Python: Fix minor problems in security examples

2026-04-30 19:26:02 +02:00 · 2020-01-31 11:33:11 +01:00
parent 5bc592514a
commit 27a7d09c94
2 changed files with 1 additions and 3 deletions
--- a/python/ql/src/Security/CWE-022/examples/tainted_path.py
+++ b/python/ql/src/Security/CWE-022/examples/tainted_path.py
@@ -11,7 +11,6 @@ urlpatterns = [

 def user_picture1(request):
    """A view that is vulnerable to malicious file access."""
-    base_path = '/server/static/images'
    filename = request.GET.get('p')
    # BAD: This could read any file on the file system
    data = open(filename, 'rb').read()
--- a/python/ql/src/Security/CWE-078/examples/command_injection.py
+++ b/python/ql/src/Security/CWE-078/examples/command_injection.py
@@ -20,5 +20,4 @@ def command_execution_safe(request):
    if request.method == 'POST':
        action = request.POST.get('action', '')
        #GOOD -- Use a whitelist
-        subprocess.call(["application", COMMAND[action]])
-
+        subprocess.call(["application", COMMANDS[action]])