New Escape

Prison blueprints

module PrisonBreak
  class Visit
    attr_accessor :free_prisoner
    attr_reader :prison, :payload

    DISABLED_SYMBOLS = %w{, ` ( ? ! + <<}
    DISABLED_WORDS = %w{send eval system exec popen rm puts require new load create file include free call push concat irb }

    GUARD_RE = Regexp.new((DISABLED_SYMBOLS + DISABLED_WORDS).map {|i| Regexp.escape(i) }.join('|'))

    def initialize(prison, payload)
      @prison = prison
      @payload = payload
    end

    def secure?
      if !GUARD_RE.match(payload).nil?
        raise "Unpermitted item: #{Regexp.last_match(0)}"
      end

      true
    end

    def perform
      instance_eval(payload)
    end
  end

  class Prison
    def initialize
      @cells = {
        11 => ['Edmond Dantès'],
        22 => ['Henri Charrière'],
        33 => ['Michael Scofield']
      }.freeze
    end

    def empty_cell?
      cells.values.any? &:empty?
    end

    private

    attr_reader :cells

    def unlock(cell, password, guest)
      if password == 'secret'
        guest.free_prisoner = cells[cell].shift
      end
    end
  end
end

The Goal

Undetected unlock prison cell with your favourite prisoner, through visit payload.
Something like:

  visit = Visit.new
  prison.unlock(22, 'secret', visit)

only it is more complicated .-)

Rules

Don't hack the web app or server please .-)

The runtime

prison = PrisonBreak::Prison.new
visit = PrisonBreak::Visit.new(prison, payload) # <= your payload goes here

visit.perform if visit.secure?

success = prison.empty_cell? && !visit.free_prisoner.nil??
Back