os.environ["DATA_SOURCE_USERNAME"], host=os.environ["DATA_SOURCE_HOST"], password=os.environ["DATA_SOURCE_PASSWORD"], port=os.environ["DATA_SOURCE_PORT"])
cursor = conn.cursor()
cursor.execute(f"SELECT * FROM {'patient_info' if os.environ['STATION_NAME'] == 'Bruegel' else 'patients'} WHERE age >= 50")
result = cursor.fetchall()
nPatientsOver50 = len(result)
# emulate SQL injection
age = f"50; UPDATE {'patient_info' if os.environ['STATION_NAME'] == 'Bruegel' else 'patients'} SET age = 999 WHERE age >= 50"
cursor.execute(f"SELECT * FROM {'patient_info' if os.environ['STATION_NAME'] == 'Bruegel' else 'patients'} WHERE age >= {age}")
print(f"Number of rows affected: {nPatientsOver50}")
nPatientsOver50 = len(result)
# Write Dummy File
f = open("result.txt", "a")
f.write(f"{nPatientsOver50}\n")
f.close()
Graph
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
undefined
main.py
import psycopg2
None
import os
print("Welcome to the PADME Playground Eval!")
print(os.environ["STATION_NAME"])
conn = psycopg2.connect(dbname="patientdb", user=os.environ["DATA_SOURCE_USERNAME"], host=os.environ["DATA_SOURCE_HOST"], password=os.environ["DATA_SOURCE_PASSWORD"], port=os.environ["DATA_SOURCE_PORT"])
cursor = conn.cursor()
cursor.execute(f"SELECT * FROM {'patient_info' if os.environ['STATION_NAME'] == 'Bruegel' else 'patients'} WHERE age >= 50")
result = cursor.fetchall()
nPatientsOver50 = len(result)
# emulate SQL injection
age = f"50; UPDATE {'patient_info' if os.environ['STATION_NAME'] == 'Bruegel' else 'patients'} SET age = 999 WHERE age >= 50"
cursor.execute(f"SELECT * FROM {'patient_info' if os.environ['STATION_NAME'] == 'Bruegel' else 'patients'} WHERE age >= {age}")
print(f"Number of rows affected: {nPatientsOver50}")
# Write Dummy File
f = open("result.txt", "a")
f.write(f"{nPatientsOver50}\n")
f.close()
Search
Train Selection