Create UnSafeComparisonOfSensitiveInfo.py

2026-04-25 00:35:20 +02:00 · 2022-08-05 12:47:58 +01:00
parent dd61383469
commit c7828bf9b4
1 changed files with 16 additions and 0 deletions
--- a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/UnSafeComparisonOfSensitiveInfo.py
+++ b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/UnSafeComparisonOfSensitiveInfo.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+# -*- coding: UTF-8 -*-
+"""
+@Desc   ：timing attack against sensitive info
+"""
+
+from flask import Flask
+from flask import request
+
+@app.route('/bad')
+def check_credentials(password):
+    return password == "token"
+    
+if __name__ == '__main__':
+    app.debug = True
+    app.run()