Tags: python
Rating:
### Wee Token
The last of the assert challenges, this one focuses on the `assert_string()` statement, which checks to see if an input string is actually a string.
```javascript
externals.addFunction(
// Wee is statically typed. Finding a way to confuse the VM is impossible.
"assert_string",
[{name: "str", type: compiler.StringType}], compiler.StringType,
false,
(str: string) => typeof str == "string" ? "WEE is statically typed. Sorry, confusing the VM is impossible."
: flags.WEE_TOKEN
)
```
One option we have is to use the `eval()` JavaScript function to our advantage. This function takes a string input that represents a JavaScript expression, and returns the completion value of evaluating the expression as a string. However, if it's given an empty string as input, it will return `undefined`, which has its own type. So now if we use `alert(assert_string(eval('')))` as the value for the `code` parameter in our POST request to `/wee/run`, we'll get our flag.
[This Python script](https://github.com/AndreyRainchik/Writeups/tree/master/35c3%20junior/files/flag_scripts/weetoken.py "Python script to get the flag") will run through this process and print out the flag of `35C3_WEE_IS_TINY_AND_SO_CONFU5ED`
