hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

python: require local protection to be absent

Browse Source 
for CSRF to be likely
This commit is contained in:
Rasmus Lerchedahl Petersen
2022-03-22 13:42:52 +01:00
parent f5b53083ae
commit 0f2c21c8bd
4 changed files with 59 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/test/library-tests/frameworks/django-v2-v3/response_test.py
View File

@@ -1,5 +1,6 @@
from django.http.response import HttpResponse, HttpResponseRedirect, HttpResponsePermanentRedirect, JsonResponse, HttpResponseNotFound
from django.views.generic import RedirectView
from django.views.decorators.csrf import csrf_protect
import django.shortcuts
import json
@@ -117,6 +118,7 @@ class CustomJsonResponse(JsonResponse):
def __init__(self, banner, content, *args, **kwargs):
super().__init__(content, *args, content_type="text/html", **kwargs)
@csrf_protect
def safe__custom_json_response(request):
return CustomJsonResponse("ACME Responses", {"foo": request.GET.get("foo")}) # $HttpResponse mimetype=application/json MISSING: responseBody=Dict SPURIOUS: responseBody="ACME Responses"