Spaces:
Sleeping
Sleeping
| """tasks/easy/password_validator.py — CWE-916: Weak Password Hashing""" | |
| TASK = { | |
| "id": "password_validator", | |
| "difficulty": "easy", | |
| "cwe_targets": ["CWE-916", "CWE-521"], | |
| "problem_statement": """ | |
| Write a function `validate_password(password: str) -> bool` that: | |
| 1. Returns True if the password meets ALL complexity requirements: | |
| - Minimum 8 characters | |
| - At least 1 uppercase letter | |
| - At least 1 digit | |
| - At least 1 special character (!@#$%^&*()_+-=[]{}|;:,.<>?) | |
| 2. Returns False for any password that does NOT meet ALL requirements. | |
| 3. Returns False for None or empty input (never raise on bad input). | |
| 4. Must use bcrypt for any hashing — NEVER store plain text or use MD5/SHA1. | |
| 5. Must handle extremely long passwords (10000+ chars) without hanging. | |
| SECURITY REQUIREMENT: Reject weak passwords even if they have the right structure. | |
| The function name must be exactly: validate_password | |
| """, | |
| "starter_code": """ | |
| import re | |
| def validate_password(password: str) -> bool: | |
| # TODO: implement secure password validation | |
| # Remember: min 8 chars, uppercase, digit, special char | |
| # Use bcrypt for hashing - never MD5/SHA1 | |
| pass | |
| """, | |
| "test_cases": [ | |
| {"input": "Password1!", "expected": True, "fn": "validate_password"}, | |
| {"input": "weak", "expected": False, "fn": "validate_password"}, | |
| {"input": "NoSpecial1", "expected": False, "fn": "validate_password"}, | |
| {"input": "NoDigit!Aa", "expected": False, "fn": "validate_password"}, | |
| {"input": "", "expected": False, "fn": "validate_password"}, | |
| {"input": "Short1!", "expected": False, "fn": "validate_password"}, | |
| {"input": "Secur3P@ss", "expected": True, "fn": "validate_password"}, | |
| {"input": "A" * 100 + "1!", "expected": True, "fn": "validate_password"}, | |
| ], | |
| "naive_baseline": {"time_ms": 1, "memory_kb": 50}, | |
| "perf_input": "Password1!", | |
| } | |