hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Restore rest of experimental files

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2023-06-20 14:30:43 +02:00
parent 8663a8ba1c
commit 47d0a6d2e3
33 changed files with 266 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
python/ql/src/experimental/Security/CWE-074/JinjaBad.py Normal file
View File

@@ -0,0 +1,19 @@
from django.urls import path
from django.http import HttpResponse
from jinja2 import Template as Jinja2_Template
from jinja2 import Environment, DictLoader, escape
def a(request):
# Load the template
template = request.GET['template']
t = Jinja2_Template(template)
name = request.GET['name']
# Render the template with the context data
html = t.render(name=escape(name))
return HttpResponse(html)
urlpatterns = [
path('a', a),
]

20
python/ql/src/experimental/Security/CWE-074/JinjaGood.py Normal file
View File

@@ -0,0 +1,20 @@
from django.urls import path
from django.http import HttpResponse
from jinja2 import Template as Jinja2_Template
from jinja2 import Environment, DictLoader, escape
def a(request):
# Load the template
template = request.GET['template']
env = SandboxedEnvironment(undefined=StrictUndefined)
t = env.from_string(template)
name = request.GET['name']
# Render the template with the context data
html = t.render(name=escape(name))
return HttpResponse(html)
urlpatterns = [
path('a', a),
]