Python: Avoid cross-talk between unrelated sources in py/stack-trace-exposure query.

2026-05-05 05:35:13 +02:00 · 2019-03-05 16:34:52 +00:00
parent b3d935063f
commit 38a5fb715a
3 changed files with 14 additions and 5 deletions
--- a/python/ql/test/query-tests/Security/CWE-209/test.py
+++ b/python/ql/test/query-tests/Security/CWE-209/test.py
@@ -1,4 +1,4 @@
-from flask import Flask
+from flask import Flask, request, make_response
 app = Flask(__name__)


@@ -35,3 +35,8 @@ def server_bad_flow():

 def format_error(msg):
    return "[ERROR] " + msg
+
+#Unrelated error
+@app.route('/maybe_xss')
+def maybe_xss():
+    return make_response(request.args.get('name', ''))