import os
from flask import Flask, render_template_string, request

app = Flask(__name__)
app.config["FLAG"] = os.environ.pop("FLAG")
app.config["SECRET_KEY"] = os.environ.pop("SECRET_KEY", os.urandom(16))


CODE = open(__file__).read()


@app.route("/")
def index():
    template = '''{% extends "layout.html" %}
    {% block body %}
    <code>
    <pre>
    {{ code }}
    </pre>
    </code>
    {% endblock %}
    '''
    return render_template_string(template, code=CODE)


@app.route("/welcome")
def vulnerable():
    username = request.args.get("username", "")
    blacklist = ["config", "self", "request"]
    none = "\n".join(['{{% set {}=None %}}'.format(x) for x in blacklist])
    template = '''{% extends "layout.html" %}
''' + none + '''
		{% block body %}
		<h1> Welcome service! </h1>
		<h2>
		Hello: {}, have a good PWN!
		</h2>
		{% endblock %}
		'''.replace("{}", username)
    return render_template_string(template)


if __name__ == "__main__":
    app.run("0.0.0.0", debug=True)