Update UnSafeComparisonOfSensitiveInfo.py

2025-12-20 18:56:32 +01:00 · 2022-08-15 14:42:17 +01:00
parent 18b103dbd5
commit a724bd1e32
1 changed files with 5 additions and 3 deletions
--- a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/UnSafeComparisonOfSensitiveInfo.py
+++ b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/UnSafeComparisonOfSensitiveInfo.py
@@ -7,9 +7,11 @@
 from flask import Flask
 from flask import request

-@app.route('/bad')
-def check_credentials(password):
-    return password == "token"
+@app.route('/bad', methods = ['POST', 'GET'])
+def bad(password):
+    if request.method == 'POST':
+        password = request.form['pwd']
+        return password == "test"
    
 if __name__ == '__main__':
    app.debug = True