hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: add test for type tracking

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2023-09-28 12:14:12 +02:00
parent 37a4f35650
commit 3fb579eaff
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/pymongo_test.py
View File

@@ -43,5 +43,24 @@ def bad3():
cursor = collection.find_one({"$where": f"this._id == '${event_id}'"}) #$ result=BAD
@app.route("/bad4")
def bad4():
client = MongoClient("localhost", 27017, maxPoolSize=50)
db = client.get_database(name="localhost")
collection = db.get_collection("collection")
decoded = json.loads(request.args['event_id'])
search = {
"body": decoded,
"args": [ "$event_id" ],
"lang": "js"
}
collection.find_one({'$expr': {'$function': search}}) # $ result=BAD
collection.find_one({'$expr': {'$function': decoded}}) # $ result=BAD
collection.find_one({'$expr': decoded}) # $ result=BAD
collection.find_one(decoded) # $ result=BAD
if __name__ == "__main__":
app.run(debug=True)