style: format code for consistency and readability across multiple files

test_simulation_files/api_endpoints.py

@@ -7,24 +7,25 @@ import requests
 app = Flask(__name__)
 
 # A05: Security Misconfiguration - Debug mode enabled
-app.config['DEBUG'] = True
-app.config['SECRET_KEY'] = 'dev-secret-key'  # Hardcoded secret
+app.config["DEBUG"] = True
+app.config["SECRET_KEY"] = "dev-secret-key"  # Hardcoded secret
 
-@app.route('/api/search', methods=['GET'])
+
+@app.route("/api/search", methods=["GET"])
 def search():
-    '''Search endpoint with multiple vulnerabilities'''
+    """Search endpoint with multiple vulnerabilities"""
     # A03: Injection - XSS vulnerability, no input sanitization
-    query = request.args.get('q', '')
+    query = request.args.get("q", "")
 
     # A03: Injection - Command injection vulnerability
-    if 'file:' in query:
-        filename = query.split('file:')[1]
+    if "file:" in query:
+        filename = query.split("file:")[1]
         # Direct command execution
         result = subprocess.run(f"cat {filename}", shell=True, capture_output=True, text=True)
         return jsonify({"result": result.stdout})
 
     # A10: Server-Side Request Forgery (SSRF)
-    if query.startswith('http'):
+    if query.startswith("http"):
         # No validation of URL, allows internal network access
         response = requests.get(query)
         return jsonify({"content": response.text})
@@ -32,39 +33,42 @@ def search():
     # Return search results without output encoding
     return f"<h1>Search Results for: {query}</h1>"
 
-@app.route('/api/admin', methods=['GET'])
+
+@app.route("/api/admin", methods=["GET"])
 def admin_panel():
-    '''Admin panel with broken access control'''
+    """Admin panel with broken access control"""
     # A01: Broken Access Control - No authentication check
     # Anyone can access admin functionality
-    action = request.args.get('action')
+    action = request.args.get("action")
 
-    if action == 'delete_user':
-        user_id = request.args.get('user_id')
+    if action == "delete_user":
+        user_id = request.args.get("user_id")
         # Performs privileged action without authorization
         return jsonify({"status": "User deleted", "user_id": user_id})
 
     return jsonify({"status": "Admin panel"})
 
-@app.route('/api/upload', methods=['POST'])
+
+@app.route("/api/upload", methods=["POST"])
 def upload_file():
-    '''File upload with security issues'''
+    """File upload with security issues"""
     # A05: Security Misconfiguration - No file type validation
-    file = request.files.get('file')
+    file = request.files.get("file")
     if file:
         # Saves any file type to server
         filename = file.filename
-        file.save(os.path.join('/tmp', filename))
+        file.save(os.path.join("/tmp", filename))
 
         # A03: Path traversal vulnerability
         return jsonify({"status": "File uploaded", "path": f"/tmp/{filename}"})
 
     return jsonify({"error": "No file provided"})
 
+
 # A06: Vulnerable and Outdated Components
 # Using old Flask version with known vulnerabilities (hypothetical)
 # requirements.txt: Flask==0.12.2 (known security issues)
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     # A05: Security Misconfiguration - Running on all interfaces
-    app.run(host='0.0.0.0', port=5000, debug=True)
+    app.run(host="0.0.0.0", port=5000, debug=True)

test_simulation_files/auth_manager.py

@@ -4,13 +4,15 @@ import pickle
 import sqlite3
 from flask import request, session
 
+
 class AuthenticationManager:
     def __init__(self, db_path="users.db"):
         # A01: Broken Access Control - No proper session management
         self.db_path = db_path
         self.sessions = {}  # In-memory session storage
+
     def login(self, username, password):
-        '''User login with various security vulnerabilities'''
+        """User login with various security vulnerabilities"""
         # A03: Injection - SQL injection vulnerability
         conn = sqlite3.connect(self.db_path)
         cursor = conn.cursor()
@@ -36,7 +38,7 @@ class AuthenticationManager:
             return {"status": "failed", "message": "Invalid password"}
 
     def reset_password(self, email):
-        '''Password reset with security issues'''
+        """Password reset with security issues"""
         # A04: Insecure Design - No rate limiting or validation
         reset_token = hashlib.md5(email.encode()).hexdigest()
 
@@ -45,12 +47,12 @@ class AuthenticationManager:
         return {"reset_token": reset_token, "url": f"/reset?token={reset_token}"}
 
     def deserialize_user_data(self, data):
-        '''Unsafe deserialization'''
+        """Unsafe deserialization"""
         # A08: Software and Data Integrity Failures - Insecure deserialization
         return pickle.loads(data)
 
     def get_user_profile(self, user_id):
-        '''Get user profile with authorization issues'''
+        """Get user profile with authorization issues"""
         # A01: Broken Access Control - No authorization check
         conn = sqlite3.connect(self.db_path)
         cursor = conn.cursor()

test_simulation_files/test_module.py

@@ -2,11 +2,13 @@
 Sample Python module for testing MCP conversation continuity
 """
 
+
 def fibonacci(n):
     """Calculate fibonacci number recursively"""
     if n <= 1:
         return n
-    return fibonacci(n-1) + fibonacci(n-2)
+    return fibonacci(n - 1) + fibonacci(n - 2)
+
 
 def factorial(n):
     """Calculate factorial iteratively"""
@@ -15,6 +17,7 @@ def factorial(n):
         result *= i
     return result
 
+
 class Calculator:
     """Simple calculator class"""