Python: Add stacktrace exposure example

2026-05-01 03:35:13 +02:00 · 2022-09-22 14:27:49 +02:00
parent 99e8cb78b0
commit 078d3d0062
1 changed files with 13 additions and 1 deletions
--- a/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/test.py
+++ b/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/test.py
@@ -1,4 +1,4 @@
-from flask import Flask, request, make_response
+from flask import Flask, request, make_response, jsonify
 app = Flask(__name__)


@@ -56,3 +56,15 @@ def format_error(msg):
@app.route('/maybe_xss')
 def maybe_xss():
    return make_response(request.args.get('name', ''))
+
+# BAD
+@app.route('/bad/jsonify')
+def bad_jsonify():
+    try:
+        do_computation()
+    except Exception as e:
+        return jsonify({"error": str(e)})
+
+
+if __name__ == "__main__":
+    app.run(debug=True)