hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: add test for $accumulator

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2023-09-19 17:04:28 +02:00
parent 4614b1ae9c
commit 5611bda7ee
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/PoC/server.py
View File

@@ -71,6 +71,26 @@ def by_function_arg():
post = posts.find_one({'$expr': {'$function': search}}) # $ result=OK post = posts.find_one({'$expr': {'$function': search}}) # $ result=OK
return show_post(post, author) return show_post(post, author)
@app.route('/byGroup', methods=['GET'])
def by_group():
author = request.args['author']
accumulator = {
"init": 'function() { return "Not found" }',
"accumulate": 'function(state, author) { return (author === "'+author+'") ? author : state }',
"accumulateArgs": ["$author"],
"merge": 'function(state1, state2) { return (state1 === "Not found") ? state2 : state1 }'
}
group = {
"_id": "null",
"author": { "$accumulator": accumulator }
}
# Use `" | "a" === "a` as author
# making the query `this.author === "" | "a" === "a"`
# Found by http://127.0.0.1:5000/byGroup?author=%22%20|%20%22a%22%20===%20%22a
post = posts.aggregate([{ "$group": group }]).next() # $ MISSING: result=BAD
app.logger.error("post", post)
return show_post(post, author)
@app.route('/', methods=['GET']) @app.route('/', methods=['GET'])
def show_routes(): def show_routes():
links = [] links = []