PR init

2026-04-30 19:26:02 +02:00 · 2021-03-30 17:51:17 +02:00
parent 7f16c52217
commit 517a9202ce
11 changed files with 169 additions and 0 deletions
--- a/python/ql/test/experimental/query-tests/Security/CWE-943/NoSQLInjectio.qlref
+++ b/python/ql/test/experimental/query-tests/Security/CWE-943/NoSQLInjectio.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-943/RegexInjection.ql
--- a/python/ql/test/experimental/query-tests/Security/CWE-943/NoSQLInjection.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-943/NoSQLInjection.expected
--- a/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_bad.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_bad.py
@@ -0,0 +1,30 @@
+from flask import Flask, request
+from flask_mongoengine import MongoEngine
+import mongoengine as me
+import json
+
+app = Flask(__name__)
+db = MongoEngine(app)
+
+
+class Movie(me.Document):
+    title = me.StringField(required=True)
+    year = me.IntField()
+    rated = me.StringField()
+    director = me.StringField()
+    actors = me.ListField()
+
+
+Movie(title='aa').save()
+Movie(title='bb').save()
+
+
+@app.route("/")
+def home_page():
+    unsanitized_search = json.loads(request.args['search'])
+
+    data = Movie.objects(title=unsanitized_search)
+    return data.to_json()
+
+# if __name__ == "__main__":
+#     app.run(debug=True)
--- a/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_good.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-943/flask_mongoengine_good.py
@@ -0,0 +1,32 @@
+from flask import Flask, request
+from flask_mongoengine import MongoEngine
+import mongoengine as me
+from mongosanitizer.sanitizer import sanitize
+import json
+
+app = Flask(__name__)
+db = MongoEngine(app)
+
+
+class Movie(me.Document):
+    title = me.StringField(required=True)
+    year = me.IntField()
+    rated = me.StringField()
+    director = me.StringField()
+    actors = me.ListField()
+
+
+Movie(title='aa').save()
+Movie(title='bb').save()
+
+
+@app.route("/")
+def home_page():
+    unsanitized_search = json.loads(request.args['search'])
+    sanitize(unsanitized_search)
+
+    data = Movie.objects(title=unsanitized_search)
+    return data.to_json()
+
+# if __name__ == "__main__":
+#     app.run(debug=True)
--- a/python/ql/test/experimental/query-tests/Security/CWE-943/flask_pymongo_bad.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-943/flask_pymongo_bad.py
@@ -0,0 +1,18 @@
+from flask import Flask, request
+from flask_pymongo import PyMongo
+import json
+
+app = Flask(__name__)
+app.config["MONGO_URI"] = "mongodb://localhost:27017/testdb"
+mongo = PyMongo(app)
+
+
+@app.route("/")
+def home_page():
+    unsanitized_search = json.loads(request.args['search'])
+
+    db_results = mongo.db.user.find({'name': unsanitized_search})
+    return db_results[0].keys()
+
+# if __name__ == "__main__":
+#     app.run(debug=True)
--- a/python/ql/test/experimental/query-tests/Security/CWE-943/flask_pymongo_good.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-943/flask_pymongo_good.py
@@ -0,0 +1,20 @@
+from flask import Flask, request
+from flask_pymongo import PyMongo
+from mongosanitizer.sanitizer import sanitize
+import json
+
+app = Flask(__name__)
+app.config["MONGO_URI"] = "mongodb://localhost:27017/testdb"
+mongo = PyMongo(app)
+
+
+@app.route("/")
+def home_page():
+    unsanitized_search = json.loads(request.args['search'])
+    sanitize(unsanitized_search)
+
+    db_results = mongo.db.user.find({'name': unsanitized_search})
+    return db_results[0].keys()
+
+# if __name__ == "__main__":
+#    app.run(debug=True)
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE-943/RegexInjection.ql`