Change variable name to correct sanitized input variable

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2026-05-03 12:45:27 +02:00 · 2021-07-13 14:04:06 -04:00
parent e02a63a27a
commit 51a6140258
1 changed files with 1 additions and 1 deletions
--- a/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_good.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-943/mongoengine_good.py
@@ -21,7 +21,7 @@ def connect_find():
    safe_search = sanitize(json_search)

    db = me.connect('mydb')  
-    return db.movie.find({'name': json_search})
+    return db.movie.find({'name': safe_search})

 # if __name__ == "__main__":
 #     app.run(debug=True)