Intro to Whitebox Pentesting - SA2

Hello, I am looking for help regarding the second part of the skills assessment.

I already added a try catch block to parse the length and type but getting this error:

Patch test failed. Please try again.

should throw an error if length is not an integer

Note code is running locally with validation and error messages.

> node ./text2.js a a
> Invalid input: length: must be an integer between 8 and 128
> Usage: node pwgen.js <length> <type>
> length: integer between 8 and 128
> type: simple or complex
> 
> 
> ./text2.js 8 simple
> simple password - length 8: swvxjnav
> 
> node ./text2.js 8 a     
> Invalid input: type: must be simple or complex
> Usage: node pwgen.js <length> <type>
> length: integer between 8 and 128
> type: simple or complex
> 
> 
> node ./text2.js 8 complex
> complex password - length 8: XSH!1L!9

Sorry for not being related to your question, but could I ask for your opinion on Question1’s code? As far as I see, the ‘whoami’ function of the application could potentially be vulnerable to code injection through the user’s ‘uid’, but what is actually assigned to the user through the token we pass in is ‘sid’ (auth-controller.js - line 99). So, ‘whoami’ seems like a rabbit-hole, doesn’t it?

I have the problem with SA2 as well. I have "Result: Injection Failed.

code injection should not be possible, even without sanitization or validation"

I have covered all other requirements. There is no even injectable “new Function”. Why it shows me that there is another injectable part???