From bbba906ff1f38bc74cc198880b856f547deca747 Mon Sep 17 00:00:00 2001
From: amammad <amg2027amg@gmail.com>
Date: Mon, 24 Jul 2023 21:41:44 +1000
Subject: [PATCH] a little bit change on flask example

---
 .../examples/example_Flask_safe.py                         | 7 ++-----
 .../examples/example_Flask_unsafe.py                       | 5 +----
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/example_Flask_safe.py b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/example_Flask_safe.py
index ed304be48a7..0191a6b3b26 100644
--- a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/example_Flask_safe.py
+++ b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/example_Flask_safe.py
@@ -7,11 +7,8 @@ app.config.from_pyfile("config3.py")
 
 
 @app.route('/')
-def DEB_EX():
-    if 'logged_in' not in session:
-        session['logged_in'] = 'value'
-    # debuggin whether secret_key is secure or not
-    return app.secret_key
+def CheckForSecretKeyValue():
+    return app.secret_key, session.get('logged_in')
 
 
 if __name__ == '__main__':
diff --git a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/example_Flask_unsafe.py b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/example_Flask_unsafe.py
index 7dafa8ee67b..c07b53504bb 100644
--- a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/example_Flask_unsafe.py
+++ b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/example_Flask_unsafe.py
@@ -14,10 +14,7 @@ app.config.from_object('settings')
 
 
 @app.route('/')
-def DEB_EX():
-    if 'logged_in' not in session:
-        session['logged_in'] = 'value'
-    # debugging whether secret_key is secure or not
+def CheckForSecretKeyValue():
     return app.secret_key, session.get('logged_in')