Create UnsafeComparisonOfHeaderValue.py

2025-12-18 18:10:39 +01:00 · 2022-08-04 12:50:55 +01:00
parent a98a77ad40
commit a6af455eae
1 changed files with 20 additions and 0 deletions
--- a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/UnsafeComparisonOfHeaderValue.py
+++ b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/UnsafeComparisonOfHeaderValue.py
@@ -0,0 +1,20 @@
+#!/usr/bin/env python
+# -*- coding: UTF-8 -*-
+
+"""
+@Desc   ：preventing timing attack against header value
+"""
+
+from flask import Flask
+from flask import request
+
+@app.route('/bad')
+def good1():
+    secret = request.headers.get('X-Auth-Token')    
+    if secret == "token":
+        raise Exception('bad token')
+    return 'bad'
+
+if __name__ == '__main__':
+    app.debug = True
+    app.run()