Initial commit

src/security_demo/services/files.py

@@ -0,0 +1,42 @@
+"""File handling service - streamlined version."""
+
+import os
+import pickle
+import tempfile
+from typing import Any
+import yaml
+
+
+class FileService:
+    """Handle file operations."""
+
+    def load_pickle_user_path(self, filepath: str) -> Any:
+        """TP: Pickle from user-controlled path."""
+        with open(filepath, "rb") as f:
+            return pickle.load(f)
+
+    def load_pickle_fixed_path(self) -> Any:
+        """FP: Pickle from known internal path."""
+        with open("/etc/app/cache.pkl", "rb") as f:
+            return pickle.load(f)
+
+    def save_temp_insecure(self, data: bytes) -> str:
+        """TP: Predictable temp file."""
+        filepath = f"/tmp/data_{os.getpid()}.dat"
+        with open(filepath, "wb") as f:
+            f.write(data)
+        return filepath
+
+    def save_temp_secure(self, data: bytes) -> str:
+        """FP: Secure temp file creation."""
+        with tempfile.NamedTemporaryFile(delete=False) as f:
+            f.write(data)
+            return f.name
+
+    def load_yaml_unsafe(self, yaml_string: str) -> Any:
+        """TP: Unsafe YAML loader."""
+        return yaml.load(yaml_string, Loader=yaml.Loader)
+
+    def load_yaml_safe(self, yaml_string: str) -> Any:
+        """FP: SafeLoader is secure."""
+        return yaml.safe_load(yaml_string)